The "obvious AI" rule your webshop chatbot probably fails

# The "obvious AI" rule your webshop chatbot probably fails

Ask most webshop owners whether their chatbot needs to tell customers it is AI, and you get a short answer: "It is obvious, it is a chat widget in the corner of the page, who would think it is a real person?" Ask what Brussels actually wrote down last week, and the picture changes.

That difference matters. Under the EU AI Act (Regulation 2024/1689), Article 50 transparency obligations become enforceable on 2 August 2026, regardless of whether you built the chatbot yourself or installed a third-party plugin. If it runs on your site, it is your problem. On 8 May the European Commission published draft guidelines clarifying exactly what "obvious" means, and the consultation closes on 3 June.

Here is what webshop owners actually need to know, without the legal jargon.

---

The hidden transparency problem

A typical Shopify or WooCommerce store runs Article 50-relevant AI in places owners rarely think about:

• Customer support chatbots with human-sounding names (Intercom Fin, Tidio AI, Zendesk AI Agents, Drift)
• AI-generated product descriptions and review summaries
• AI-generated lifestyle imagery on product and category pages
• AI-written blog posts and editorial content covering trends or product comparisons
• "Virtual try-on" and AI styling assistants that simulate a human stylist
• Returns and order-support agents that handle the full conversation before a human ever takes over

You did not write the model. But the moment a customer interacts with your storefront, you are the deployer under the regulation, and deployers carry their own obligations under Article 50, separate from the provider obligations that sit with your SaaS vendor.

Most of these tools fall under the limited-risk transparency category, which means you owe disclosure to your users. A few can tip into high risk depending on how you use them. Either way: you cannot comply with what you do not see.

The four Article 50 obligations, briefly

Article 50 breaks transparency into four distinct duties:

Article 50(1) — Chatbots and interactive AI. Anyone interacting with an AI system must be informed that they are, unless that fact is "obvious from the point of view of a reasonably well-informed, observant and circumspect natural person." The 8 May guidelines anchor "obvious" to the EU consumer-protection "average consumer" benchmark and explicitly say that general-purpose customer-facing chatbots do not meet the bar. Specialised professional-only assistants, like a code helper inside an IDE or a non-playable character inside a video game, can.

Article 50(2) — Marking AI-generated output. This obligation sits with providers of generative AI systems, not with deployers. The model vendor must mark synthetic content in a machine-readable way (watermarks, provenance metadata, C2PA-style signatures). A timing note here: on 7 May the European Parliament and Council reached a provisional agreement on the Digital Omnibus on AI. If adopted, generative AI systems already on the EU market before 2 August 2026 receive a transition period until 2 December 2026 to bring their Article 50(2) marking into line. The grace is for providers only. If your image generator vendor still is not marking content by 2 August, that is their compliance failure, but it becomes your reputational problem when a regulator asks why your product imagery cannot be verified.

Article 50(3) — Emotion recognition and biometric categorisation. If you use AI that infers emotions or categorises customers based on biometric data (sentiment analysis on webcam-based try-on tools, voice-tone detection in support calls), you must disclose this to the affected persons. Most webshops do not run this, but if you have enabled any "smart" video try-on or voice support feature recently, check.

Article 50(4) — Deepfakes and AI-generated public-interest content. Deployers must label content that constitutes a deepfake (synthetic image, audio, or video resembling real people, objects, or events). AI-generated text on matters of public interest must also be labelled. For webshops, this hits when you use AI to generate spokesperson-style video, voice-clone narration, or photorealistic synthetic models in product imagery.

What "obviously AI" actually looks like

For the chatbot, the fix is content, not engineering. Most webshop chat widgets today open with something like this:

> Hi, I'm Lisa! How can I help you today?

That fails Article 50(1) under the 8 May guidelines. The customer gets no signal at all that they are talking to software. The compliant version is the same widget with the opening message rewritten:

> Hi, you are chatting with an automated assistant from [Store name]. I can help with orders, returns, and product questions. Type 'agent' to reach a human.

That is the entire fix for most stores. The opening line discloses what the customer is talking to. A static "AI assistant" label next to the input field reinforces it. A persistent badge or icon stays visible through the conversation, so the customer does not forget halfway through a 15-message thread that they are not talking to Lisa from customer service.

Two things the guidelines make unambiguous. The disclosure has to happen at the start of the interaction, not at the end, so a cookie-banner mention or a buried terms-of-service clause does not count. And the deployer obligation cannot be delegated by reading your SaaS vendor's compliance whitepaper. Intercom meeting Article 50(2) as a provider does not relieve you of Article 50(1) as a deployer. Two separate obligations, two separate parties.

What to do about AI-generated content

The chatbot is the loud problem. The quieter one is everything else your site generates with AI.

Product imagery from a model (Midjourney, DALL-E, Stable Diffusion-based commercial tools, or the AI image features inside Shopify Magic and Canva) puts the marking obligation on the provider, but you still need to know who supplied which image. If the model vendor is signed up to the forthcoming Code of Practice on marking and labelling of AI-generated content (second draft published in March, final expected in June), C2PA provenance metadata travels with the file. If it is not, the audit trail does not exist on your side either.

For AI-generated lifestyle photos or videos showing identifiable people, including fully synthetic models, the deepfake labelling obligation under Article 50(4) attaches to you as deployer. The label needs to be visible to the viewer, not buried in alt text or page metadata. The Code of Practice draft proposes a standardised "AI-generated" badge that overlays the corner of the image.

AI-written editorial content sits on you under Article 50(4) when the topic is public-interest. A blog post comparing energy use of different appliances, an article touching on consumer protection law, a review claiming health or sustainability benefits, all of that needs a label disclosing AI authorship. Generic product copy and category descriptions are not in scope.

The heaviest disclosure burden falls on voice and video. AI voice-clone narration in product videos, synthetic spokesperson avatars, AI-generated podcast intros each trigger Article 50(4). The label has to be visible and unambiguous to the viewer, not tucked into the video description.

The 81-day window

Eighty-one days separate today from 2 August. Most of the work is in the inventory: which AI tools are running on your site, who supplies each one, and which obligation attaches to which party. The aiactscanner.com scan does that inventory for you. Give it a URL and you get a per-page report listing every AI surface the crawler detected, what Article 50 paragraph it falls under, and whether the fix is yours or your vendor's.

The inventory is the easy part. The chatbot copy changes, the imagery badging, the vendor conversations, those are the weeks of work. Starting the inventory today gives you the runway. Starting in July does not.