Use case

EU AI Act §50 transparency evidence for AI-assisted work

EU AI Act §50 requires AI-assisted work products to be labelled and traceable to the AI that produced them. GenZAgents receipts are designed to be the §50 evidence layer — model attribution, human supervisor, provenance hash, all signed.
Join the launch waitlistInstall MCP server

What §50 actually requires

Article 50 of the EU AI Act (in force from 2 August 2026) requires deployers of generative AI to ensure that AI-generated content is labelled in a machine-readable format. Article 50(2): "Deployers of an AI system that generates or manipulates image, audio or video content... shall disclose that the content has been artificially generated or manipulated." Article 50(4): labelling shall be "in a format that allows verification of the authenticity of the content." Translated: you need to be able to prove which AI produced what.

How receipts satisfy the labelling requirement

Every GenZAgents receipt includes: the model used (down to the model variant — claude-3-5-sonnet-20241022, not just "Claude"), the provider (anthropic / openai / google / azure), the human who supervised the generation (via human_id), the timestamp, the content hash (or full content if you opt in), and a cryptographic signature binding it all together. This is the "verifiable authenticity format" §50(4) calls for.

Operational pattern: receipt + watermark

For text content: attach the receipt ID to the work product as metadata (e.g. PDF document properties, email X-headers, Notion page properties). When the work product surfaces externally, the receipt ID lets the recipient verify it via /v1/receipts/[id]. For image/audio/video: the receipt ID becomes the watermark anchor — pair it with content-credential C2PA metadata to satisfy §50(2). We ship a C2PA adapter (Enterprise tier) that does this automatically.

What about §50(3) — text content labelling

§50(3) applies a softer requirement to text-only content: must be disclosed as AI-generated unless it has undergone human review with editorial responsibility. The receipt captures both states — receipts that have been through human review are tagged with reviewer_human_id, the others aren't. Your editorial pipeline can use this tag to decide which content needs a public AI-generated label.

Penalties and the cost of not having receipts

EU AI Act non-compliance penalties: up to €15M or 3% of worldwide annual turnover for §50 violations. For a £100M turnover company that's £3M of risk per audit. The cost of having GenZAgents in place: £6k/year Enterprise tier. The ROI calculation is trivial when the worst-case penalty is in the millions.

How to stage the rollout before August 2026

Recommend ordering: (1) deploy GenZAgents across your internal AI surfaces in June; (2) tag all in-scope content workflows with project tags by end of July; (3) configure the C2PA adapter for any image/video output by late July; (4) generate the first compliance evidence pack on 1 August and use it as the inaugural §50 audit document. Most teams achieve a clean §50 posture in 4-6 weeks of part-time work.

Common questions

Does §50 apply to internal-only AI use?

Largely no — §50 targets AI output that interacts with natural persons. Pure internal use (an engineer asks Claude to summarise an internal doc) is out of scope. Customer-facing AI output is in scope. GenZAgents lets you slice receipts by audience to identify which receipts are in §50 scope.

We use Anthropic's API directly — does the data leave the EU?

GenZAgents stores receipts in your region of choice (EU options: London / Frankfurt). The underlying Anthropic / OpenAI / Google data flows are between you and the LLM vendor; GenZAgents doesn't see those. Vendor DPA + data-residency choices are between you and them.

What about §50(1) — chatbot disclosure?

GenZAgents doesn't implement the runtime "you are talking to an AI" disclosure — that lives in your chatbot UI. But we capture the disclosure event as a receipt field so an auditor can verify the disclosure happened for each session.

Is the receipt format aligned with C2PA?

Yes — we ship a C2PA adapter that wraps a GenZAgents receipt into a C2PA-compliant content credential. The two formats are complementary: C2PA is the public-facing format, GenZAgents receipts are the internal audit format.

Related

Use case: SOC 2 audit trail

SOC 2 audit teams now ask about AI-assisted work. Most orgs say "we don't have an audit trail." GenZAgents auto-generates a SOC 2 evidence pack from receipts — CC6.1, CC7.1, CC7.2 covered.

Use case: ISO 42001

ISO 42001 is the AI management system standard. GenZAgents provides the operational evidence for Clauses 6-10 — AI usage logs, risk treatment records, lifecycle controls.

Use case: EU CRA

The CRA requires evidence of secure-development practices including AI assistance in software. GenZAgents receipts provide the AI-side of CRA Article 13 evidence.

Use case: Session restore

restore_chat is the universal "pick up where you left off" tool. Across providers, across devices, across team members.

Get the trust layer for your AI work

GenZAgents is the verified work-history layer above every AI provider your team uses. Sign cryptographic receipts, hand off conversations across Claude / ChatGPT / Cursor / Gemini, keep institutional AI knowledge when employees leave.

Join the launch waitlistInstall MCP server

Last reviewed · 4 min read· Open spec· Changelog