The EU AI Act for Belgian Website Owners: 2 August 2026

On 2 August 2026 the transparency rules of the AI Regulation kick in. Does your Belgian website have a chatbot, or do you use AI to write blog posts or create marketing images? This article explains what changes and what does not. The short answer: for most Belgian SMB sites almost nothing changes, and what does change is narrow.

The honest answer up front

For most Belgian SMB sites the AI Regulation imposes almost no new duties. The heavy obligations under Article 50 sit on the AI providers, so on OpenAI, Anthropic, Midjourney, Cursor and the rest. The narrow duties that do land on the operator (the "deployer") concern deepfakes and emotion recognition, things most Belgian SMBs do not use. This article shows when you do need to act and, more importantly, when not.

Want the broader picture of who pays when AI helped build your website? That is a separate topic.

What Article 50 actually requires

Article 50 of Regulation (EU) 2024/1689 has four paragraphs and each places the obligation on a different party.

Article 50(1): chatbots must say they are AI

Providers of AI systems that interact directly with natural persons must design them so users know they are dealing with an AI, unless that is obvious from the context to a reasonably well-informed average consumer.

• Who is responsible: the AI provider, not the using business.
• What this means for a Belgian SMB: in practice nothing if you use a mainstream chatbot. The provider builds the notice in. Your only check is whether the chatbot really announces itself as AI on first contact.
• Exception: if you built the chatbot yourself or substantially modified it, you become the provider for that chatbot and the duty falls on you.

Article 50(2): generative AI output must be machine-readable as artificial

Providers of generative AI systems must mark outputs as artificially generated in a machine-readable way, via watermarks or metadata.

• Who is responsible: the AI provider.
• What this means for a Belgian SMB: directly nothing. The watermark is the AI vendor's problem. If you publish a ChatGPT text or a Midjourney image, you do not have to add a cryptographic watermark yourself.
• One nuance: do not remove watermarks supplied by the vendor. That reads as bad faith.

Article 50(3): emotion recognition and biometric categorisation

Whoever deploys an emotion-recognition or biometric-categorisation system must inform the persons exposed to it.

• Who is responsible: the deployer, so you if you have such a system.
• What this means for a Belgian SMB: little, because almost no SMB uses this. Emotion recognition for HR analytics, sentiment cameras in shops, attention-tracking on web pages, those are the realistic cases. A Brussels bakery, restaurant or salon does not deploy them.
• GDPR layer: if such a system processes biometric or special-category data, Article 9 GDPR applies on top, and that is in practice usually the obligation that the GBA enforces.

Article 50(4): deepfakes and AI-generated public-interest content

Whoever uses AI to produce or edit deepfake content must disclose the artificial origin. A second sub-paragraph extends this to AI-generated text on matters of public interest.

• Who is responsible: the deployer, so you.
• What is a deepfake: Article 3(60) defines it narrowly. AI-generated or AI-edited images, audio or video that depict existing persons, objects, places, entities or events and that could appear authentic to a person. Generic AI marketing imagery without recognisable persons or real events is not covered.
• What this means for a Belgian SMB: narrow. An Antwerp real-estate agent who uses AI to render an actual property photorealistically is covered. A salon making abstract AI patterns for Instagram is not.
• The editorial exception: for AI text under Article 50(4) second sub-paragraph, there is no labelling duty if "the AI-generated content has undergone a process of human review or editorial control and a natural or legal person holds editorial responsibility for the publication". This is the most important exception for Belgian SMB blog content.

Three Belgian SMB scenarios

You put a chatbot on your Antwerp dentist practice site. Article 50(1) sits with the provider. As long as the bot announces itself as AI or that is obvious from context, you comply. Check the provider's documentation once and you are done.

You use ChatGPT to draft blog posts for your Ghent consultancy and edit them before publication. Article 50(4) text-labelling does not apply to you. The editorial exception catches, because you carried editorial responsibility. A "reviewed by" note or an internal record of the check is enough.

You are a Brussels real-estate agent using AI to stage empty rooms. Two paths. If the image renders the real room plausibly in a way a viewer would take as a photograph, it falls under Article 3(60) and must be labelled. If it is a concept image with no claim that it depicts the real room, you stay outside Article 50(4). The cautious choice is to label all virtually staged images.

When this article is not for you

Does your Belgian business use AI for hiring decisions, credit scoring, insurance underwriting, biometric identification, access to education or anything close to law enforcement? Then you sit in Annex III high-risk territory. Those obligations apply from 2 August 2027 and the GBA plus the other market-surveillance authorities operate a separate enforcement regime. A realistic SMB does not fall in this bucket. Speak to a specialist if you do recognise yourself in it.

Is your site purely informational, with no chatbot, no AI images of real persons or places and no AI-written content on matters of public interest? Then Article 50 barely touches you. The GDPR website audit for Belgian businesses, the GBA cookie rules and the EAA continue to apply on their own timeline.

Enforcement: GBA and BIPT

Belgium has designated the GBA (Gegevensbeschermingsautoriteit / Autorité de protection des données) as the national competent authority for the AI Act, with the BIPT (Belgian Institute for Postal Services and Telecommunications) as market-surveillance authority for AI systems placed on the market. Verify the current designation through the Commission's Article 70 register because Belgian designations have been amended more than once.

For a realistic Belgian SMB an Article 50 enforcement usually starts with a complaint about a concrete incident, for instance an unlabelled deepfake of an actual person or an emotion-recognition camera without notice. That triggers a warning or a corrective order before a fine comes into play. Article 99(6) directs member states to consider lower fines for SMBs and start-ups, and the GBA follows that line in its GDPR enforcement practice. The 15 million euros or 3% is the headline number, not what an Antwerp dentist pays for a missed deepfake label.

Effective dates: what applies when

• 2 February 2025: prohibited practices (Article 5) and AI literacy (Article 4) already in force.
• 2 August 2025: general-purpose AI model duties (Chapter V) and governance provisions (Chapter VII), penalties available from 2 August 2026.
• 2 August 2026: transparency obligations (Article 50), the bulk of the regulation across general-purpose AI, fines under Article 99.
• 2 August 2027: high-risk AI systems under Annex III, Article 6(1) classification regime.

What this does not change

The AI Act lands on top of existing rules. It replaces nothing. The GDPR continues to apply in full to every AI system that processes personal data on your Belgian site, and the EDPB Opinion 28/2024 on AI models of December 2024 is the authoritative guidance. The Belgian law of 13 June 2005 (Article 129) remains the cookie rule. The EAA remains in force. For the broader GDPR and EAA liability picture for AI-built Belgian sites, see the hub article in this cluster.

The Digital Omnibus and the shifting timeline

On 7 May 2026 Council and Parliament reached a provisional agreement on a Digital Omnibus for AI which, among other things, would give generative AI systems placed on the EU market before 2 August 2026 a transition window to 2 December 2026 to comply with Article 50(2). The core 2 August 2026 date for Article 50 itself does not change. The Product Liability Directive, which becomes applicable a few months later on 9 December 2026, is its own story (see our Product Liability Directive guide). Verify the status of the Digital Omnibus at the moment you act on this.

The Commission also published draft guidelines on Article 50 on 8 May 2026, with consultation closing 3 June 2026. The Code of Practice on AI-Generated Content is the voluntary industry counterpart. Neither is binding law. Both are authoritative interpretation.

Five checks on your site before 2 August 2026

1. Your chatbot, if you have one, announces itself as AI on first contact.
2. Every image on your site depicting a real person, place or event in a realistic way is labelled as AI-generated.
3. Every AI-drafted blog post has clear human editorial control.
4. Every emotion-recognition or biometric-categorisation system is disclosed to the persons exposed to it.
5. No copyright or portrait-rights issues in AI content on your site.

Our free compliance scan covers GDPR, cookies, accessibility and copyright. AI Act labelling checks are on the roadmap. The scan cannot yet measure whether your chatbot has the Article 50(1) disclosure, but it does measure whether the rest of your Belgian site is in order.

Frequently asked questions

Do I need to label every AI-written blog post on my Belgian site?

No. Article 50(4) carries an exception for human editorial control. If you read and approve the AI-drafted text as editor, the labelling duty falls away. The GBA and BIPT will not come knocking for manually edited blog posts.

Must I state on my site that my chatbot is an AI?

Article 50(1) places that duty on the chatbot's provider, not on you as the using business. Mainstream chatbot providers build the notice in. Your only task is to check that the provider actually does so.

What counts as a deepfake under the AI Act?

Article 3(60) defines it narrowly: AI-generated or AI-edited images, audio or video that depict existing persons, objects, places, entities or events and that could appear authentic to a person. Generic AI marketing imagery without real persons or events is not covered.

What fines can the GBA impose for an Article 50 breach?

Article 99 sets the maximum at EUR 15 million or 3% of worldwide annual turnover. Article 99(6) lets member states apply lower fines to SMBs and start-ups. The realistic exposure of a Belgian SMB sits far below these maxima.

Does this apply if I sell from Belgium to UK customers?

Yes. The AI Act applies to you as a Belgian operator, regardless of where your customers sit. The other way round: a UK operator selling to Belgian customers falls under Article 2's extraterritorial reach for that activity.

Further reading

Topics in this cluster that fit alongside:

• AI-built website and GBA complaint: who pays in Belgium. The hub article on GDPR, EAA and cookie responsibility for AI-built Belgian sites.
• AI-generated images on your Belgian website. Article 50(4) deepfake labels in practice.
• Product Liability Directive 2024/2853 in Belgium, applicable from 9 December 2026.
• AI-generated code and open-source licences. A different topic from Article 50 transparency, it covers GPL distribution and the Doe v. GitHub status.
• GDPR website audit for Belgian businesses. The enforcement context next to which the AI Act sits.

This article is technical analysis, not legal advice. The author is not your lawyer and is not the controller for your site. For a binding view, speak with one of those two.