Today (10 June 2026), the European AI Office released the “Code of Practice on Transparency of AI-Generated Content”. It includes guidance for how AI providers should add metadata to declare AI-generated content.

Measure 1.1: Machine-readable marking techniques

The guidance suggests that AI providers use two mechanisms for adding metadata: Digitally-signed metadata (sub-measure 1.1.1) and Imperceptible watermarking (sub-measure 1.1.2). An optional mechanism (sub-measure 1.1.3) is fingerprinting or logging, which requires a registry database.

Digitally-signed metadata is described as follows:

Signatories will record information in the metadata on whether the content is AI-generated or manipulated. All recorded information will be digitally signed and time-stamped (on systems where time information is available) in a secure and tamper-evident manner.

While it is not named specifically, the only technology that meets these criteria is C2PA.

The guidance also adds:

Signatories are encouraged to implement richer metadata in accordance with Measure 1.3., without including privacy-sensitive or business-sensitive information. In cases where such information is strictly necessary or inserted upon request of an end-user, it will be compliant with applicable EU data protection law and is encouraged to be placed in a metadata placeholder separate from the AI transparency metadata.

We interpret this to mean that the EU AI Office encourages the use of CAWG cawg.metadata assertions in C2PA manifests for conveying rich metadata about content, in the case where publishers choose to add it.

Measure 1.2: Non-removal of markings

The Code of Practice states:

Signatories will, to the extent technically feasible and recognisable as per open standards, retain, and abstain from intentionally altering or removing, existing metadata markings, where such content is used as input and subsequently transformed by their AI system into an output

In addition, the Code requires Signatories to add terms and conditions to prohibit users of AI systems from intentionally stripping metadata from AI-generated content.

Measure 1.3: Transparency of the provenance information (optional)

This measure encourages Signatories to incorporate richer information in signed metadata “to provide additional context and thereby contribute to increased integrity and trust in the information ecosystem”. In particular, “Signatories are encouraged to consider relevant standards to provide further information about the origin of AI-generated or manipulated content across workflows, where technically feasible.” Again, we interpret this to refers to C2PA and CAWG metadata.

Commitment 2: Detecting and conveying AI-generated markings at publish time

Commitment 2 described in section 1 of the The Code of Practice covers how signatories will make available a detection system so members of the public can check whether content is generated by their AI system based on the above marking techniques. This can take the form of either a public standard or specification that can be implemented by third parties, or software, or a cloud-based service accessible via an API, free of charge to users.

This will mean that third-party validators can build automated tools to check to see whether media is AI-generated even if C2PA or IPTC metadata has been stripped from the image. Today, fact checkers and researchers must manually upload images to each AI providers system to check whether it was created by that system.

Measure 2.3 covers “clear and accessible disclosure of detection results,” including the guidance “Where additional information is available in the watermark or in the metadata, Signatories will incorporate such information into the detection results.” This could be interpreted to mean that metadata supplied by publishers should be made available to users in AI-detection information.

Work towards “effective, reliable, robust and interoperable” mechanisms

The EU AI Act specifies that solutions should be “effective, reliable, robust and interoperable.” However, the reality is that no technical solution currently meets all four of those criteria. So Measure 3 describes how Signatories to the Code of Practice can work towards this goal.

In particular, the mechanisms to detect watermarks mentioned above will currently require validators to check each system in turn. The Code requires providers to “implement an interoperability solution for their detection mechanisms by 2 February 2027” using a “publicly available interoperable industry standard” to route detection queries, or a “publicly readable signpost or other interoperable mechainsm in the AI-generated or manipulated content that will signal to the public which detection solution to use without having to run all the detection solutions of providers of AI systems.”

Section 2: Labelling deep fakes and AI-generated and manipulated published text

Section 2 of the Code of Practice is for “deployers” of AI systems (which is not defined in the Code of Practice, but the AI Act defines “deployer” as “a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity,” i.e. any business or organisation using a generative AI system.

Code of Practice signatories commit to visually disclose the existence of AI-generated markings using a set of generalised icons provided by the EU AI Office, along with information on whether the content was created or manipulated using AI. The icons are shown above.