With Article 50 of the EU AI Act transparency obligations taking full effect on 2 August 2026, financial firms across the bloc face a fast-approaching compliance deadline.
The European AI Office has finalised the Code of Practice on Transparency of AI-Generated Content, reshaping how providers and deployers must mark, disclose, and detect AI-generated content.
The Code introduces significant structural changes from the first draft published in December 2025, including expanded marking flexibility and a finalized EU icon for visual disclosure.
Section 1 of the Code covers providers of generative AI systems, while Section 2 covers deployers of AI systems that generate or manipulate deepfakes or text published to inform the public on matters of public interest.
Several previously mandatory measures have been demoted to optional, including transparency of provenance information, functionality for perceptible markings, and forensic detection mechanisms.
A concrete interoperability deadline of 2 February 2027 has also been introduced, requiring signatories to implement watermark detection solutions via one of four specified pathways.
The Code introduces new privacy protections requiring that content submitted for detection be stored only for the duration of detection and permanently deleted immediately thereafter, a principle known as “zero retention.”
Adherence to the Code serves as a guiding reference for compliance with Article 50(2) and (5) EU AI Act obligations but does not in itself constitute conclusive evidence of conformity with those statutory requirements.
Nonsignatories remain bound by the same statutory obligations and must demonstrate compliance through alternative means, adding a layer of legal risk for firms that choose not to sign up.
Luxembourg’s financial sector faces particular scrutiny, given uncertainty around the interpretation of “matters of public interest” as it applies to publicly available communications and reports generated using AI.
Financial market participants who use generative AI to produce macroeconomic outlooks, sector reports, commentary on market conditions, or environmental, social, and governance reports must determine whether Article 50 disclosure obligations are triggered.
The European Securities and Markets Authority considered in its supervisory briefing that Article 50 EU AI Act requirements may be triggered for both providers and deployers of AI systems in the context of algorithmic trading.
The Code permits firms to integrate the EU icon into existing disclosure frameworks under sectoral EU financial legislation rather than building parallel compliance processes, offering a degree of operational relief.
Industry associations are encouraged under the Code to develop coordinated, sector-specific good practices, which may prove particularly valuable for Luxembourg’s densely regulated fund and finance industry.
K&L Gates authors Dr. Jan Boeing, Arnaud Dobelle, and Adam M. Paschalidis advise that financial market participants acting as deployers are encouraged to assess their position and consider becoming signatories of the Code without delay.

