Updated: July 2026
AI transparency has moved from ethical guidance to legally binding duties, backed by large fines. The EU AI Act, in force since 1 August 2024, sets out the world’s first broad framework for AI transparency. It requires organisations to disclose when AI is involved and to give clear explanations of how AI systems make decisions.
Legal counsel, compliance officers, and technology leaders now face pressure to understand and apply these duties before the August 2026 deadline. The cost of getting it wrong is high, with fines reaching €35 million or 7% of global annual turnover for the most serious breaches.
• AI transparency rules require clear disclosure when people deal directly with AI systems or view AI-generated content. The duties depend on the system’s risk level, including high-risk and general-purpose AI.
• The EU AI Act, in force since August 2024 with most transparency duties applying from August 2026, is the world’s first broad AI transparency framework and carries heavy fines for non-compliance.
• Core parts of transparency include explainability, interpretability, accountability, traceability, and giving clear, distinguishable information before a person’s first interaction with an AI system.
AI transparency means making the way AI systems work, their limits, and how they make decisions understandable to the people affected, especially end users and regulators. The main idea is that people should know when they deal with AI or see AI-generated content.
The law now requires organisations to tell users when they communicate or interact with an AI system. This goes beyond a simple notice: it includes clear information about what the system can do, its limits, and its risks. Transparency covers several key elements:
• Traceability: The ability to track and reconstruct AI outputs back to their sources and input data
• Explainability: Providing clear, comprehensible reasons for AI-generated outcomes
• Interpretability: Ensuring humans can discern the logic underpinning AI decisions
• Disclosure: Informing affected persons before their first interaction with AI systems
Rules increasingly say that AI-generated content must be clearly labelled as artificially generated in a machine-readable format. This applies especially to synthetic audio, deepfake video, and text where people would reasonably expect a human author.
The different rules for different AI categories reflect different risk levels and possible harm. High-risk systems face the strictest transparency rules, while minimal-risk uses have lighter but still real duties.
The EU AI Act takes a risk-based approach. It sets out transparency duties for AI providers, deployers, and other actors based on a system’s risk level and function. This framework moves from voluntary guidance to mandatory legal compliance.
The Act sorts AI systems into four main risk levels, each with its own transparency duties:
• Unacceptable risk: these systems are banned outright and needed compliance from the earliest deadline. They include government social scoring and systems that exploit vulnerable groups.
• High risk: these face the most extensive transparency and documentation duties. They include remote biometric identification, emotion recognition used for law enforcement, and biometric categorisation in sensitive contexts.
• Limited risk: these have focused transparency duties, mainly about user awareness and content labelling. This includes many systems used for direct user interaction.
• Minimal risk: these have lighter duties but still need clear disclosure where people expect a human.
Article 50 sets a general transparency regime that reaches beyond high-risk and general-purpose models to cover many uses across industries. The rules also apply outside the EU: businesses based elsewhere must comply if they use AI systems within the EU, wherever the operator is based.
Article 13 sets detailed transparency duties towards deployers about how a system works and what it produces. Providers must give deployers clear, full information about the system’s functioning, limits, and the risks of its outputs.
Deployers must understand the system well enough to use it responsibly and read its results correctly. This includes:
• Instructions for proper system operation and monitoring
• Technical documentation explaining system capabilities and limitations
• Information about training data sources and potential biases
• Guidance on appropriate human review procedures
Some high-risk systems must be registered in the EU database before deployment. Providers must supply information for responsible use, covering the intended purpose, operating parameters, and limits, so deployers can reduce misuse and bias.
The rules require clear information to deployers about system risks, performance, and oversight. This keeps transparency in place across the AI lifecycle, from development to deployment.
General-purpose AI models face specific transparency duties because they adapt to many, often unpredictable, situations. Providers must run and report thorough checks of a model’s abilities and risks, including misuse scenarios.
Stronger duties for advanced models with wide capabilities include:
• Comprehensive incident reporting systems track adverse outcomes
• Detailed documentation enabling downstream deployers to understand model behaviour
• Monitoring guardrails for complex AI model capabilities
• Public disclosure of training methodologies and data sources
The AI Office will give more guidance on the rules for different categories of general-purpose systems, especially those with systemic risk.
Good AI transparency rests on four linked parts that work together for compliance and trust.
Explainability gives clear, user-friendly reasons behind AI decisions or recommendations. This often means plain-language summaries or visual explanations that connect complex processes to human understanding.
For high-risk uses like emotion recognition or biometric identification, explainability must cover how the system reached a conclusion and what factors shaped it.
Interpretability is the technical ability to analyse how input data, parameters, and processes produce specific outputs. It may need special tools for model inspection so technical teams can audit how a system behaves.
Accountability sets up traceability that assigns clear responsibility for AI decisions, errors, and their effects. It supports internal governance and regulatory review by keeping clear lines of responsibility across development and deployment.
Traceability means keeping full records, logs, and documentation of a system’s development, training, input data, and operating context. This lets you rebuild decisions and audit compliance with the transparency rules.
Transparency information must be given clearly and distinguishably before any interaction with an AI system. The rules require machine-readable labels for synthetic AI-generated content, whether audio, image, video, or text, so both people and automated systems can detect and check where content came from.
Organisations must tell users about AI involvement in several ways:
• Pre-interaction disclosure: Users must be informed before their first interaction with AI systems
• Content labelling: AI-generated content requires clear marking as artificially generated
• Risk communication: High-risk applications need additional warnings about potential limitations
• Technical documentation: Comprehensive records for regulatory review and audit
Special rules apply to deepfake content, with context-based exceptions for artistic, satirical, and some editorial uses where a label would harm the creative intent under editorial responsibility.
The Act requires machine-readable labels for AI-generated content. This supports automated detection and human review. The technical standards keep developing through AI Office guidance and industry practice.
The EU AI Act entered into force on 1 August 2024, after publication in the Official Journal in July 2024. Its transparency provisions apply from 2 August 2026. Some high-risk systems have up to 36 months from entry into force to comply, and some duties apply earlier than the main deadline.
Prohibited AI practices had the earliest deadline. Organisations should start compliance planning now to meet these tight timelines.
The EU AI Act sets some of the world’s toughest penalties for AI breaches:
| Violation Type | Maximum Fine |
| Serious AI Act violations | €35 million or 7% of global annual turnover |
| Transparency-specific violations | €7.5 million or 1% of global turnover |
| Misleading information | €7.5 million or 1% of global turnover |
Extra penalties apply for giving incorrect, incomplete, or misleading information to users or regulators. National authorities enforce the rules across EU member states, using audits, injunctions, and possible criminal sanctions for serious breaches.
Because the rules reach outside the EU, organisations worldwide can face these fines if their systems affect EU users, wherever the company is based.
Leading organisations have built structured, layered transparency frameworks that go beyond the minimum, build user trust, and give a competitive edge.
Good practice means clear communication about how AI systems collect, store, and use data. Organisations should give plain-English explanations of AI logic, limits, and weak points that non-technical people can follow.
Good practices include:
• Regular publication of transparency reports detailing AI model performance and risk mitigation
• Technical tools generating “explainability statements” or “model cards” for individual ai models
• Proactive communication about data handling and bias prevention strategies
• User education resources bridging technical complexity and user understanding
Organisations face several practical challenges:
• Privacy and trade secrets: balancing GDPR and AI Act duties can create conflicts where full disclosure would harm privacy or expose confidential information.
• Technical complexity: explaining “black box” models like deep neural networks is hard. You need simpler explanations that stay accurate and complete.
• Consistency over time: models that are retrained or updated may change behaviour, so you need ongoing checks and version control to keep disclosures accurate.
• Resource allocation: giving enough people and budget to oversee, apply, and document transparency can be a strain, especially for smaller organisations.
OpenAI has led on transparency with regular safety and research reports, detailed documentation on model abilities and risks, and content provenance tools. Its approach shows how transparency can build trust while meeting the rules.
Microsoft uses a layered approach that combines compliance documentation, user-facing disclosures, and technical tooling. Its Responsible AI Transparency Report shows how to build transparency into both business and technical systems.
Zendesk has built user-friendly, explainable AI features for customer-facing tools and published materials that explain how its AI works. Its approach shows how transparency can be a competitive edge in customer experience.
These early adopters show that broad transparency, while resource-heavy, can build trust, reduce risk, and make regulatory engagement easier when done in a structured way.
The AI Office codes of practice should clarify the transparency information needed for different uses. This guidance will give detailed templates and standards for many industries.
Trends point to bringing AI transparency in line with existing data protection and consumer protection rules, especially on the explainability of automated decisions and user recourse under fundamental rights.
Expected developments include:
• Standard transparency templates and tools (model cards, data sheets, watermarking).
• Links with wider digital governance rules and public interest concerns.
• Transparency standards that change with technical advances and real incidents.
• More focus on continuous compliance rather than one-off checks.
Organisations should watch these developments and join industry working groups to shape the standards while getting ready for new rules.
About the Author
Zlatko Delev
Country Manager & Head of Commercial — GDPRLocal
Zlatko specialises in data protection compliance, ISMS strategy, and AI law. With a legal background and hands-on experience supporting organisations globally, he helps businesses navigate GDPR, the EU AI Act, and international privacy frameworks.
All AI systems that interact with users need some level of transparency disclosure. High-risk systems face the strictest rules, while even minimal-risk systems must tell users that AI is involved. The exact rules depend on the system’s risk level and use.
AI-generated content must be marked as artificially generated in both human-readable and machine-readable formats. Labels must appear before people view the content and stay detectable by automated systems. Special rules apply to deepfake content, with limited exceptions for artistic or editorial use under editorial responsibility.
The AI Act sets heavy fines: up to €35 million or 7% of global annual turnover for the most serious breaches, and up to €15 million or 3% for breaches of transparency and other obligations. Beyond fines, compliance means building transparency into your AI processes, setting up clear governance, and keeping an ongoing commitment to responsible AI. These rules set a global standard that reaches beyond the EU.