Guides / Legal
12 questions to ask counsel about AI disclosure laws.
If your compliance picture begins and ends with the EU, the map has already moved past you. China has enforced AI-content labeling since September 2025. Texas and California obligations took effect in January 2026. Korea's framework arrived the same month. And on 2 August 2026, two regimes land on the same day — the EU's Article 50 and California's watermarking mandate, deliberately aligned. These are the questions to bring to counsel, with why each one matters. Free, no signup, printable.
The disclosure map, briefly
The regimes counsel will be mapping your systems against. Certian keeps this record with dates and primary sources; counsel tells you which entries reach you.
AI Act Article 50 — interaction disclosure, machine-readable marking, biometric notice, deepfake and public-interest text labelling. Marking deferred to 2 Dec 2026 for pre-existing systems only.
2 AUG 2026SB 942 (AI Transparency Act) — detection tools and manifest/latent watermarking for large generative AI providers; operative date moved by AB 853 to align with the EU. Separately, AB 2013 training-data transparency has applied since January 2026.
2 AUG 2026TRAIGA (HB 149) — AI governance framework with disclosure components in consumer and regulated contexts; Attorney General enforcement.
IN FORCE · JAN 2026AI Policy Act — generative-AI disclosure duties in consumer interactions, centered on regulated occupations.
IN FORCE · 2024Colorado AI Act — consequential-decision framework; currently being repealed and replaced with a disclosure-based framework. Status in motion — verify current text.
IN MOTIONCAC Labeling Measures + national standard GB 45438-2025 — explicit (visible) and implicit (metadata) labels required on AI-generated content; platform enforcement active.
IN FORCE · SEP 2025AI Basic Act — comprehensive framework including generative-AI transparency obligations.
IN FORCE · JAN 2026Further regimes are in motion on several continents; the map grows. Sources: Reg. (EU) 2024/1689 · California SB 942 · CAC Labeling Measures (translation) · state legislative records.
The questions
"Which disclosure regimes actually reach us — mapped system by system, not company-wide?"
Why it matters: these laws follow the market and the user, not your headquarters. A US company can be inside Article 50 through EU users, inside SB 942 through California users, and inside China's rules through content on Chinese platforms — simultaneously, through different systems. The mapping exercise is the engagement's foundation; everything else depends on it.
"In each jurisdiction's terms, are we the developer/provider or the deployer — for each system?"
Why it matters: every regime on the map splits duties by role, under slightly different names — the EU says provider and deployer; Texas and the US state frameworks say developer and deployer. The split has teeth everywhere: in the EU, providers carry interaction disclosure and machine-readable marking while deployers carry biometric notice and labelling; the state laws divide obligations along the same seam. Many companies are both, per system. Counsel's role call determines which obligations are yours and which belong to your vendors or customers — in every jurisdiction at once.
Reg. (EU) 2024/1689, Art. 3(3), 3(4) · Texas HB 149 (developers & deployers)
"Which of our deadlines are real: 2 August 2026, 2 December 2026 — or a date that has already passed?"
Why it matters: the calendar is layered. Texas and California training-data duties have applied since January 2026; China has enforced labeling since September 2025; the EU's marking duty defers to 2 December 2026 only for systems already on the EU market before 2 August. "When is our deadline" has a different answer per system per jurisdiction — get the actual list.
"Which exemptions can we actually claim — and will you put the basis in writing?"
Why it matters: the workable exemptions (Article 50's contextual-obviousness carve-out for chatbots; the human-editorial-responsibility exemption for published text) are judgment calls, not checkboxes. A written basis for each claimed exemption is what turns a judgment call into a defensible position when a regulator asks two years later.
Reg. (EU) 2024/1689, Art. 50(1), 50(4)
"What does machine-readable marking require from our engineering team — and which standard satisfies which law?"
Why it matters: the EU requires machine-readable marking, California requires manifest and latent disclosures, China requires explicit and implicit labels — and C2PA Content Credentials, IPTC metadata, and watermarking each satisfy different slices. Expect a deflection here: counsel will defer the technical implementation to your engineers, and your engineers will defer the legal sufficiency to counsel. The counter-move: put both in the same meeting and leave with one written marking spec.
"Can one disclosure implementation satisfy several regimes at once?"
Why it matters: the build-once question. California's operative date was deliberately aligned with the EU's, and the technical approaches overlap heavily — a well-designed provenance and labeling implementation may cover most of the map. Expect "it depends": the counter-move is asking counsel to define the union of the strictest applicable requirements as your baseline spec, so engineering builds once against it.
"If the EU entry reaches us: should we sign the Code of Practice — and what does it buy?"
Why it matters: skip this one if Q.01 ruled the EU out — it's the one purely European question on this list. If Article 50 does reach you: the Code of Practice on Transparency of AI-Generated Content (final, 10 June 2026) is voluntary, offers a recognized pathway for demonstrating Article 50 compliance, and its signatures are conditional on the Commission's adequacy assessment. Whether signing fits your posture — and its commitments fit your roadmap — is a counsel-and-business decision worth making deliberately, not by default in either direction.
European Commission — Code of Practice policy page; signatory record at certian.com/signatories
"What enforcement exposure are we realistically carrying — and who enforces where?"
Why it matters: the enforcers differ by map entry: state attorneys general in the US (Texas provides for penalties up to $200,000 per violation), EU member-state market-surveillance authorities (Article 50 violations can draw fines up to €15M or 3% of worldwide turnover), and platform-level enforcement in China. "Realistic" is the operative word — ask counsel where enforcement attention is actually landing, not just the statutory maxima.
Reg. (EU) 2024/1689, Art. 99(4)(g) · Texas HB 149 · CAC enforcement actions
"What should our internal record look like if a regulator asks?"
Why it matters: the defensible position isn't just being right — it's being able to show your work: the system-by-system screening record, the written basis for each exemption claimed, the marking implementation and the standard chosen, and the dates each decision was made. Ask counsel what that file should contain before anyone asks to see it.
"How should our contracts allocate disclosure duties with vendors and customers?"
Why it matters: provider and deployer duties flow through commercial relationships — your AI vendor's marking obligations affect what you can rely on; your customers' deployer duties affect what they'll demand from you. Contract language deciding who marks, who discloses, and who indemnifies is where the role split from Q.02 becomes enforceable.
"Can we scope this as a fixed-fee applicability review — and what should we bring to the first meeting?"
Why it matters: an open-ended engagement on a mapping exercise is how legal bills grow unsupervised. A fixed-scope review — these systems, these jurisdictions, this deliverable — is a reasonable ask, and coming prepared shrinks it further: bring your AI-systems inventory and, if you've run one, your applicability screening output. The better your intake, the cheaper the mapping.
"What's coming next on this map that we should build for now?"
Why it matters: the map is still being drawn: Commission guidelines on Article 50 are expected, a watermark-detection interoperability milestone follows on 2 February 2027, Colorado's replacement framework is in motion, and further regimes are advancing on several continents. Counsel watching this for you — and telling you which changes affect your build — is much of what the ongoing relationship is for.
Professional register — this guide
Disclosed relationships · LegalCertian does not provide legal advice. Professionals appearing here hold sponsored listings — flat fee, identical terms within each category, never contingent on any outcome, independent of Certian. How listings work →
Legal counsel — AI disclosure & transparency law
No firm is currently recorded for this guide. Firms advising on AI disclosure obligations — EU, US state, or cross-border — may register interest in a sponsored listing — flat fee, identical terms within each category.