Article 50 transparency obligations apply from 2 August 2026. Any organisation using AI to reach EU audiences is in scope, regardless of where it is based.
01

What the Act is

The EU AI Act takes a risk-based approach. AI systems are classified into four tiers, with different obligations at each level.

Risk tier What it covers What it requires Relevance to tourism
Unacceptable risk AI used for social scoring, subliminal manipulation, real-time biometric surveillance in public spaces, emotion recognition in workplaces Prohibited outright. No exemptions. No standard tourism use case falls here. Emotion recognition tools for customer service might.
High risk (Annex III) AI in employment decisions — recruitment, performance management, task allocation. Also: public benefit systems, critical infrastructure, education Risk assessments, human oversight mechanisms, technical documentation, registration in a public database Applies to any tourism organisation using AI in hiring or HR performance tools. Higher compliance burden. Seek legal advice.
Transparency risk AI-generated or AI-manipulated content; AI systems that interact with people Disclose that content is AI-generated. Inform users at point of first interaction with an AI system. The primary tier for most tourism organisations. Applies to content marketing, chatbots, recommendation engines, visitor-facing AI tools. Enforceable from August 2026.
Minimal or no risk Most AI systems not captured by the above — spam filters, AI-enabled spreadsheets, search recommendations in limited contexts No specific obligations. Voluntary codes of conduct encouraged. Many internal productivity uses of AI fall here.
Scope. The Act applies to any organisation placing AI systems on the EU market or deploying AI professionally within the EU. This includes organisations headquartered outside Europe whose AI-assisted marketing reaches European audiences.
02

Where tourism organisations face exposure

The obligations that apply most widely to tourism organisations sit in the transparency risk tier. The assessment tool below covers these in detail. The areas of exposure are as follows.

August 2026 · Article 50

AI-generated and AI-manipulated content

Any image, video or audio that is artificially generated or manipulated must carry disclosure. AI-generated text published to inform the public on matters of public interest must be labelled.

  • AI-generated destination photography
  • AI-produced or AI-enhanced promotional video
  • AI-written editorial content for public audiences
  • AI-manipulated imagery in social media assets
Content Integrity Model Transparency Model
August 2026 · Article 50

Visitor-facing AI systems

Deployers of AI systems that interact with people must inform users at the point of first interaction that they are talking to an AI. The disclosure must be clear and distinguishable, not buried in documentation.

  • Destination chatbots and virtual assistants
  • AI-powered visitor information and booking tools
  • Recommendation engines with direct user interaction
  • AI concierge or planning tools
Content Integrity Model
August 2026 · Annex III

AI in staff recruitment and performance

AI used in hiring, candidate screening, performance evaluation or task allocation is classified as high risk. The compliance burden is substantially heavier than for the transparency tier. Legal advice should be obtained if this applies.

  • AI-assisted CV screening or candidate ranking
  • Automated performance evaluation software
  • AI systems that allocate tasks based on individual behaviour
Capability Model
Already in force · Article 4

AI literacy across the workforce

Organisations must ensure staff working with AI systems have adequate understanding of what those systems do and what the risks are. This obligation has applied since February 2025.

  • Structured assessment of AI capability and understanding
  • Documented approach to AI literacy development
  • Evidence of human oversight for AI-assisted decisions
Capability Model Maturity Model
03

Timeline of the Act

The Act applies in phases. Select any milestone for detail.

1 August 2024
Entry into force
Passed The EU AI Act enters into force
The Regulation was published in the Official Journal of the European Union and entered into force. The phased application timeline begins from this date. Most provisions do not yet apply — the Act is in force but not yet operative for most obligations.
2 February 2025
Prohibitions + literacy
Active Unacceptable risk practices prohibited. AI literacy obligations apply.
The banned practices under Article 5 became enforceable: social scoring, subliminal manipulation, emotion recognition in workplaces and certain biometric systems are prohibited. Article 4 AI literacy obligations also apply from this date — organisations must ensure staff working with AI have adequate understanding of what those systems do and what the risks are.
2 August 2025
GPAI models
Active General-purpose AI model obligations apply.
Obligations for providers of large general-purpose AI models — including frontier models like GPT-4, Claude, Gemini and equivalents — apply from this date. Tourism organisations using these models via API should satisfy themselves that their provider has met their obligations as a provider. GPAI providers are required to publish technical documentation and comply with copyright law regarding training data.
2 August 2026
Main application date
Approaching Transparency obligations, high-risk rules and enforcement with fines begin.
This is the primary compliance deadline for most tourism organisations. Article 50 transparency obligations become enforceable: AI-generated content must be labelled; users must be informed when they interact with an AI system. High-risk AI system obligations (Annex III), including those covering AI in employment decisions, also apply. Fines of up to €15 million or 3% of global annual turnover become enforceable from this date. The Digital Omnibus simplification proposal has introduced some adjustments for SMEs, but Article 50 transparency obligations are not affected by these simplifications.
2 August 2027
Regulated products
Future High-risk AI embedded in regulated products.
AI systems embedded in products governed by existing EU product safety legislation — medical devices, transport systems, aviation safety equipment — have a further extended transition period to 2 August 2027. Most tourism AI use cases are not affected by this extension. It is relevant to tourism organisations operating regulated transport services or medical wellness facilities where AI is embedded in regulated product categories.
04

How the DTTT framework addresses these obligations

The DTTT AI Framework is designed to align with the EU AI Act's transparency, literacy and governance requirements. The four Tier 1 disclosure models and three Tier 2 organisational instruments map directly to the Act's obligations for tourism organisations.

This page provides practical guidance for tourism organisations. It does not constitute legal advice. Organisations with exposure in the high-risk AI categories — particularly Annex III systems used in employment decisions — should seek specialist legal advice.
EU AI Act obligation
Disclose when content is AI-generated or AI-manipulated. Label AI-generated images, video and text published to inform the public. — Article 50(4)
Framework instrument
Transparency Model + Content Integrity Model
Grades AI involvement A through E. The Content Integrity Model classifies risk across intervention, consent and disclosure axes and produces a machine-readable three-part disclosure code.
EU AI Act obligation
Inform users when they are interacting with an AI system. Disclosure must be clear and distinguishable, not buried in documentation. — Article 50(1)
Framework instrument
Content Integrity Model
The disclosure axis of the Content Integrity Model maps directly to Article 50(1) requirements. The model produces a classification — Clear, Caution, High Risk or Not Recommended — applicable to visitor-facing AI systems.
EU AI Act obligation
Ensure staff working with AI have sufficient AI literacy. Document the approach. — Article 4
Framework instrument
AI Capability Model + AI Maturity Model
The Capability Model produces a structured profile across 16 named capabilities. The Maturity Model gives the organisational baseline. Both produce documented outputs that can serve as evidence of a structured literacy approach.
EU AI Act obligation
Maintain governance and oversight of AI use. Human review mechanisms required where AI informs decisions. — Article 26
Framework instrument
AI Transparency Model + AI Maturity Model
The Transparency Model provides the grading structure for individual deliverables. The Maturity Model's Strategic Vision dimension assesses governance readiness. Together they provide the documented governance infrastructure Article 26 requires.
05

EU AI Act readiness assessment

This assessment maps your organisation's current practices against the EU AI Act's key obligations for tourism organisations. It covers content and media, visitor-facing systems, employment AI, AI literacy and governance. It takes around ten minutes to complete and produces a prioritised action list with specific Article references.

This is a structured starting point, not a legal compliance audit. For high-risk AI category obligations, seek specialist legal advice.

Area 1 of 5 · Question 1 of 15

What best describes your organisation?

This shapes how your results are interpreted. The Act's obligations are the same for all organisations, but the practical implications vary by scale and structure.

Area 1 of 5 · Question 2 of 15

Does your marketing reach European audiences?

The EU AI Act applies to any organisation deploying AI in a professional context that reaches people in the EU, regardless of where your organisation is based.

Area 1 of 5 · Question 3 of 15

What is the primary format of your public-facing AI use?

Select the option that best describes your organisation's main current use of AI in public-facing contexts. You will answer more detailed questions about specific uses in the sections that follow.

Area 2 of 5 · Question 4 of 15

Does your organisation publish AI-generated or AI-manipulated images, video or audio?

Article 50(4): Deployers must disclose when image, audio or video content has been artificially generated or manipulated. This applies to any content distributed via any channel — website, social media, press distribution — from 2 August 2026.
Area 2 of 5 · Question 5 of 15

Does your organisation publish AI-generated text for public audiences — destination guides, editorial content, press material, social posts?

Article 50(4): Applies to AI-generated text published to inform the public on matters of public interest. Destination content describing places, conditions or travel experiences is likely in scope. The Act distinguishes between AI-generated text and text where a human has taken substantive editorial responsibility.
Area 2 of 5 · Question 6 of 15

Does your organisation use AI to create or significantly alter video or audio for public distribution — including promotional films, social video, podcast content or voiceovers?

Note on deepfakes: The Act requires explicit, prominent disclosure for deepfakes — realistic AI-generated or AI-manipulated video or audio of real people. Standard AI video editing or AI-generated synthetic voiceover for destination promotion also requires disclosure under Article 50(4), though the obligation is less prescriptive in form.
Area 3 of 5 · Question 7 of 15

Does your organisation deploy a chatbot or AI-powered virtual assistant that interacts directly with visitors or potential visitors?

Article 50(1): Deployers of AI systems intended to interact with natural persons must inform those persons that they are interacting with an AI system. This must happen at the point of first interaction, before the conversation begins, in a clear and distinguishable manner — not in terms of service or a footer note.
Area 3 of 5 · Question 8 of 15

Does your organisation use AI-powered recommendation engines that interact with visitors — suggesting experiences, itineraries, accommodation or activities?

Interaction vs personalisation: Not all personalisation constitutes an AI interaction system under Article 50(1). The obligation targets systems where there is a direct, dynamic interaction — the visitor submits a query or preference and the AI responds. Passive algorithmic personalisation (e.g. ranked search results) sits in a grey area; active recommendation dialogue is more clearly in scope.
Area 3 of 5 · Question 9 of 15

Does your organisation have a process for reviewing what visitor-facing AI systems produce before it reaches users — for accuracy, appropriateness and legal compliance?

Article 26 requires deployers of AI systems to implement human oversight. For visitor-facing tools, this means having a defined process for reviewing AI outputs, not just deploying the system and monitoring after the fact.

Area 4 of 5 · Question 10 of 15

Does your organisation use AI tools in any part of hiring, recruitment or candidate screening?

Annex III — high-risk classification: AI used to filter, score or rank candidates in a recruitment context is classified as high risk. As a deployer, you must implement a risk management system, maintain technical documentation, ensure human oversight of all decisions influenced by the AI and register the system in the EU public database. Even third-party recruitment tools you purchase bring you into scope as a deployer.
Area 4 of 5 · Question 11 of 15

Does your organisation use AI to monitor, evaluate or score employee performance — including productivity monitoring, sentiment analysis of staff communications, or AI-generated performance reports?

Annex III scope: AI used to evaluate or monitor employee performance, including AI that informs decisions about promotions, termination, task allocation or working conditions, is classified as high risk. This includes third-party workforce analytics tools with AI-generated scoring.
Area 5 of 5 · Question 12 of 15

Does your organisation have a structured approach to understanding where and how AI tools are being used across the team?

Article 4 — AI literacy: Organisations must take measures to ensure staff working with AI systems have adequate understanding of what those systems do, their capabilities and limitations, and the risks involved. The first step is knowing where AI is used. An unstructured approach does not provide an adequate basis for demonstrating compliance.
Area 5 of 5 · Question 13 of 15

Does your organisation have a structured approach to developing AI capability and literacy — not just ad-hoc training, but a planned programme of development?

Article 4 requires that organisations take measures to ensure adequate AI literacy. This goes beyond exposure to tools — it means understanding risks, limitations, and when to exercise independent judgement.

Area 5 of 5 · Question 14 of 15

Does your organisation have a documented AI governance position — a policy, framework or set of principles that guides how AI is used across the organisation?

A governance position needs to do more than exist on paper. It needs to define who is responsible for AI decisions, how human oversight is exercised in practice, and how compliance obligations are tracked.

Area 5 of 5 · Question 15 of 15

Has your organisation identified who is responsible for AI compliance decisions — including oversight of the Act's obligations — and do those people have adequate knowledge and authority?

The Act requires deployers to assign human oversight. It does not require a dedicated AI compliance officer, but it does require that someone is responsible, accountable and adequately informed.

EU AI Act readiness · Your results
Your readiness assessment
Based on your responses, here is where your organisation stands and what to address.
Reference code Save this to share your assessment profile
DTTT can help you go further. Whether you need structured support adopting the framework, facilitated team assessments, or a governance programme built around your organisation's specific profile, we work with destinations at every stage.
Run the toolkit