<img src="https://ad.doubleclick.net/ddm/activity/src=10024890;type=invmedia;cat=front0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?" width="1" height="1" alt=""> The EU AI Act and DAM: labeling AI and proving authenticity
Skip to content
Content authenticity

The EU AI Act and DAM: labeling AI and proving authenticity

Last updated on: 17. July 2026

Starting August 2, 2026, the transparency requirements of the EU AI Act (Article 50) will apply to anyone who manages, distributes, or publishes digital assets. What this will look like in practice is not yet defined down to the last detail. But the direction is clear.

AI-generated or AI-edited content must be labeled: visible to humans for content that simulates reality, and machine-readable so that search engines, platforms, and feeds such as LinkedIn, TikTok, or Instagram can understand its origin. This applies to product images, photorealistic campaign visuals, AI-generated text without editorial review, and chatbots.

A Digital Asset Management (DAM) system has long since stopped being a passive repository. It becomes a central control point where it is decided whether content meets labeling requirements or not: during export, format conversion, and distribution to channels and partners.

Those who set the right course now will be prepared by August. And they gain something beyond compliance in the future: a way to demonstrate that content is authentic.

 

DAM as gatekeeper

What role does AI already play in your DAM? Tagging? Agentic workflows? Generating focal points and format variants?

As soon as images or text (including accessibility descriptions) are generated with AI, they will soon need to be labeled in a machine-readable way. And as soon as they

  • communicate real-world information, and

  • have not been reviewed by a human editor (changing the format is not a review),

they will also need a human-readable label.

This applies regardless of whether AI is used directly inside the DAM. The system should understand the logic behind both machine- and human-readable labeling, detect signals, and, critically, ensure they are preserved.

That is exactly why the DAM is the right place for this. What matters now is implementing these changes across the organization behind the DAM. The challenge: final implementation guidance is not yet available. It’s already July, so time is limited before the transparency requirements apply on August 2.

An important step right now is an AI inventory. Which software in my company uses AI? Which content has already been created or edited using AI?

 

Machine-readable: how does it work?

This is the question Adobe, Arm, BBC, Intel, Microsoft, Truepic, and others asked themselves five years ago when they founded C2PA, a consortium that developed a certificate to track origin (which camera, which AI generator), editing steps (masking in Photoshop is faster with AI), and publishing. This information is stored as a small string alongside IPTC and EXIF metadata.

The first cameras already write these certificates. ChatGPT does as well. Google integrates them into its AI systems and smartphones. Midjourney and Flux are still holding back. Photoshop and Lightroom write certificates when images or videos are edited using AI.

It’s a robust and relatively simple system within the creation–DAM–CMS process. But as soon as, for example, a JPG is converted into a PNG, the certificate can be lost along with all other metadata if workflows are not designed to preserve it.

The second layer of security recommended in the AI Act draft is invisible watermarking. These can be configured freely and, in addition to C2PA information, can include additional data. For example, every retailer downloading images for their online store could be marked in the watermark on the fly. This opens up traceability: Who is using outdated images? Where have images been misused? Watermarks can even be detected in printed materials.

credentials-content-authenticityImages from Adobe Stock already contain Content Credentials. Agencies such as dpa and AFP are rolling out C2PA combined with watermarking. Providers like IMATAG and others offer services to embed certificates and watermarks.

In addition, the IPTC field DigitalSourceType, a standardized metadata field, can be populated. It uses a controlled vocabulary to indicate how an asset was created, for example AI-generated or AI-edited.

Read more: Content Authenticity: How to protect trust in the digital age

 

How DAM users should prepare now

  • AI inventory: which asset, which tool, which date

  • Metadata policy: consistently populate IPTC DigitalSourceType

  • Map export paths: test today where origin data is lost during conversion, rendition, and distribution

  • Approval step: check labeling before publication, not only in the distribution channel

  • Define output channels: decide per channel which type of labeling is required, whether visible disclosure, machine-readable provenance, or additional watermarking via service providers

What is clear and what is not

One thing is clear: if an image is meant to depict reality (product images, people in photorealistic visuals, etc.) but is generated by AI, then human-readable labeling must appear even in places where image attribution has never been shown before. That includes website key visuals, brochures, posters, trade show walls, and more.

What remains open is how strict the interpretation will be. The decisive factor will not be the law itself, but the still-pending implementation guidance from the Commission, the Code of Practice.

The most uncertain point: a small AI change in text can be more significant (misleading or incorrect information) than AI-assisted retouching, generative fill, or masking of an image. Whether simple, harmless image edits performed by tools that quietly use AI will need to be labeled is not yet decided.

 

From obligation to opportunity

You can, of course, simply label AI content as such. But that is not always well received by audiences.

The more interesting direction is the opposite. You can prove that a photo is real. That a text was written by a human. That images truly belong to the sender. In that sense, a labeling requirement becomes a proof of authenticity.

That makes the effort worthwhile. Similar to data protection, imprint requirements, and other mechanisms, it is the serious players who invest time in standing out from unreliable sources.

LinkedIn has already started filtering AI-generated content from feeds. They use detection tools that reportedly achieve around 94% accuracy. But authenticity certificates change the system entirely. They eliminate false positives and help communication reach the intended audience.

Recent examples, from major media outlets to political figures, show how unmarked AI content can quickly damage credibility. Using AI without disclosure may become the next trigger for public backlash.

 

About the authorbildbeschaffer-alexander-karst
This article is a guest contribution by Alexander Karst.
Alexander has been working in the advertising and imaging industry since 1994. After roles at PhotoDisc and Getty Images as a web and PR manager, he founded Die Bildbeschaffer GmbH in 2008. His agency supports companies and agencies with image sourcing, research, rights clearance, and image management. In addition, he provides training and consulting on image rights and the broader challenges of managing images, content, and media.

 

AI generated image of a mammoth in Norway

GenAI and Content Authenticity

Read more about the crisis of trust in digital content

More about Content Authenticity

On this page