EU AI Act Compliance Check
Prepare your AI-generated content for Article 50 provenance requirements. A step-by-step workflow using RightsDocket to build a defensible compliance record.
What Article 50 requires
Article 50 requires providers and deployers of certain AI systems to disclose when output is AI-generated or manipulated, with specific obligations varying by AI system risk category. The EU Code of Practice (final version expected June 2026) specifies two marking layers: machine-readable provenance metadata (C2PA) and imperceptible watermarking.
This guide walks through how RightsDocket generates the C2PA metadata layer with proper IPTC Digital Source Type mapping — the structured provenance record that regulators and downstream platforms can verify.
Identify your AI-generated assets
Before using RightsDocket, audit which content in your pipeline involves AI generation. Article 50 applies to any content where an AI system contributed to the output — text, images, audio, video, or mixed media.
List every asset in your current workflow that involves AI tools (e.g., Suno, Udio, Midjourney, ChatGPT, DALL-E, Stable Diffusion). For each asset, note: the AI tool used, the version, and whether any human modification occurred after generation.
Start with your highest-risk assets — content distributed in EU markets or to EU-based audiences. Article 50 enforcement applies based on where content is deployed, not where it was created.
Create a project and map the IPTC source type
Upload your asset to a new RightsDocket project. The platform maps your human/AI contribution levels to the IPTC Digital Source Type vocabulary — the standard taxonomy that EU regulators and C2PA-aware platforms use to classify content provenance.
| Scenario | IPTC Source Type | Meaning |
|---|---|---|
| Fully AI-generated | trainedAlgorithmicMedia | Output from a trained model with no significant human modification |
| AI + human edits | compositeWithTrainedAlgorithmicMedia | AI output combined with human creative contribution |
| AI-enhanced | algorithmicallyEnhanced | Human-created work improved using AI tools |
| Fully human-created | digitalCreation | No AI involvement — human-authored digital work |
The platform selects the correct IPTC Digital Source Type based on your contribution mapping and embeds it into the C2PA manifest. This satisfies the structured metadata requirement in the EU Code of Practice.
Generate the C2PA manifest
RightsDocket structures your provenance data in C2PA manifest format (spec 2.3). For Phase 1, this data is included in your PDF provenance record and verification link. Embedded C2PA signing for MP3, WAV, and M4A files is rolling out as the signing infrastructure ships.
After mapping contributions, click Generate Manifest. Review the assertion summary to confirm the IPTC source type, contributor list, and AI tool declarations are accurate before proceeding.
C2PA metadata alone may not satisfy the full Article 50 requirement. The EU Code of Practice mandates both machine-readable metadata (C2PA) and imperceptible watermarking. RightsDocket covers the C2PA layer. Watermarking is a separate infrastructure decision.
Anchor with a cryptographic timestamp
Export your provenance record. The PDF report includes a document hash and Ed25519 signature for integrity verification. RFC 3161 trusted timestamping is being integrated for cryptographic proof-of-existence.
Regulators and auditors need evidence that provenance records existed at the time of content distribution, not after an inquiry. Cryptographic timestamps provide that chain-of-custody evidence with integrity guarantees.
Click Export → confirm your output options → download. The provenance record includes: your PDF compliance report with document hash and Ed25519 signature. Store it in your compliance archive.
Verify and archive your compliance record
Use the RightsDocket verification portal to confirm that your provenance record is intact. The verify-without-uploading feature checks file integrity using cryptographic hashes — your file never leaves your environment.
Navigate to the verification portal → drag your signed file into the verifier → confirm the manifest, IPTC source type, and timestamp all validate. Archive the provenance record alongside the original asset in your compliance system.
EU AI Act Readiness Checklist
Run this compliance check for every new AI-generated asset before distribution in EU markets. Build provenance into your production workflow — not as an afterthought.
Keep the human in the record.