Your EU AI Act compliance checklist for creative teams (before August 2)
This article is for informational purposes only. It is not legal advice. If you have specific compliance questions, consult a qualified legal professional in your jurisdiction.
August 2, 2026 is the enforcement date for Article 50 of the EU AI Act. EU AI Act compliance for creative teams is not the same as compliance for enterprise legal teams or AI developers. Most of the guidance circulating right now is written for those audiences, not for designers, copywriters, video editors, or strategists using AI tools in client work.
If you use AI tools commercially to produce content for clients or audiences, you are a “deployer” under the Act. That classification carries real obligations. It does not, however, require CE marking, database registration, or a technical audit trail. The bar for creative practitioners is achievable, provided you know what it actually asks of you.
This checklist covers seven steps you can complete before August 2.
What the Act actually asks of you
The EU AI Act distinguishes between providers (the companies building AI systems) and deployers (the people using those systems professionally). If you use Adobe Firefly, Midjourney, ChatGPT, or Sora to produce work for clients or public audiences, you will generally qualify as a deployer. For a broader overview of what the Act means for your practice, see What the EU AI Act means for creators.
Three obligations are relevant to creative work:
Article 4: AI literacy. You must document that your team has adequate AI literacy. This obligation applied from February 2025. Enforcement begins August 2, 2026.
Article 50(4): Synthetic content disclosure. When you publish or deliver AI-generated images, audio, or video commercially, you must disclose it to audiences in human-readable form. Even when your tool embeds technical provenance metadata, you still carry a separate disclosure obligation.
Article 50(4): Editorial exemption for text. If a human substantially rewrites AI-assisted text and takes documented editorial responsibility for the final version, mandatory labeling does not apply. Legal analyses suggest that brand copy and marketing text does not fall under the “public interest” threshold that would trigger text labeling, but the European Commission has not yet formally defined that threshold.
Most creative work falls into limited-risk categories. The checklist below covers everything you need.
The checklist
1. Map your AI tools and classify outputs
List every AI tool your team uses in production work. For each tool, note the output type (text, image, audio, video) and whether outputs reach audiences directly or stay internal as drafts a human substantially rewrites.
This 30-minute exercise becomes the foundation for your content register in item 6, and it tells you quickly where your disclosure obligations are concentrated.
Time estimate: 30 minutes.
2. Check your tools’ C2PA status and fill the gaps
C2PA (Coalition for Content Provenance and Authenticity) embeds cryptographically signed Content Credentials into media files, recording their origin. Several major tools embed this by default; others do not.
| Tool | C2PA support | What this means for you |
| Adobe Firefly | Yes, by default (since 2023) | Metadata embedded automatically; keep a log regardless |
| DALL-E 3 | Yes, by default (since early 2024) | Metadata embedded automatically; keep a log regardless |
| OpenAI Sora | Yes, C2PA v2.2 | Metadata embedded automatically; keep a log regardless |
| Google Imagen | Yes, C2PA + SynthID dual-layer | Strong provenance; keep a log regardless |
| Midjourney | No. Does not embed cryptographically signed C2PA Content Credentials; no announced plans as of early 2026 | Maintain a manual generation log (see item 6) |
| Canva AI tools | Unconfirmed. Check directly with Canva | Treat as unconfirmed; do not assume C2PA is present |
Two things to keep in mind. C2PA metadata satisfies the technical provenance requirement, but the Act’s human-readable disclosure obligation is separate. And many platforms strip C2PA metadata on upload, so your disclosure responsibility persists regardless.
Time estimate: 45 minutes to check each tool and update your register.
3. Write disclosure language templates per channel
You need human-readable disclosure, not just embedded metadata. Prepare short statements for every channel you publish to.
Examples:
- Social caption: “This image was generated using AI.”
- Invoice note: “This project includes AI-generated visual assets created using [tool]. C2PA metadata embedded where supported.”
- Video description: “This video contains AI-generated visuals.”
- Ad creative tag: “AI-generated image.”
Brevity is fine. The key is that the disclosure is visible and present at the point of publication or delivery.
Time estimate: 30 minutes.
4. Determine whether the editorial exemption applies to your copy work
If you use AI to draft text, then substantially rewrite it and take documented editorial responsibility for the final version, mandatory labeling does not apply to that text.
“Substantially rewrite” is not yet formally defined by the EC. A reasonable interpretation: the human changes the structure, re-voices the content, verifies all claims, and owns the output. Light edits on an AI draft without material changes probably do not qualify.
Document your text workflow briefly: “AI-generated draft used as starting point; copywriter rewrites for voice, accuracy, and brand compliance; final sign-off by [name].” Keep this for projects where AI assisted text production.
Time estimate: 1-2 hours to define and write down your process.
5. Complete a baseline AI literacy session and document it (Article 4)
Article 4 requires deployers to ensure their teams have sufficient AI literacy. For a small team or solo creator, a formal certification is not required.
A 2-3 hour session covering these topics satisfies the obligation:
- What AI-generated content is and how your tools produce it
- Where AI outputs can fail (hallucinations, bias, copyright risk in training data)
- Your team’s rules for using AI in client workHow you disclose AI use to clients and audiences
- What the EU AI Act requires of your team specifically
Write a brief record afterward: date, who attended, topics covered, and any policy decisions made. Solo creator? Block an afternoon, work through these topics, and write a one-page note. It does not need to be formal; it needs to exist.
Time estimate: 2-3 hours for the session; 30 minutes to document it.
6. Build a lightweight AI content register
A content register is a running log of AI-generated work you produce. A shared spreadsheet with these fields is enough:
| Field | What to capture |
| Date | When the content was produced |
| Project / client | Who it was for |
| Tool used | Which AI tool generated the output |
| Output type | Image, video, audio, text, or mixed |
| C2PA embedded? | Yes / No / Unknown |
| Disclosure applied | Where and how you disclosed AI use |
| Delivered to | Publication channel or client |
For Midjourney outputs (and any tool without confirmed C2PA support), this register is your only provenance record. Log at delivery, not retrospectively. Make it part of your delivery checklist going forward.
Time estimate: 1 hour to set up; 5 minutes per project to maintain.
7. Review client contracts for AI use clauses
Some clients are now adding AI use clauses to contracts. These range from outright prohibitions to disclosure requirements to asset specifications (retaining C2PA metadata in delivered files). If you are working with clients who ask about your AI process, what to ask before hiring an AI-assisted creator walks through the conversation from their side.
Read your active contracts with this in mind. If a contract prohibits AI use and you are using AI tools on that project, that conflict needs a direct conversation.
For new contracts, consider adding a short clause: “Where AI tools are used in the production of visual or audio assets, Creator will maintain generation records and apply human-readable disclosure at point of delivery.” It protects both parties.
Note that if a client’s platform strips C2PA metadata on upload, your disclosure obligation still applies. Contracts should reflect that metadata preservation depends on the receiving platform.
Time estimate: 1-2 hours to review active contracts; 30 minutes to draft a standard AI clause.
A note on fines
The EUR 15 million figure gets quoted everywhere. It is the legal maximum, not a starting point. SMEs pay the lower of the fixed cap or 3% of global annual turnover, whichever is smaller. For a solo creator or small team, 3% of annual turnover is a very different number.
Enforcement is expected to focus on systematic, large-scale violations. That said, compliance still matters. Audiences have a right to know what they are looking at. That principle should matter to any creator, independent of the fine structure.
Do not catastrophize. Do the seven steps.
Start now, finish before August 2
These seven steps are achievable in a few focused hours. None of them require a compliance department or a lawyer on retainer. They require a shared document and a decision to treat AI use as a professional practice, not an afterthought.
Creators who take compliance seriously are the ones clients trust with more significant, more valuable work. Most competitor content on this topic is aimed at enterprise teams, not working creators, which means the practical guidance you need hasn’t been easy to find until now.
If you want support with AI workflows, disclosure standards, and compliant creative production, The Blue Mango co-op works with designers, copywriters, strategists, and video editors who want to do their best work with clear professional standards.
Work with The Blue Mango, a creative co-op built around compliant, human-led AI workflows.