EU Commission Finalises AI-Generated Content Labelling Code of Practice: What It Means for Your Organisation
The June 2026 Code of Practice sets concrete marking obligations for AI-generated content — here's your 30-day action checklist.
Published 2026-06-10
# EU Commission Finalises AI-Generated Content Labelling Code of Practice: What Your Organisation Must Do Now
On 10 June 2026, the European Commission published the final Code of Practice on marking and labelling of AI-generated content, a concrete step in operationalising the EU AI Act's transparency requirements for systems that produce text, images, audio, and video at scale.
What the Code of Practice Actually Requires
The Code establishes voluntary-but-expected standards for providers and deployers of AI systems that generate or manipulate content intended for public consumption. At its core it demands machine-readable and human-readable signals — often called provenance markers or watermarks — that allow end-users, platforms, and regulators to identify content as AI-generated without ambiguity.
For organisations operating high-risk AI systems under Annex III of the EU AI Act, this is not merely best practice guidance. Article 13 of the Act already mandates transparency and information obligations; the Code of Practice translates those obligations into specific technical and procedural controls. Separately, ISO/IEC 42001:2023 — the AI management system standard increasingly cited by auditors alongside the Act — requires documented procedures for communicating AI system outputs and their limitations to affected parties. The Code directly maps onto those governance requirements.
Why This Matters Right Now
Three forces converge to make this publication high-urgency:
1. Regulatory momentum is accelerating. The AI Act's high-risk provisions are entering their first full enforcement window. National competent authorities are establishing audit programmes, and the Code of Practice signals where the Commission's technical expectations sit.
2. NIS2 creates a parallel obligation pathway. Organisations already subject to NIS2 — particularly those in digital infrastructure, cloud, and managed services — may use AI-generated content in customer communications, incident reports, or automated alerts. Mislabelled or unlabelled AI output touching critical-service stakeholders could constitute an information-integrity incident under NIS2 Article 21 security measures.
3. Reputational and contractual exposure is real. Enterprise buyers and public-sector procurement bodies across the EU are beginning to require evidence of AI Act compliance as a contract condition. Absence of a labelling policy is a visible gap in any supplier due-diligence questionnaire.
Your 7–30 Day Action Checklist
Within 7 days:
- Assign an owner (typically your AI/Data Governance lead or CISO) to review the full Code of Practice text against your current AI system inventory.
- Identify every customer-facing or internal workflow that surfaces AI-generated content — chatbots, automated reports, synthetic media, LLM-drafted communications.
Within 14 days:
- Map identified outputs against EU AI Act high-risk categories and your existing ISO 42001 controls log.
- Determine whether your AI providers (SaaS or API) already embed C2PA-compliant provenance metadata or equivalent watermarking, and document the gaps.
- Draft a Content Labelling Policy stating when and how AI-generated content will be marked, stored as evidence, and reviewed.
Within 30 days:
- Implement or enable technical marking controls and validate them in a test environment.
- Update your AI Act conformity documentation and ISO 42001 risk register to reference the Code of Practice.
- Brief customer-facing teams on disclosure language and escalation procedures if labelling controls fail.
- Schedule a tabletop exercise simulating a regulator inquiry about a specific piece of AI-generated content.
Start Your Compliance Assessment Today
RDS GoSOC AI maps your environment against the EU AI Act, NIS2, ISO 42001, and 13 other frameworks simultaneously — surfacing control gaps like missing labelling policies before an auditor does. Start a 14-day free trial at platform.reremrdsgosoc.com/register — every paid feature is unlocked from day one, no credit card required. Once inside, open the User Guide tab for a structured walkthrough, or ask Sage, the platform's AI assistant, to walk you through setting up your EU AI Act high-risk system profile and labelling control mappings in minutes.