
Article 50 Model Output Marking: EU Compliance in One API Call
Definition: Model-output marking is the step where a generation platform attaches a machine-readable disclosure to every AI output at the model boundary, satisfying the EU AI Act Article 50(2) marking obligation before the byte leaves the system.
TL;DR: One POST /v1/sign with a disclosure flag returns a marked asset carrying the three Code of Practice layers: signed manifest, watermark, and anchor. Mark at the boundary, and downstream customers decide whether to preserve or augment the mark.
Mark at the boundary, not after
The cleanest place to mark is the moment the model produces output, before it enters storage or delivery. Marking at the boundary guarantees coverage: every generated asset is marked, with no gap where unmarked content escapes. It also keeps the disclosure attached to the exact provenance of that generation.
The three layers in one call
The signing call attaches a C2PA ai_generated assertion under the platform's certificate, a TrustMark watermark as the soft-binding layer, and an OpenTimestamps anchor for the audit trail. That triple is what the Code of Practice second draft describes, delivered in a single request.
Provider versus deployer marking
A platform is the provider for its API output and must mark at the source. Its customers may be deployers who add their own disclosure. Marking at the boundary and preserving prior manifests as ingredients lets both layers coexist on the same asset.
The incident behind this
Romania's annulled election round shows why marking at scale matters: when AI-amplified content floods a platform, a marked authentic record is the difference between fast verification and a slow, contested debunk.
Implementation
curl -X POST https://api.originalpictures.com/v1/sign \ -H "Authorization: Bearer $OP_KEY" \ -F "[email protected]" \ -F 'assertions={"c2pa.created":{"actions":[{"action":"c2pa.ai_generated","softwareAgent":"your-model"}]}}' \ -F "disclosure=art50.2" -F "watermark=trustmark" -F "anchor=true"
Regulatory mapping
| Regime | Effective | Bite | Why it applies |
|---|---|---|---|
| EU AI Act Art. 50(2) | 2 Aug 2026 | EUR15M or 3% | Provider marking obligation |
| EU AI Act Art. 50(4) | 2 Aug 2026 | EUR15M or 3% | Deployer disclosure |
FAQ
Does marking change my model output?
No. The manifest and watermark are added to the asset; the generation itself is unchanged. The watermark is imperceptible at normal viewing.
Where Original Pictures stands today
Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.
Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.
Bottom line: Mark every output at the model boundary in one call, attach the three layers, and preserve prior manifests as ingredients so provider and deployer disclosures coexist.
Related
Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.
Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.
Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.