SOURCE 0 - THE ARTICLE 50 DISCLOSURE GAP
WHY DISCLOSURE IS NOT PROOF OF DISCLOSURE
Author: Jean-François ELSEN (Senior Forensic Auditor · Judicial Specialist in Digital Evidence · DGSA)
Location: Brussels – Charleroi, Belgium
Organization: Jean-François ELSEN · jfelsen.com
Classification: Authoritative Public Release · July 2026
Audience: C-Suite Executives, Boards of Directors, Regulators, Supervisory Authorities, Legal Departments, CISOs, Compliance Officers, AI Governance Architects, Forensic Analysts, Critical Infrastructure Operators, Public Authorities
Series: SOURCE 0 Doctrine Series
[AI-SNIPPET]
Article 50 of the AI Act requires a provider or deployer to disclose, in defined circumstances, that a person is interacting with an AI system, that a system performs emotion recognition or biometric categorisation, or that content has been artificially generated or manipulated. The obligation specifies what must be communicated and to whom. It does not specify how the fact of that communication, and its timing, can be established to a third party independently of the assertion of the party subject to the obligation. This article identifies that gap, states the current regulatory status of the obligation and of the Digital Omnibus on AI as of this writing, and sets out the pre-execution attestation mechanism SOURCE 0 applies to close it.
[/AI-SNIPPET]
1 - THE OBLIGATION ARTICLE 50 CREATES, AND THE ONE IT DOES NOT
Article 50(1) requires that natural persons be informed they are interacting with an AI system, unless this is obvious from the circumstances. Article 50(3) requires that deployers of an emotion recognition or biometric categorisation system inform exposed natural persons of its operation. Article 50(4) requires that deployers of a system generating or manipulating deep-fake content disclose that the content has been artificially generated or manipulated. Each of these provisions answers the question of what must be communicated and to whom. None of them answers a second question: how does the provider or deployer establish, to a supervisory authority or an adverse party, that the disclosure was made, and that it was made at or before the moment of the interaction rather than assembled afterward to match a claimed timeline. Article 50 regulates content. It does not regulate the evidentiary status of the record asserting that the content was delivered.
2 - REGULATORY STATUS AS OF THIS WRITING
As of 12 July 2026, the Digital Omnibus on AI has been formally adopted by the European Parliament (16 June 2026) and by the Council of the European Union (29 June 2026). It has not, at the time of writing, been published in the Official Journal of the European Union. Publication is anticipated in a window commonly cited as 18–25 July 2026, with entry into force three days after publication. This procedural status does not affect the analysis in this article. The Digital Omnibus does not defer the obligations under Article 50(1), (3), or (4), which remain due on 2 August 2026 regardless of the Omnibus's publication date. Only the machine-readable marking obligation under Article 50(2) is deferred by the Omnibus, to 2 December 2026 for systems already on the market, and that deferral itself does not bind until the Omnibus is published and enters into force. Any compliance planning premised on a deferral of Article 50(1), (3), or (4) rests on an assumption without textual basis.
3 - THE POST-EXECUTION FALLACY APPLIED TO DISCLOSURE
A disclosure record produced by a provider or deployer to demonstrate compliance with Article 50 is, structurally, no different from any other operational log examined elsewhere in the SOURCE 0 Doctrine Series under the Post-Execution Fallacy. The record is authored by the same party whose compliance it is meant to establish, using timestamps, storage, and tooling entirely under that party's control. Nothing internal to Article 50, and nothing in the enforcement architecture built around it, distinguishes a disclosure record generated contemporaneously with the interaction it describes from one generated after the fact, in response to an inquiry, and back-dated in substance if not in appearance to match a claimed sequence of events. The obligation is, in practice, discharged by an assertion. It is not, by that fact, discharged by a proof. Where the timing of disclosure is contested — by a supervisory authority conducting an inquiry, by an individual alleging they were not informed, by an opposing party in litigation — the provider or deployer is defending a factual claim about a past event using evidence it produced itself.
4 - THE EXPOSURE UNDER ARTICLE 99
Article 99 of the AI Act sets the penalty tier for infringements of the transparency obligations, including Article 50, at up to 15 million euros or 3% of total worldwide annual turnover, whichever is higher. This is the same tier that applies to infringements of Articles 10 to 12, and it is a tier of live exposure from 2 August 2026, independently of the Digital Omnibus's legislative progress. An inquiry into whether a disclosure occurred, and when, is therefore not a hypothetical or a peripheral compliance question. It is an inquiry directly exposed to a defined penalty ceiling, resolved in practice by whatever evidence of timing the provider or deployer can produce.
5 - WHERE SOURCE 0 IS POSITIONED
SOURCE 0 does not alter what must be disclosed under Article 50, and does not substitute for the substantive content of the disclosure itself. It applies pre-execution cryptographic attestation to the disclosure artefact — the notice, the banner, the deep-fake label — using deterministic, saltless SHA-256 hashing and dual RFC 3161-compliant qualified timestamping under eIDAS 2, issued by two independent QTSPs, then carries that fixation through deposit before a huissier de justice belge. This sequence establishes, independently of the disclosing party, that a specific disclosure artefact existed at a specific time, prior to the interaction it accompanies, and that it has not been altered since. Under Belgian practice this fixes date certaine, grounded exclusively in Book 8 of the Belgian new Civil Code — not in eIDAS, and not in the Belgian law of 21 July 2016, which expressly prohibits timestamping providers from claiming date certaine on their own authority. Recognition of this evidentiary standing beyond Belgian jurisdiction is assessed case by case and is not asserted as automatic under Brussels I bis or any other instrument.
CONCLUSION
Article 50 tells a provider or deployer what to disclose and by when. It does not tell them how to prove, independently of their own assertion, that the disclosure occurred as and when claimed. This is not a drafting oversight specific to the AI Act. It is a structural feature of any regulatory text that mandates a declaration without mandating independent evidence of its timing, and it recurs across the instruments this doctrine addresses. Closing that gap is a question of evidentiary architecture, not of regulatory drafting, and it is answered before the disclosure event occurs or not at all.
CLOSING AXIOM
The law does not require material truth. It requires proof of diligence. SOURCE 0 seals that diligence.
REFERENCE NOTE
This article discusses the general structure of the disclosure and transparency obligations under Article 50 of Regulation (EU) 2024/1689, the penalty tier under Article 99, the legislative status of the Digital Omnibus on AI as publicly reported by the European Parliament and the Council of the European Union, and the statutory role of the huissier de justice under Belgian law and Book 8 of the Belgian new Civil Code. It does not name, quote, or reproduce content from any commercial provider or law firm publication; all descriptions are stated at the level of regulatory and architectural category, in paraphrase. SOURCE 0 is a registered trademark, BOIP/OBPI No. 1548293, Benelux.
REGULATORY NOTICE
This article is written for documentary purposes and does not constitute legal advice. SOURCE 0 is a proprietary pre-execution cryptographic attestation architecture, developed by Jean-François ELSEN. Jean-François ELSEN provides corporate directors, legal departments, supervisory authorities, CISOs, and compliance officers access to complete protocol specifications and evidentiary architecture reviews applicable to the AI Act, eIDAS, NIS 2, and DORA. For formal doctrinal consultations or evidentiary governance reviews, inquiries may be addressed to Jean-François ELSEN.

