EU AI 법안 투명성 의무: 제13조 및 제50조
EU AI 법안은 투명성을 두 가지 체제로 나눕니다. 제13조는 고위험 AI의 공급자와 배포자 간의 관계를 규정합니다. 제50조는 AI 시스템과 상호 작용하는 사람들과의 관계를 규정하며, 챗봇, 딥페이크 및 AI 생성 콘텐츠를 포함합니다.
EU AI 법안 투명성 의무: 제13조 및 제50조
EU AI 법안은 투명성을 두 가지 체제로 나눕니다. 제13조는 고위험 AI의 공급자와 배포자 간의 관계를 규정합니다. 제50조는 AI 시스템과 상호 작용하는 사람들과의 관계를 규정하며, 챗봇, 딥페이크 및 AI 생성 콘텐츠를 포함합니다.
최종 업데이트: 2026년 7월 4일
제13조: 배포자에 대한 투명성
고위험 AI의 공급자는 배포자가 시스템을 올바르게 사용하고 의미 있는 감독을 수행할 수 있도록 충분한 정보를 제공해야 합니다.
- 공급자의 신원 및 연락처 정보
- 의도된 목적, 정확성, 견고성 및 사이버 보안 속성
- 알려진 제한 사항 및 알려진 예측 가능한 오용
- 특정 개인 또는 그룹에 대한 성능
- 입력 데이터 요구 사항 및 예상 출력 해석
- 인적 감독 조치 및 이를 수행하는 방법
- 유지 관리 및 수명 주기 기대치
제50조: 사용자 및 대중에게 대한 투명성
제50조는 고위험 시스템에만 적용되는 것이 아니라 더 광범위하게 적용됩니다. 네 가지 핵심 의무:
- AI 상호 작용 공개 — 자연인은 AI 시스템과 상호 작용하고 있다는 사실을 통지받아야 합니다(예: 챗봇). 단, 상황상 명백한 경우는 제외됩니다.
- 합성 콘텐츠 표시 — AI 생성 오디오, 이미지, 비디오 또는 텍스트는 기계 판독 가능하고 인공적으로 생성된 것으로 감지할 수 있어야 합니다.
- 딥페이크 공개 — 실제 인물 또는 이벤트를 묘사하는 콘텐츠는 인공적으로 생성된 것으로 공개해야 합니다. 단, 명확하게 예술적, 풍자적이거나 허구적인 작품인 경우는 예외로 합니다.
- 공익 관련 텍스트 — 공익에 관한 문제에 대해 대중에게 정보를 제공하기 위해 게시된 AI 생성 텍스트는 인적 검토 및 편집 책임이 적용되지 않는 한 공개해야 합니다.
제13조와 제50조의 상호 작용
두 가지 투명성 체제는 가치 사슬의 다른 수준에서 작동합니다:
제13조는 공급자와 배포자 간의 B2B 의무입니다. 제50조는 최종 사용자를 대상으로 합니다. 고위험 챗봇의 공급자는 기업 배포자에게 제13조에 따른 문서를 제공하고 챗봇과 대화하는 자연인에게 제50조에 따른 정보를 제공해야 합니다.
Article 50 Exceptions and Implementation Checklist
Article 50 disclosure duties come with narrow exceptions, and Article 13 documentation has concrete build requirements. Work through both:
- Interaction disclosure exception — you can skip the "you are talking to an AI" notice only where it is obvious to a reasonably well-informed person from the context of use; when in doubt, disclose
- Deepfake artistic exception — for evidently artistic, creative, satirical, or fictional work, the disclosure can be limited to a form that does not hamper the display or enjoyment of the work, rather than omitted entirely
- Law-enforcement exception — detection, prevention, investigation, and prosecution of criminal offences may be exempt from certain synthetic-content and interaction duties where authorised by law
- Machine-readable marking — synthetic-content marking must be effective, interoperable, robust, and reliable as far as technically feasible; plan for a durable technique such as watermarks, metadata, or cryptographic provenance signals
- Article 13 instructions for use — package provider identity, intended purpose, accuracy and robustness metrics, known limitations, and human-oversight measures into deployer-facing documentation you can version and update
- Timing — Article 50 transparency duties apply from 2 August 2026; build the disclosure and marking mechanisms into your product now rather than retrofitting them
This checklist is an editorial summary, not legal advice; confirm the exact conditions of each exception against the regulation text and any AI Office guidance before relying on it.
How AIAgentree helps
AIAgentree gives you the disclosure records and deployer-facing evidence that Articles 13 and 50 expect, without changing how your agents run.
- Tamper-evident decision records capture when an AI interaction, synthetic-content, or deepfake disclosure was shown, so you can demonstrate Article 50 compliance to an auditor after the fact
- Human-oversight and approval workflows document the oversight measures Article 13 requires deployers to be able to exercise, with a record of who approved or overrode a decision and why
- Structured exports over REST, MCP, A2A, and OpenTelemetry — using the Python and TypeScript SDKs — let you fold decision evidence into the instructions-for-use and technical documentation you owe deployers, hosted with EU data residency in Germany
Frequently Asked Questions
What is the difference between Article 13 and Article 50 transparency?
Article 13 is a provider-to-deployer duty: providers of high-risk AI must give deployers instructions for use covering purpose, accuracy, limitations, and human-oversight measures. Article 50 is a system-to-person duty: people must be told when they are interacting with AI or seeing AI-generated or manipulated content. A single high-risk chatbot can owe both.
When do the Article 50 transparency obligations apply?
The Article 50 transparency obligations for providers and deployers apply from 2 August 2026 under Regulation (EU) 2024/1689. Building disclosure and synthetic-content marking into a product early is far cheaper than retrofitting it after launch.
Do I always have to label AI-generated content?
Not in every case. Article 50 provides narrow exceptions — for example, where AI interaction is obvious from context, for evidently artistic or satirical works (where a limited-form disclosure suffices), and for certain law-enforcement uses authorised by law. Outside those conditions, synthetic and deepfake content must be marked as artificially generated or manipulated.
Does the deepfake disclosure exception mean I can skip marking artistic content?
No. For evidently artistic, creative, satirical, or fictional work the disclosure may be presented in a way that does not hamper the display or enjoyment of the work, but it must still be disclosed. The exception limits the form of disclosure, it does not remove it.
Continue exploring the EU AI Act guide
EU AI Act Compliance Guide
The complete guide to EU AI Act compliance for AI agents — start here.
Article 12 — Record-Keeping & Logging
What every high-risk AI system must log, and how to capture it.
Article 14 — Human Oversight
Designing effective human-in-the-loop controls for AI decisions.
Annex III — High-Risk AI Systems
Which AI use cases the Act classifies as high-risk.
EU AI Act Compliance Checklist
A step-by-step checklist to reach and document compliance.
Compliance Cost Calculator
Estimate your EU AI Act compliance effort and cost.
Deadlines & Timeline
Key enforcement dates, including the August 2, 2026 deadline.
Fines & Penalties
Penalty tiers up to €35M or 7% of global annual turnover.
Risk Management & Conformity Assessment
Build a risk management system and assess conformity.
GPAI Obligations
Rules for providers of general-purpose AI models.
EU AI Act for US Companies
Extraterritorial scope and what US providers must do.
Omnibus Update
The latest changes to the EU AI Act timeline and rules.
Penalty Calculator
Estimate your maximum fine under the Article 99 tiers.
Article 11 + Annex IV
What technical documentation the EU AI Act requires.
Article 26: Deployer Obligations
What deployers of high-risk AI must do, including log retention.
Article 17: Quality Management
The QMS providers of high-risk AI must document.
Article 10: Data Governance
Data quality, bias mitigation, and governance duties.
Article 4: AI Literacy
The staff AI-literacy duty in force since February 2025.
Deployer vs Provider
Who bears which obligation — and when a deployer becomes a provider.
FRIA (Article 27)
Who must run a Fundamental Rights Impact Assessment, and how.
Who Does It Apply To?
Scope, operators, and the extraterritorial reach of the EU AI Act.
Post-Market Monitoring
Articles 72–73: ongoing monitoring and incident reporting.
ISO 42001 vs EU AI Act
How the voluntary standard and the binding law fit together.
NIST AI RMF vs EU AI Act
A practical crosswalk between the framework and the law.
EU AI Act for Healthcare
High-risk medical AI, MDR/IVDR interplay, and clinician oversight.
EU AI Act for Financial Services
Credit scoring, insurance pricing, and existing financial regulation.
EU AI Act for HR & Employment
Hiring AI as high-risk, plus NYC LL144 and EEOC overlap.