Blog

WITNESS Calls for Stronger AI Transparency Standards in the EU Code of Practice

Over the last months, stakeholders all over Europe have been united around the goal of coming up with clearer rules for AI transparency and AI-generated or manipulated content. These efforts are part of the first Code of Practice (COP) under the EU Artificial Intelligence Act (AI Act),  the European Union’s landmark legislation regulating artificial intelligence.

The COP aims to set rules for disclosures to users when they interact with AI systems, including realistic synthetic media. It is also an effort to turn the broader principles of the EU AI Act into more concrete guidance for companies and platforms. As part of this process, successive draft versions are released for review and feedback from civil society organizations, industry representatives, researchers, and other stakeholders. WITNESS has been a member of the working group created to discuss these incoming rules.

While reviewing the second draft of the COP, the organization submitted recommendations to Working Groups One and Two, which are responsible for developing rules around AI-generated and manipulated content. These groups are discussing issues such as how generative AI providers should identify and detect AI systems, as well as how platforms and deployers should label deepfakes and certain AI-generated or manipulated text shared publicly online.

The submission highlights areas where stronger safeguards are still needed, including privacy protections, provenance integrity, requirements for open-weight models, and public reporting obligations.It also includes feedback on the proposed EU label icon being developed under the COP, emphasizing that transparency measures alone are not enough. The icon is intended to notify users when content has been generated or manipulated by AI. However, for labels and disclosures around AI-generated or manipulated content to be truly effective, users also need the media literacy skills necessary to understand what these signals mean, recognize their limitations, and critically evaluate synthetic media online.

Looking ahead, the organization hopes that the compromises established in the second draft will not be removed or weakened in the final version. AI Transparency needs to work across the supply chain and in order for it to be feasible, which requires developers and deployers committed to promoting it and making sure trust in digital spaces is  not further eroded  by misleading synthetic media and disinformation. 

For the COP to be truly effective, it must adopt more robust and consistent standards. Key to this strengthening is the establishment of clearer rules on privacy that protect personal data by default, alongside mandatory system-level provenance data to ensure transparency. 

Furthermore, it should not create gaps for open-weight models, but rather implement layered marking requirements. To avoid user confusion, a coherent and consistent labeling approach is essential, supported by enhanced accountability mechanisms, public reporting, and a strong commitment to media literacy. Only through these comprehensive measures can we build a trustworthy and transparent information ecosystem for AI-generated and manipulated content.

 

Below is the technical breakdown of WITNESS’ submission: 

Working Group 1: Rules for marking and detection of AI generated and manipulated content applicable to providers of generative AI systems (Article 50(2) and (5) AI Act)

Privacy

The Code acknowledges privacy concerns in Sub-measures 1.1.2 and 1.1.3 but not in Sub-measure 1.1.1, which is the primary and most broadly applicable compliance pathway. We do not consider GDPR coverage sufficient here: what constitutes personal data in signed metadata is genuinely contested and will produce inconsistent practice across signatories without explicit guidance at the measure level. We propose that 1.1.1 be brought into alignment: metadata markings should not include personally identifiable information by default, any inclusion of user-related data should be limited to what is strictly necessary or affirmatively chosen by the user, and control over such data should rest with the relevant data controllers and rights-holders. We also propose explicit language in the provision on metadata retention permitting signatories to remove personal information from provenance records in two circumstances: where the data subject has requested redaction, or where the signatory has determined that retention of that specific personal information is not necessary for the purposes of the provenance record. This exception is strictly limited to personal information and does not extend to other provenance data.

Provenance chain integrity

Measure 1.3 makes the entire provenance chain optional, conflating system-level transparency with privacy risk in a way that sacrifices the first to address the second. We propose a clear distinction between system provenance data, meaning information about tools, models, operations, and sequence, which should be mandatory, and personal or contextual provenance data, meaning data linking back to individuals, original source files, or identifying circumstances, which should be protected by default. Signatories should be required to retain existing system provenance and add their own marking to the chain. This distinction will need to be defined in the relevant definitions section to be legally and technically operative.

Open-weight models

We urge the group not to remove the structural marking measure for open-weight models. Without it, the framework produces a structural gap no downstream obligation can close: individual and informal use of open weights carries no obligation at any point in the chain, and that stream includes motivated disinformation actors who face zero friction from this framework as currently designed. Feasibility concerns are real but addressable through a layered approach: base model releasers implement marking at training time, fine-tuners preserve existing marking where technically feasible, and hosting platforms ensure models distributed through their infrastructure retain or add appropriate marking. We consider this measure within legal scope and refer the group to existing analysis on that point.

Public reporting

Signatories operating under a voluntary code that confers a presumption of regulatory conformity bear a corresponding transparency obligation toward the public. We propose that summaries of compliance frameworks and testing and monitoring results be made publicly accessible, and that where full disclosure is not feasible, relevant documentation be made available upon request by any natural or legal person without requirement to demonstrate a specific interest, subject to protection of trade secrets and confidential commercial information. Equivalent redlines are proposed in both Measure 4.1 and Measure 4.2.

Working Group 2: Rules for labelling deepfakes and certain AI-generated and manipulated published text applicable to deployers of AI systems (Article 50(4) and (5) AI Act)

With regards to the second section of the Draft COP, we welcome and appreciate the changes made in order to bring the language closer to the AI Act, the addition of terms such as “Clear and user-friendly labelling” in terms of the COP direction and the stronger references in terms of accessibility and acknowledgements of vulnerable communities. 

Neutral icon with interactive provenance disclosure vs. categorical labelling with a defined inference schema

Although the second draft has shown a lot of positive improvements, the ICON continues to be a contested point. In light of the phased approach to labeling introduced in this latest draft, we highlight a couple of points below. But above all, WITNESS urges the co-chairs to preserve the interactiveness of the icon, as well as the need for more context around content flagged as ai-generated or manipulated. 

The current draft sits in an uncomfortable middle ground between two coherent approaches. Choosing one and committing to it fully is essential for consistency, enforceability, and accountability across the information ecosystem.

Option 1: Neutral icon with interactive provenance disclosure A single, neutral EU icon functions as an entry point to underlying provenance data. On interaction, it surfaces the machine-readable marking information produced by providers under Section 1, letting users understand how content was made without the system rendering a categorical verdict about whether it is AI-generated or AI-manipulated. Pros: Can be applied immediately and consistently. Requires no prior agreement on a classification schema. Less technically and politically contested. Cons: Place the burden of interpretation on the user. From a UX perspective, a clear upfront signal is likely more impactful than expecting users to dig into provenance details. Lower immediate legibility may reduce real-world disclosure value. Option 2: Categorical labelling with a defined inference schema Deployers display a label –AI-generated, AI-manipulated, or out of scope– derived from the marking information produced under Section 1. This requires a transition layer: a shared schema that answers the questions a deployer must resolve in practice. What qualifies as AI-generated? At what point does that become AI-manipulated? And at what point is content out of scope entirely? Without answers to these questions baked into the Code, categorical labelling cannot function consistently. Pros: Clear and immediately legible for end users. Higher potential for awareness and impact. Cons: Requires developing and maintaining a shared inference schema — a technically and normatively complex undertaking.

The second draft calls for categorical labelling while removing the taxonomy that would make such labelling coherent. This produces the worst of both worlds. Without a shared framework, each signatory will classify content according to its own interpretation of available signals. The same content could be labelled differently across platforms, generating confusion rather than transparency.

This inconsistency is compounded by the large volume of AI-generated and AI-assisted content that carries no markings at all. The result is a fragmented information environment: some content labelled as AI-generated in inconsistent ways, some labelled as AI-manipulated in inconsistent ways, and significant volumes of in-scope content left entirely unlabelled. This does not just create confusion — it creates a systematic bias in favor of labeled content, with implications for how audiences perceive and trust unlabeled material.

WITNESS urges the co-chairs to commit to one of the options above. Absent that commitment, the Code must at minimum prescribe an industry-wide solution to prevent inconsistent implementation. Any approach adopted must preserve the following:

• Need for more context around content flagged as ai-generated or manipulated content. 

• Possibilities for end users to interact with the icons adopted both at the EU level and the interim ones. 
• Interoperability of the labels and icons implemented in the interim of the development of the EU Common Icon. 

Disclosures of Artistic Work 

On creative work, we are happy with the discussion about non-intrusive placement in artistic works – However, since the second draft provides broader examples for non-digital contexts, such as art galleries or physical media, where disclosures can be provided at the point of entry or on tickets; we would just like to remind deployers that the solutions continue to be non-intrusive and perceivable by the users and audiences. 

Despite that, on the issue of the artistic work disclosure, we would like to reinforce the same comments submitted earlier: 

WITNESS previous work – such as the report launched in 2021, named “Just Joking: Deepfakes, Satire, and the politics of Synthetic media”; and an article published in 2023 – help highlight the importance of dealing with labels as an inherent part of the content. Added to that, we also recommend that the COP deals with this issue as more than an add-on functionality and set a minimum requirement for disclosures. Creative work should also not be exempted from the disclosures obligation, especially if the common EU Icon is more generic (i.e. the i for information), as this can enable compliance and enforceability that may not be achievable if exceptions for subjective understandings of satire and art are made. 

A label that feels clear and unmistakable in one setting may become far less noticeable or intuitive when the same content moves to short-form video apps, messaging channels, or platforms with different design norms. Added to that, the perceived obviousness of a content and/or disclosure can also be shaped by factors such as age, language, cultural expectations, and varying levels of media literacy of the target audience, as well as potential reshares and remixes of existing content. This emphasizes the need for multi-layered marking techniques to help protect satire/creative content on the visible or audible layer, and enable underlying disclosure. It is worth highlighting here again the need to ensure that these techniques, while required, do not infringe on privacy, but rather focus on non-personal provenance. 

Compliance and Accountability 

On the commitments related to Compliance measures, Awareness and Training, WITNESS would like to see stronger recommendations in terms of proper transparency mechanisms for deployers. 

On the point of awareness raising efforts, it seems the requirements were reduced in this version and we consider it an important point and part of the shared responsibility of both tiers of actors this guide directs itself to. With regards to accountability, we would like to request the reinstatement of stronger compliance mechanisms and improving public accountability. In this sense, we would like to recommend the addition of measures such as public access to data and improved reporting mechanisms that could enable broader civil society and Academia with the necessary information for them to perform oversight on the implementation of the measures emerging from the AI Act article 50 and this COP. 

Media Literacy 

With regards to the Media Literacy language,  we urge the Co-chairs to reintroduce some of the measures as part of an acknowledgement of the shared responsibility developers and deployers have towards end users. We believe that the COP could advance in mentioning some examples of training that should be taken into account by signatories, such as: Training on how to detect AI-generated and manipulated content, training  on how to implement the icons’ in content. Campaigns directed towards end users on how to access and understand the Icons and further labels in AI-generated or manipulated content.

Good capacity building measures is what will make the full implementation of the COP feasible and avoid having end-users being lost in the implementation moments, or not knowing how to identify the icon and disclosures provided. 

Ensuring that the icons, watermarks and disclosure methods are clearly understandable for users is key, along with providing appropriate guidance on its use and clarifying its limitations. In this sense, capacity building plays an essential role in this process, much like with any new icon. Strengthening media literacy as a core component of the COP will therefore be crucial to support effective adoption and understanding.