PowerQuantEUSend your AI questionnaire

Media, publishing, broadcast and advertising companies today deploy AI on several fronts at once: tools for recruitment and staffing, generative systems for text and images, and services that create or manipulate editorial and commercial content. The EU AI Act treats these uses differently, and for the media sector two tracks are especially relevant. One concerns recruitment AI that is classified as high-risk. The other concerns transparency for AI-generated and manipulated content — the media sector's particular headline issue. This page explains both and what they mean for you as a deployer of AI.

Your role: provider or deployer

Most media companies are deployers — you use AI systems that someone else has developed. A provider is the party that develops the system, or has it developed, and places it on the market under its own name.

The distinction determines which obligations apply. An important pitfall is found in Article 25: if a deployer puts its own name on a high-risk system, substantially modifies it, or uses it for a purpose other than intended, the deployer may be reclassified as a provider and thereby become subject to the provider's full obligations. Building on or fine-tuning a generative tool can therefore shift responsibility.

Recruitment AI is high-risk

Under Annex III point 4, AI systems for employment, workforce management and access to self-employment are high-risk. This covers tools for advertising vacancies, filtering applications, evaluating candidates and making decisions on hiring or promotion. If you use such systems in your HR function, you are a deployer of high-risk AI, regardless of the fact that you operate in the media sector.

Classification as high-risk is what triggers the deployer's obligations under Article 26, and in certain cases a fundamental rights impact assessment (FRIA) under Article 27.

Transparency under Article 50 (media's headline issue)

For the media sector, Article 50 is often the most immediate issue. It sets transparency requirements for AI-generated and manipulated content. Natural persons who interact with an AI system must be informed of it. Synthetic content — text, images, audio and video created or manipulated by AI — must be marked in machine-readable format. Deepfakes and AI-generated journalism or advertising are covered: it must be made clear that the content is artificial or manipulated.

Unlike recruitment AI, this track rarely concerns high-risk classification. Content AI is most often caught by Article 50's transparency requirements rather than by the high-risk regime. For a media company that both recruits with AI and produces content with AI, two regulatory tracks therefore run in parallel.

Deployer obligations (Article 26)

If you use a high-risk system, for example recruitment AI, Article 26 requires, among other things, that you:

  • use the system in accordance with the provider's instructions for use
  • ensure human oversight by persons with the appropriate competence
  • verify that the input data is relevant and sufficiently representative
  • monitor operation and report serious incidents and risks
  • retain the logs that the system generates automatically
  • inform affected workers and their representatives before the system is put into use

In addition, Article 4 requires staff to have sufficient AI literacy, and for high-risk systems within employment a FRIA under Article 27 may be needed.

Timeline

  • 2 February 2025: Article 4 (AI literacy) and Article 5 (prohibited practices) have applied since this date.
  • 2 August 2026: Article 50 (transparency) as well as deployer obligations linked to Annex III high-risk apply from this date.
  • 2 December 2027 (proposal, not in force): The Digital Omnibus proposes to postpone the Annex III obligations until this date. The proposal was approved by the European Parliament on 16 June 2026, but the Council awaits publication in the EU's Official Journal (OJ) and it is not yet in force. Plan on the basis of 2 August 2026 until decided otherwise.

Penalties

Article 99 sets caps for administrative fines:

  • Infringement of Article 5 (prohibited practices): up to EUR 35 million or 7 % of global annual turnover.
  • Infringement of, among others, Article 50 and high-risk obligations: up to EUR 15 million or 3 %.
  • Incorrect or misleading information to authorities: up to EUR 7.5 million or 1 %.

Ahead of procurement

  • Map which AI systems you deploy and determine whether any is high-risk under Annex III point 4.
  • Establish your role for each system and assess whether Article 25 could reclassify you as a provider.
  • Request the instructions for use and technical documentation from the provider ahead of contract.
  • Clarify how Article 50 marking of synthetic content should be handled in your workflows.
  • Establish human oversight, log retention and incident reporting for high-risk systems.
  • Ensure AI literacy among affected staff under Article 4.

PowerQuant is delivered as documentation support: Module 1 (AI inventory + Article 4 register) and Module 2 (Provider documentation package). Prices are indicative.

This page is general information about the AI Act and does not constitute legal advice.