If your SaaS product uses AI and you have customers in the European Union, a compliance deadline is approaching that most US companies are not prepared for. The EU AI Act’s Article 50 transparency requirements apply starting August 2, 2026, and they reach beyond the EU’s borders. Like GDPR, the AI Act applies to any company whose AI system is used by or affects people in the EU, regardless of where that company is headquartered.
The penalty for non-compliance is up to 35 million euros or 7% of global annual turnover, whichever is higher. That is not a typo. The EU AI Act’s fine structure exceeds even GDPR’s maximum penalties.
On May 7, 2026, the European Parliament and Council reached a provisional agreement on the Digital Omnibus on AI, which delays certain high-risk system requirements to December 2027 and August 2028. But the Article 50 transparency obligations that directly impact your terms of service and product disclosures remain on track for August 2, 2026. If your SaaS product includes a chatbot, content generator, recommendation engine, or any user-facing AI feature, your terms of service and product interface need to be updated before that date.
1. What Article 50 Requires From Your SaaS Product
Article 50 of the EU AI Act imposes specific transparency obligations on providers and deployers of AI systems. For US SaaS companies, the requirements that matter most fall into four categories.
First, if your product includes a chatbot or conversational AI feature that interacts directly with users, you must disclose to those users that they are interacting with an AI system. The disclosure must happen before or at the point of interaction. A buried footnote in your terms of service does not satisfy this requirement.
Second, if your product generates or manipulates content (text, images, audio, video), that content must be marked as AI-generated in a way that is both human-detectable and machine-readable. The European Commission’s draft guidelines, published May 8, 2026, specify that providers of general-purpose AI systems must implement technical solutions such as watermarks or metadata labels.
Third, if your product generates text that is published to inform the public on matters of public interest, you must label that text as artificially generated. This applies to AI writing tools, automated reporting systems, and content generation platforms.
Fourth, if your product includes emotion recognition or biometric categorization features, you must inform the individuals who are exposed to those systems about their operation.
2. The Omnibus Deal: What Got Delayed and What Did Not
The Digital Omnibus agreement reached on May 7, 2026, has created confusion about what US companies actually need to do by August. Here is the breakdown.
What got delayed: The requirements for high-risk AI systems classified under Annex III of the AI Act are now deferred to December 2, 2027. Requirements for high-risk AI embedded in regulated products (Annex I) are deferred to August 2, 2028. These include detailed conformity assessments, quality management systems, and post-market monitoring for AI used in areas like healthcare, employment, credit scoring, and law enforcement.
What did not get delayed: Article 50 transparency obligations remain on track for August 2, 2026. The Omnibus does provide a transitional period for generative AI systems already on the EU market before August 2, giving those providers until December 2, 2026, to implement content watermarking and labeling requirements. But the chatbot disclosure obligation and the requirement to label AI-generated text apply from August 2 for all systems, including those already in the market.
If your SaaS product is already accessible to EU users, you have until August 2 for disclosure obligations and until December 2 for watermarking compliance. If you launch a new AI feature after August 2, all Article 50 requirements apply from day one.
3. How This Affects Your Terms of Service
The EU AI Act does not just create product design obligations. It creates contractual obligations that must be reflected in your terms of service, your privacy policy, and your user-facing documentation.
Your terms of service should now include a clear disclosure of which features use AI and what type of AI system powers them. A statement like “our platform uses AI to enhance your experience” is not sufficient under Article 50. You need functional descriptions: “Our platform uses a large language model to generate draft responses based on your input. These responses are machine-generated.”
Your terms should also address how AI-generated content is labeled, whether users can opt out of AI-powered features, how user data is processed by AI systems (which must align with your GDPR obligations), and the limitations and risks of AI-generated outputs.
If you already updated your terms for AI features based on US requirements, the EU AI Act adds a layer of specificity that most existing terms do not cover. Our earlier guide on terms of service for AI products covers the US-focused requirements. The EU AI Act adds mandatory point-of-interaction disclosure, machine-readable content labeling, and specific transparency formats that go beyond what US law currently requires.
4. Extraterritorial Reach: Why This Applies to US Companies
The EU AI Act follows the same jurisdictional model as GDPR. It applies to providers of AI systems that are placed on the EU market or put into service in the EU, regardless of where the provider is established. It also applies to deployers of AI systems who are located in the EU, and to providers and deployers outside the EU whose AI system’s output is used in the EU.
For a US SaaS company, this means the Act applies if your product is available to EU customers through your website, an app store, or a reseller. It applies if EU-based businesses use your platform as part of their operations. And it applies if your AI system processes data from EU individuals or generates outputs that are consumed in the EU.
If you already comply with GDPR, you likely already have EU users. The AI Act extends your compliance obligations from how you handle their data to how you disclose and label your AI features.
5. Practical Compliance Steps for US SaaS Companies
Here is what your team should prioritize before August 2, 2026.
Audit your AI features for Article 50 applicability. Identify every feature that uses AI to interact with users, generate content, or make automated decisions. Map each feature against the four Article 50 categories to determine which transparency obligations apply.
Implement point-of-interaction disclosures. For chatbots and conversational AI, add a clear notice before or at the start of the interaction. This should appear in the product interface itself, not buried in your terms of service. The EU Commission’s draft guidelines emphasize that the disclosure must be “timely, clear, and intelligible.”
Begin implementing content labeling and watermarking. For generative AI features, implement machine-readable metadata that identifies outputs as AI-generated. The December 2 transitional deadline for existing systems gives you additional time for watermarking, but human-readable labeling should be in place by August 2.
Update your terms of service and privacy policy. Your terms should disclose AI features with functional specificity, describe what AI outputs are and are not guaranteed to do, explain how user data is processed by AI systems, and include appropriate liability limitations for AI-generated content.
Appoint an EU authorized representative if you do not have an EU establishment. Under Article 22 of the AI Act, providers of AI systems who are not established in the EU must designate an authorized representative in the EU before placing their system on the market.
6. What a Technology Lawyer Handles That a Compliance Template Cannot
The EU AI Act’s transparency requirements interact with multiple legal frameworks simultaneously: GDPR data processing obligations, your existing terms of service, your privacy policy, your acceptable use policies, and your liability limitations. A compliance template treats each of these as separate documents. A SaaS agreement lawyer who understands both the EU regulatory framework and US contract law can build an integrated compliance approach where your terms of service, privacy policy, product disclosures, and technical implementations work together consistently.
The stakes justify the investment. A contradiction between your GDPR privacy policy and your AI Act disclosures creates enforcement risk under both regulations. A liability limitation clause that does not account for AI-specific risks may not hold up when a regulator examines your compliance posture. And a point-of-interaction disclosure that satisfies Article 50 but conflicts with your terms of service creates a contractual ambiguity that could undermine both documents.
Frequently Asked Questions
Does the EU AI Act apply to my US-based SaaS company?
Yes, if your AI system is available to users in the EU, processes data from EU individuals, or generates outputs used in the EU. The AI Act has extraterritorial reach, similar to GDPR. If your SaaS product is accessible to EU customers through your website or an app store, you must comply with applicable provisions.
Did the EU delay the AI Act compliance deadline?
Partially. The Digital Omnibus agreement reached on May 7, 2026, delays high-risk AI system requirements to December 2027 (Annex III systems) and August 2028 (Annex I regulated products). However, Article 50 transparency obligations remain on track for August 2, 2026. Chatbot disclosure requirements apply from that date. Watermarking requirements for existing generative AI systems get a transitional period until December 2, 2026.
What is the penalty for non-compliance with the EU AI Act?
Fines for violating Article 50 transparency obligations can reach up to 15 million euros or 3% of global annual turnover, whichever is higher. For other violations, fines can reach 35 million euros or 7% of global turnover. These penalties apply to the company globally, not just to EU revenue.
Do I need an EU authorized representative for AI Act compliance?
If you are a provider of an AI system that is not established in the EU but your system is placed on the EU market or put into service in the EU, Article 22 requires you to designate an authorized representative in the EU. This representative acts as your point of contact for EU authorities and must have a written mandate from you authorizing them to act on your behalf for compliance purposes.
How do I know if my SaaS product’s AI features are “high-risk” under the AI Act?
High-risk classification depends on what your AI system does and in which sector it operates. AI used for employment decisions, creditworthiness assessments, education, healthcare, or law enforcement is generally classified as high-risk under Annex III. Most general-purpose SaaS AI features (chatbots, content generation, recommendations) are not high-risk but still fall under Article 50 transparency obligations. If you are uncertain, a technology lawyer can conduct a classification assessment for your specific product.
The August 2, 2026 deadline for EU AI Act transparency compliance is approaching, and the requirements affect every US SaaS company with AI features and EU users. If your terms of service, product disclosures, and privacy policy have not been updated for Article 50, contact Hansen Tong at TOS Lawyer to get your agreements aligned with both US and EU requirements before the deadline.