EU finalizes AI Act oversight and labeling code
The EU has crowned its AI watchdogs and released a labeling code. The June milestone marks progress after months of delays as regulators assemble the governance spine for the AI Act, including the concrete steps needed to enforce transparency and content provenance.
In June, the European Commission announced the constitution of two key oversight bodies: the Scientific Panel, which has 60 members, and the Advisory Forum, with 172 members. The Scientific Panel is designed to act independently in the oversight of General-Purpose AI models, while the Advisory Forum provides bipartisan, commercially balanced advice to the Commission and the AI Board. Together, they map the EU’s approach to governance for high-stakes AI while the Commission progresses toward enforcement-ready mechanisms.
At the same time, the Commission published the final Code of Practice on marking and labeling AI-generated content, operationalizing the Act’s transparency requirements. The Code has two sections: one for providers of generative AI systems, detailing how to mark and detect AI-generated or manipulated content; the other for deployers who publish AI-generated or AI-altered text. The Code explicitly divides measures into mandatory requirements, voluntary but recommended practices, and purely voluntary improvements, creating a clear tiered compliance ladder for industry players.
OpenAI became the first major actor publicly to commit to signing the Code, signaling a real-world rollout of EU transparency norms among leading platforms. The Commission also released Europe’s long-awaited tech sovereignty strategy in tandem with the AI governance steps, underscoring the bloc’s intention to steward AI development within European boundaries and standards rather than relying solely on external suppliers.
For compliance officers and tech leaders, the June milestones illuminate the practical path from policy to product. The AI Act’s oversight framework is not just conceptual: it is designed to actively monitor GPAI and other high-risk models under a formalized governance regime. The Code’s emphasis on marking and labeling will require product and engineering teams to embed attribution signals, provenance data, and auditable generation logs into the lifecycle of AI systems. In effect, developers will need to pair model capabilities with governance controls to meet the mandatory baseline and be ready for audits or inspections tied to enforcement.
Two practical implications stand out. First, the mandatory portion of the Code sets a concrete baseline that organizations must implement now, while the voluntary elements offer a richer posture for those seeking to demonstrate stronger governance as the regulatory environment matures. Second, the Provider-Deployers split means cross-functional coordination becomes essential: privacy, security, legal, and product teams must collaborate to ensure end-to-end compliance, from selecting GPAI models to presenting user-facing indicators of AI authorship.
Looking ahead, industry watchers will monitor how the AI Act oversight regime translates into enforceable action. The dual structure of the Scientific Panel and Advisory Forum hints at a layered approach to governance, potentially underpinning audits, compliance checks, and penalties tied to the mandatory measures in the Code. Europe’s tech sovereignty strategy adds another variable: a push to balance robust standards with regional competitiveness, encouraging domestic AI capability while requiring strict governance. If more major players sign onto the Code and align their products accordingly, compliance programs across platforms will need to mature quickly, or risk misalignment with EU expectations.
- CDT Europe’s AI Bulletin: June 2026CDT Insights / Mainstream / Published JUN 30, 2026 / Accessed JUL 01, 2026