What to Tell Customers When Your Website Uses an AI Chatbot

AI Policy and Governance · AI Readiness Scan

What to Tell Customers When Your Website Uses an AI Chatbot

EU AI Act Article 50 requires Irish businesses to tell customers when they are talking to an AI chatbot on their website. Here is what to say and when.

Eileen Weadick, PhD

Founder, Clear Gate Systems • 27 Jun 2026 • 9 min read

What to Tell Customers When Your Website Uses an AI Chatbot

If your website uses an AI chatbot to interact with customers, you need to tell them they are talking to a machine before or at the very start of the conversation. EU AI Act Article 50 makes this a legal requirement from 2 August 2026, and the obligation was not changed by the Digital Omnibus.

If your website has a chat widget powered by AI, or you are planning to add one, this is the deadline that applies to you right now. The high-risk AI compliance deadline was moved to December 2027 by the Digital Omnibus. The chatbot disclosure obligation under Article 50(1) was not moved. The two are separate obligations on two different timelines, and many Irish business owners are not aware of the distinction. For a full picture of which August 2026 EU AI Act deadlines apply to your business, that article sets it out in full.

If your business uses a chatbot or AI assistant to talk to customers, read on for the plain-English version of what Article 50 requires and the three steps to check you are ready.


What does EU AI Act Article 50 actually require you to do?

Article 50 of Regulation (EU) 2024/1689 requires that AI systems designed to interact with people must be built so that those people know they are talking to an AI. [1] The exact wording of Article 50(1) is: "Providers shall ensure that AI systems intended to interact directly with natural persons are designed and developed in such a way that the natural persons concerned are informed that they are interacting with an AI system."

Article 50(5) adds the timing requirement: the information must be provided "in a clear and distinguishable manner at the latest at the time of the first interaction or exposure." [1]

In plain terms: before or as soon as a customer types their first message, they need to know they are talking to a machine. A chat window that opens with "Hi, how can I help you today?" with no indication that the system is AI does not meet this standard. A statement buried in your terms and conditions does not meet it either. The disclosure has to be in the interaction itself, visible and unambiguous.

The European Commission published draft guidelines on 8 May 2026 to help providers and deployers understand how to apply these rules in practice. [2] Those guidelines are non-binding at the time of writing, but they confirm the same core point: the disclosure must be perceivable in the interaction itself, not accessible only via a policy document or metadata.

In summary

Article 50 of the EU AI Act requires customers to be informed they are talking to an AI before or at the very start of the conversation. A statement in your terms and conditions does not satisfy this obligation.

Does this obligation fall on you or on your chatbot provider?

The literal text of Article 50(1) places the obligation on "providers," meaning the company that builds and develops the AI system. For most Irish SMEs, that means the chatbot platform company (Intercom, Tidio, HubSpot, Freshchat, or similar) is technically the responsible party for designing the disclosure into the system.

In practice, the distinction matters less than it might appear, for two reasons.

First, if you use a third-party platform and that platform has not built an AI disclosure into its product, or has built one that you have disabled or hidden through your configuration, the practical consequence is that your customers are not being told they are talking to AI. That is the outcome Article 50 is designed to prevent, and the question of who holds formal legal responsibility will be resolved by how the system was set up and by whom.

Second, if you have built your own customer-facing AI system using an API from OpenAI, Anthropic, Google, or another provider, even something as straightforward as a custom chat assistant built on the ChatGPT API, then you are the provider. The obligation falls on you directly.

The EU Commission's draft guidelines clarify that the deployer is "the legal person under whose authority the system is used" and that the allocation of responsibility between provider and deployer depends on how the system was developed and configured. [2] In practical terms, the question for any Irish SME is not "who is technically responsible?" but rather: do my customers know they are talking to AI?

If the answer to that second question is no, the first question becomes much more important.

In summary

Whether the legal obligation falls on your chatbot platform or on you depends on how the system was built. Either way, the practical question is the same: do your customers know they are talking to AI?

What does a compliant AI disclosure look like in practice?

The EU AI Act does not mandate specific wording. What it requires is that the disclosure be clear and distinguishable and appear at or before the first interaction. The EU Commission's draft guidelines confirm that the standard to meet is that of a reasonably well-informed, observant and circumspect person, and that where the audience includes children, elderly people, or people with disabilities, the threshold is applied even more carefully. [2]

In practical terms, a compliant disclosure for a customer-facing chatbot typically looks like one or both of the following.

A label on the chat widget itself: a small badge or tag visible before the customer opens the chat window, such as "Powered by AI" or "AI Assistant." This is visible without any interaction required.

A first message from the system that identifies itself: something like "I am an AI assistant. I can help you with general queries about our products and services. For more complex issues, I can connect you to a member of our team." This is the clearest approach because it is impossible to miss.

The strongest approach combines both: a label on the widget and a disclosure in the first message. For most small businesses, configuring the first message is the simplest place to start. Most chatbot platforms allow you to set a custom welcome message, and that is where the disclosure should appear.

What does not work: a privacy policy reference, a mention in your terms and conditions, a metadata watermark with no visible text, or a vague reference to an "assistant" without the word "AI" or "automated system." The disclosure has to be intelligible to an ordinary person encountering it for the first time.

In summary

A compliant disclosure appears in the conversation itself. A label on the widget or a first message that identifies the system as AI both work. A reference buried in your privacy policy does not.

What counts as "obvious" and what does not

Article 50(1) includes an exception: the disclosure obligation does not apply if it is "obvious from the point of view of a natural person who is reasonably well-informed, observant and circumspect, taking into account the circumstances and the context of use." [1]

This exception is narrower than it might appear, and the draft guidelines confirm it.

A chatbot with a human name, for example "Hi, I'm Sarah from [Company]," does not qualify for the exception, even if the interaction is brief and transactional.

A chatbot with a human avatar or a photograph of a person does not qualify.

A chatbot that uses natural, flowing conversational language does not automatically qualify. The fact that many people now know AI tools exist does not make every AI interaction "obvious" in the legal sense.

The exception is most likely to apply in contexts where the nature of the interaction makes AI involvement self-evident: a voice system that a caller explicitly chooses by pressing a number on a telephone menu labelled "automated assistant," or a coding tool that is sold specifically as an AI product and used by technically sophisticated users. For a standard customer service chatbot on a business website, the exception almost certainly does not apply.

The practical implication is this: if your chatbot could, to any ordinary customer, be mistaken for a human customer service agent, you should disclose. The cost of adding a disclosure is a few minutes of configuration. The cost of getting this wrong is significant.

In summary

The "obvious" exception in Article 50 is narrow. A chatbot with a human name or avatar does not qualify. When in doubt, disclose.

Three steps to verify Article 50 compliance before 2 August 2026

This is the practical work. Set aside an hour and work through these three steps before the deadline.

Step 1: Identify every AI system that interacts with customers on your website or by phone.

Check your website, your booking system, your customer portal, and any automated phone system you operate. Note whether each one uses AI, and be clear about what "AI" means here. A rule-based decision tree ("press 1 for sales, press 2 for support") is not an AI system in this context. A system that generates responses based on an underlying language model is.

If you are unsure whether a tool uses AI, check the vendor's documentation or ask your provider directly. This is the step that most businesses skip, and it is the most important one. A thorough AI readiness assessment will surface every AI tool in use across your business, including tools that staff have introduced informally.

Step 2: Check that each AI system displays a clear disclosure before or at the start of the conversation.

For each tool you identify, open it as a customer would. Go to your website and open the chat widget. Call your customer phone line. Walk through the first moment of interaction. Is it immediately clear that you are talking to an AI? Before you type or say anything, does the system identify itself?

If it does not, go into the platform settings and configure a welcome message or widget label that makes this clear. If the platform does not support this, raise it with your vendor. Under Article 50, the provider is responsible for building in the disclosure capability. If your platform cannot or will not provide this, you have a vendor problem as well as a compliance problem.

Step 3: Test it as a customer would.

Open a private or incognito browser window and interact with your own chatbot. Ask it a question. Watch what happens. Does the disclosure appear before your first message, or only after you have already begun a conversation? Is it visible, or hidden behind a small icon that requires a click to find?

The test should be done by someone who is not already familiar with the system, ideally a team member who did not configure it. What looks obvious to the person who set it up may not be obvious to a first-time customer.

If you have recently changed chatbot platforms or updated your website, repeat this test. Configuration sometimes resets to a previous state after updates.

In summary

Three steps: identify every AI tool that talks to your customers, check that each one discloses its AI nature before or at the start of the conversation, then test it as a new customer would.

Does this change if you are planning to add a chatbot rather than already using one?

Not substantially. If you are in the process of choosing a chatbot platform, Article 50 compliance should be on your checklist as a minimum requirement. Any platform you consider should offer either a configurable welcome message, a widget label, or both. Ask the vendor directly: how does the system inform customers they are talking to AI? What does the default first message say?

If you are introducing AI into your business more broadly and considering AI-powered customer interaction tools, now is the right time to build compliance into the process rather than retrofitting it later. The disclosure requirement costs nothing to implement on any reputable platform. The question is whether you have explicitly configured it.

One practical note on GDPR: Article 50 disclosure and GDPR transparency are separate obligations. If your chatbot collects any personal information including a name, email address, or the content of conversations, GDPR Articles 13 and 14 require you to tell customers how that data is used, who processes it, and their rights. In Ireland, the Data Protection Commission (DPC) is the supervisory authority for GDPR compliance. You can learn more about the data handling considerations in our guide to EU data residency and AI tools. Article 50 and GDPR are not the same obligation and both must be met.

For businesses thinking more broadly about governance across all the AI tools they use and not just customer-facing chatbots, our guide to AI agent governance covers the wider picture.

In summary

If you are choosing a chatbot platform, make Article 50 disclosure a minimum requirement. Ask vendors how their system informs customers they are talking to AI before you sign up.

If you are not certain which AI tools in your business interact with customers, an AI Readiness Scan is the fastest way to find out, and to identify any compliance gaps before August.

This article is for informational purposes only and does not constitute legal advice.

FAQ

People also ask

Does EU AI Act Article 50 apply to small businesses in Ireland?
Yes. Article 50 applies to all businesses deploying AI systems that interact with customers in the EU, regardless of business size. There is no SME exemption for this obligation. The deadline is 2 August 2026, and it was not changed by the Digital Omnibus.
What words do I need to use to comply with Article 50?
The EU AI Act does not specify exact wording. The requirement is that the disclosure be clear and distinguishable and provided before or at the time of first interaction. A practical example: 'I am an AI assistant. For complex issues I can connect you to a member of our team.' The important point is that it appears at the start, is visible, and leaves no doubt that the user is talking to a machine.
Did the EU AI Act Omnibus delay the chatbot disclosure requirement?
No. The Digital Omnibus, adopted in June 2026, moved the machine-readable watermarking obligation under Article 50(2) to 2 December 2026. It did not change the chatbot disclosure obligation under Article 50(1). That obligation remains active from 2 August 2026.
Does my chatbot need an AI disclosure if it already sounds automated?
In most cases, yes. The 'obvious' exception in Article 50 is tested against a reasonably well-informed, observant and circumspect person. A chatbot with a human name, a human avatar, or polished conversational language does not automatically qualify as obviously AI. If there is any doubt, the safe approach is to disclose.
What is the penalty for not disclosing that a chatbot is AI?
Under Article 99 of the EU AI Act, failure to comply with Article 50 obligations can attract fines of up to 15 million euro, or 3 percent of total worldwide annual turnover, whichever is higher.
Does my chatbot privacy policy count as an AI disclosure under Article 50?
No. A disclosure buried in a privacy policy or terms and conditions does not satisfy Article 50. The information must be provided in the interaction itself, in a clear and distinguishable manner, at the time of or before the first message, as required by Article 50(5) of Regulation (EU) 2024/1689.

Clear Gate Systems provides technical governance architecture. This article is for informational purposes only and does not constitute legal advice. Clients requiring legal interpretation of the EU AI Act or other regulation should engage a qualified legal practitioner.