It’s no longer just about images: from August 2, 2025, every sentence, paragraph, or document generated by an AI system must carry a machine-detectable, cryptographically signed fingerprint. The EU AI Act tightens the rules on synthetic content traceability, and this time text is in the crosshairs. A simple “AI Generated” label will not suffice: the regulation demands two effective, interoperable, and robust technical layers, one of which must be woven directly into the statistical fabric of the output — an invisible watermark akin to the dots laser printers leave on paper.

For model developers and distributors, compliance becomes an operational prerequisite overnight. Fines reach up to €35 million or a percentage of annual turnover (whichever is higher) and apply to any provider of AI tools “reachable” by an EU citizen, regardless of server location. The norm makes no distinction between cloud and local execution: whether it’s ChatGPT or an instance of llama.cpp running on a laptop in Kuala Lumpur, if the output can be seen by an EU user, the obligation kicks in.

The double layer of textual watermarking

The AI Act does not ask for a superficial flag. The text itself must become “machine-detectable” through a combination of statistical techniques and, where feasible, cryptographic signing of metadata (C2PA-like standards are mentioned). The architecture is dual-layer: an internal marking that alters the probability distribution imperceptibly but verifiably, and a signed external wrapper that travels with the file. “Robustness” is the operative word: the watermark must survive basic manipulation, cropping, or format conversion.

Here lies the first technical conundrum. Large language models are probability machines; inserting a deterministic statistical pattern without degrading output quality is a balancing act. Lighter systems — the legislation mentions “very simple OSS models” as potentially exempt — might manage the impact. But models classified as “systemic risk,” identified by authorities or through computational power and capability benchmarks, receive no such leniency. Names like Qwen 3.6, DeepSeek Flash, GLM, or Kimi would fall under scrutiny, along with any project that integrates or exposes them.

The on-premise dilemma: sovereignty vs. invisible constraints

For those who opted for on-premise deployment precisely to retain data control, the news is bitter. The watermarking mandate affects not only cloud giants but tools like Ollama, LM Studio, vLLM, llama.cpp, Stable Diffusion Web UI, platforms like Hugging Face, and any API server reachable from a European IP address or by a tourist using a VPN. Compliance becomes a software architecture issue: inference libraries will need to embed watermarking modules, and every model update potentially triggers a fresh conformity assessment.

The penalty framework discourages loose interpretations. The regulation also offers a voluntary code of conduct, but ignoring it raises the risk profile. Furthermore, a distributor who claims “my model is not systemic risk” takes on legal liability: if the EU classifies it differently, the bill ends up in court. For startups and open-source projects, the line between agile development and legal exposure becomes razor-thin.

More than a banner: the dawn of pervasive AI labeling

The cookie banner metaphor is apt, but multiplied. Today every website warns about cookies; tomorrow every piece of AI-generated web content — text, images, video, voiceovers — may need to declare its synthetic nature. This is not regulatory scifi: the Commission estimates that within a few years the vast majority of online content will be AI-produced or -edited. The AI Act pushes toward an ecosystem where transparency is part of the signal, not an after-the-fact label. That changes the TCO calculation for inference infrastructure: compliance is no longer an accessory cost but an operational line item that impacts pipelines, serving frameworks, and update cycles.

In this landscape, those evaluating on-premise deployments for data sovereignty must now weigh a new flavor of total cost of ownership — that of continuous output certification. AI-RADAR tracks the evolution of technical solutions and frameworks that could automate watermarking, but the path is uphill. The regulation is clear: from August 2, producing text with AI means delivering every token to a recognition system that makes no exceptions for those who, even indirectly, serve the European market.