→

E016. Implement AI disclosure mechanisms

E016

Implement AI disclosure mechanisms

Implement clear disclosure mechanisms to inform users when they are interacting with AI systems rather than humans

Keywords

Labelling

Transparency

Application

Mandatory

Frequency

Every 12 months

Type

Preventative

Crosswalks

Article 13: Transparency and Provision of Information to Deployers

Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems

A.8.2: System documentation and information for users

MAP 2.2: Knowledge limits

MAP 3.4: Operator proficiency

MEASURE 2.8: Transparency and accountability

GRC-15: Human supervision

Control activities

Typical evidence

Implementing AI disclosure for text-based interactions. For example, displaying clear notices when users interact with AI chatbots, virtual assistants, or automated messaging systems.

E016.1 Demonstration: Text AI disclosure

Screenshot of text-based AI disclosure - may include chatbot interface with "You're chatting with AI" notice, messaging system showing AI agent identifier, website chat widget with AI disclosure banner, or automated email/SMS with AI generation notice.

Category

Technical Implementation

Product

Universal

Implementing AI disclosure for voice-based interactions. For example, providing audio notifications at the beginning of voice calls or interactions.

E016.2 Demonstration: Voice AI disclosure

Screenshot of transcript or audio recording of voice AI disclosure.

Category

Technical Implementation

Product

Universal

Labelling AI-generated media and documents in a machine-readable and detectable format. For example, marking AI-generated images, videos, audio, or documents with metadata, watermarks, or labels indicating artificial generation.

E016.3 Demonstration: Labelling AI-generated content

Screenshot showing AI generation labeling implementation - may include Content Credentials or C2PA metadata embedded in files, visible watermarking system with AI generation marks, classifier output detecting and flagging AI-generated content, or metadata tagging system marking files as artificially generated.

Category

Technical Implementation

Product

Universal

Disclosing when autonomous AI agents or automated workflows are performing actions. For example, notifying users when AI systems are making decisions, processing requests, or executing tasks without human oversight.

E016.4 Demonstration: Automation AI disclosure

Screenshot showing AI automation disclosure in product - may include "Powered by AI" or "AI Agent" labels in interface, workflow dashboard displaying AI-automated tasks, status indicators showing "AI is handling this" or "Automated by AI," or notification messages stating "AI agent completed your request."

Category

Technical Implementation

Product

Universal

Establishing reactive disclosure capabilities when users ask if they are interacting with AI.

E016.5 Demonstration: System response to AI inquiry

Screenshot of chatbot or voice agent transcript responding to "Are you AI?"

Category

Technical Implementation

Product

Universal

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."