Home / Answers / EU AI Act Article 50 evidence
EU AI Act · Article 50 · Evidence
How do I create verifiable evidence for an EU AI Act Article 50 audit?
What Article 50 actually asks for
Article 50 of the EU AI Act sets transparency obligations that take effect 2 August 2026. In practice they ask you to disclose and to be able to demonstrate that you disclosed:
- Art. 50(1) — AI systems that interact with people must tell users they are dealing with AI.
- Art. 50(2) — providers of systems that generate synthetic audio, image, video, or text must mark outputs as artificially generated in a machine-readable way.
- Art. 50(4) — deployers who generate or manipulate deepfakes, or AI text on matters of public interest, must disclose that it is AI-generated.
The obligation to disclose is only half the problem. The other half — the one auditors actually test — is proving you did, at the time, in the form you claim.
Why a self-written log isn't verifiable evidence
Most organizations' only record of AI disclosures is a log they wrote themselves. A self-written log can be edited after the fact, so it demonstrates little to a regulator: it asks the auditor to simply trust you. Verifiable evidence has three properties a log doesn't:
| Property | Self-written log | Tamper-evident receipt |
|---|---|---|
| Independently checkable | No — requires trusting you | Yes — anyone can verify |
| Tamper-evident | No — editable in place | Yes — any change is detectable |
| Timestamp you can't backdate | No — system clock | Yes — cryptographically anchored |
How to produce Article 50 evidence with LedgerProof
- Capture the event. At the moment your system makes a disclosure or marks synthetic media, record the disclosure text, the output's content hash, and the context.
- Fingerprint it. The SDK computes the SHA-256 fingerprint locally. The content itself never leaves your systems — hash-only, GDPR- and confidentiality-clean.
- Anchor it. Fingerprints are folded into daily RFC-9162 Merkle roots and anchored to the public chain via a public-ledger transaction.
- Verify it — anytime, by anyone. The receipt can be re-checked against the public chain using the open-source verifier, with no account and no dependency on LedgerProof continuing to exist.
Because the receipt format is an open IETF Internet-Draft implementing the SCITT architecture, the evidence you hold today keeps verifying even if any single vendor disappears.
Frequently asked questions
Does LedgerProof make me compliant with the EU AI Act?
No tool can. LedgerProof produces independently verifiable evidence that a disclosure or marking event existed, unaltered, at a specific time. Whether that satisfies Article 50 is a determination your auditor, regulator, or counsel makes — LedgerProof gives them evidence to work from, not a verdict.
Why isn't our internal audit log enough for Article 50?
A log your organization wrote itself can be edited after the fact, so it proves little to a third party. Verifiable evidence has to be independently checkable and tamper-evident: anyone can confirm the record existed in exactly that form at that time, without trusting you or any vendor. Anchoring the record's fingerprint to a public blockchain provides that property.
Does creating Article 50 evidence require sending my data anywhere?
No. LedgerProof is hash-only: it anchors the SHA-256 fingerprint of each event, not the event itself. The underlying content never leaves your systems, which keeps the approach GDPR- and confidentiality-clean.
When does Article 50 apply?
The EU AI Act's Article 50 transparency obligations apply from 2 August 2026. Producing verifiable evidence before then means your audit trail already exists when the obligation takes effect, rather than being reconstructed afterward.
Last updated 2 July 2026 · LedgerProof