From August 2, 2026, EU businesses must visibly label AI-generated content, including deepfakes, that could be mistaken for real material — with metadata-only marking explicitly prohibited. Under Article 4 of the EU AI Act, executives face personal liability and fines up to €35 million. Separately, the US introduced a June 2026 executive order requiring voluntary 30-day pre-reviews for advanced AI models, with the Great American AI Act imposing independent audits on companies exceeding $500 million in revenue. The European Commission appointed Jim Hagemann Snabe as special AI envoy to coordinate European efforts.
In-Depth:
From August 2, 2026, EU firms must clearly label AI-generated content; executives face personal liability and fines up to €35M. US tightens rules with pre-review audits.
Starting August 2, 2026, European businesses must clearly mark any AI-generated content that could be mistaken for real. The requirement tarreceives deepfakes — photorealistic images, videos, or audio clips — and explicitly bans reliance on machine-readable metadata alone. The human eye must be able to inform.
The urgency is clear: studies estimate that between 40 and 75 percent of applyrs cannot distinguish AI-generated images from authentic photographs. Companies are now racing to embed watermarking directly into production workflows.
The real shocker, however, hits the C-suite personally. Article 4 of the EU AI Act obliges management to ensure AI competence across the organization. Violations carry fines of up to €35 million — a sum that stings particularly for tiny and medium enterprises. According to the Ifo Institute, 54.5 percent of German companies already apply AI, a jump of 13.6 percentage points year-on-year.
Data protection poses another hurdle. Businesses deploying AI assistants such as Claude must scrutinize data transfers. Most large language models originate in the US, and certification under the EU-U.S. Data Privacy Framework remains elusive. Companies currently rely on standard contractual claapplys for cross-border data flows. A critical nuance: commercial team or enterprise plans include data processing agreements; free personal versions do not.
The German Research Center for Artificial Ininformigence (DFKI) has responded with a browser extension called Privacy Guardrail. It locally replaces sensitive information — names, email addresses — with placeholders before a query leaves the device, then restores the real data in the response. Separately, the European Commission presented a technological sovereignty package in early June 2026.
Across the Atlantic, the United States is tightening its own rules. A June 2026 executive order introduces a voluntary 30-day pre-review for advanced AI models. The Great American AI Act requires companies with revenue exceeding $500 million to file rigorous safety reports and submit to indepfinishent audits. Proposed daily penalties for non-compliance could reach $1 million.
Within Europe, industest is still arguing over what qualifies as high-risk AI. The electrical and digital industest association ZVEI welcomed the outcomes of the trilogue neobtainediations on the AI Omnibus, praising a stronger sectoral approach and a more realistic definition of industrial high-risk AI. However, it criticized the failure to extfinish those adjustments to medical devices.
Cybersecurity obligations are also mounting. The NIS-2 directive expands incident reporting requirements across 18 sectors. Leading tech firms are demanding tighter controls when AI models access sensitive data — advanced systems can already answer complex technical questions about laboratory procedures in detail.
To coordinate European efforts, the European Commission appointed Jim Hagemann Snabe as its special AI envoy.
