defoneos.mod/ai-act-art-50-watermarking-pack · csoai.org · ship-grade · tick 102

EU AI Act Article 50 — Watermarking Pack

The single pack DEFONEOS submits to demonstrate Article 50 (Transparency obligations for providers and deployers of certain AI systems) compliance, deadline 2026-08-02. Covers: machine-readable watermarking (C2PA v2.2-style) + user-visible AI-generated labelling + robustness tests against removal + 5 named cross-walks (C2PA · NIST AI 100-4 · ISO/IEC 23894 · Google SynthID · Microsoft Azure Content Authenticity).
Compliance deadline2026-08-02 (EU AI Act Art-50 transparency obligations)
Watermarking methods2 (machine-readable C2PA-style + user-visible label)
Robustness test classes5 (compression · crop · re-encoding · adversarial removal · paraphrasing)
Cross-walked standards5 (C2PA v2.2 · NIST AI 100-4 · ISO/IEC 23894 · SynthID · Azure Content Authenticity)
Detection SLA<100ms per artefact via defoneos.verify.watermark({artefact_id})
Label format"AI-generated by [DEFONEOS model] · [timestamp] · [build_sha256]"
Removal resistance target≥95% watermark survives 5-class robustness test battery

1 · Why this pack exists

EU AI Act Article 50 (Transparency obligations for providers and deployers of certain AI systems) requires that:

  1. Providers of GPAI systems (general-purpose AI, including foundation models) ensure technical solutions allow marking of AI-generated output (machine-readable + detectable).
  2. Deployers of AI systems that generate or manipulate image / audio / video / text content disclose AI generation to natural persons.
  3. The marking is effective, interoperable, robust, and reliable as far as technically feasible, taking into account specificities and limitations of the content type and implementation cost.

Article 50 enters into force 2026-08-02. From that date, any GPAI provider placing models on the EU market must comply. DEFONEOS's sovereign weight family (SOV3-small, SOV3-large, Liquid-KAN-MoE, Sovereign-Defence-secured) are all in scope when deployed to EU buyers.

2 · The 2 watermarking methods (machine-readable + user-visible)

Method 1 · Machine-readable (C2PA-style)

Every DEFONEOS output (text / image / audio / video) carries an embedded machine-readable manifest signed by the model's Ed25519 SIGIL key. The manifest contains:

{
  "manifest_id": "WATERMARK-2026-08-02-abc123",
  "version": "1.0",
  "issuer": "defoneos-sovereign-runtime",
  "model_id": "sov3-small-9b",
  "model_version": "v0.95.1",
  "build_sha256": "abc123...",
  "content_type": "text | image | audio | video",
  "content_sha256": "...",
  "created_at": "2026-08-02T...",
  "c2pa_claim_generator": "DEFONEOS-WATERMARK-v1",
  "c2pa_assertions": [
    {"label": "c2pa.ai_generative_training", "value": "trained_with_synthetic_data_consent"},
    {"label": "c2pa.ai_generative_inference", "value": "generated_by_defoneos_sovereign_runtime"},
    {"label": "defoneos.bft_council_vote", "value": "BFT-1247-28-5-0"},
    {"label": "defoneos.sigil_chain", "value": "..."}
  ],
  "ed25519_sig": "...",
  "public_verify_url": "csoai.org/verify/watermark/{manifest_id}"
}

Method 2 · User-visible label

Every DEFONEOS output also carries a user-visible label, format:

"[AI-generated by {model_name} · {timestamp} · {build_sha256}]"

For text: prepended to the response. For images: stamped in the bottom-right corner (24px height, semi-transparent, monospace). For audio: TTS-synthesised announcement at start ("This audio was generated by ..."). For video: 3-second title card at start + persistent watermark overlay.

3 · The 5 robustness test classes

DEFONEOS's watermark is tested against 5 robustness classes. Target: ≥95% watermark survives each class (composite target across all 5).

ClassTestTarget survival rate
1. CompressionJPEG Q=10 · WebP Q=10 · MP3 64kbps · H.264 CRF 30≥95%
2. Crop25% · 50% · 75% crop + recentre≥95%
3. Re-encodingPNG ↔ JPG ↔ WebP ↔ BMP ↔ TIFF (3 rounds)≥95%
4. Adversarial removalKnown-removal attacks (SmoothDiff · Fawkes · Glaze · Mist · Photoguard)≥80% (acceptable to be lower for adversarial)
5. Paraphrasing (text only)Round-trip translation (5 languages) + GPT-style paraphrasing≥95% for embedded manifest · user-visible label may be paraphrased away (disclosed risk)

4 · The 5 named cross-walks

Standard / frameworkWhat's satisfied by DEFONEOS watermark
C2PA v2.2 (Coalition for Content Provenance and Authenticity)Manifest structure + assertions + Ed25519 signing · W3C Verifiable Credentials compatible
NIST AI 100-4 (AI Risk Management Framework · Generative AI Profile)Provenance + transparency + traceability controls
ISO/IEC 23894 (AI risk management)Risk transparency controls
Google SynthIDCross-detector compatibility for image / audio / video outputs (where applicable)
Microsoft Azure Content AuthenticityC2PA manifest integration + Azure Blob Storage metadata embedding

5 · The 7 implementation surfaces

Watermarking is applied at 7 surfaces in the DEFONEOS runtime:

  1. Text generation — machine-readable manifest embedded in response metadata + user-visible label prepended
  2. Image generation — C2PA manifest embedded in PNG/JPG metadata + visible watermark overlay (24px corner)
  3. Audio synthesis — C2PA manifest in MP3/WAV metadata + 3-second announcement at start
  4. Video synthesis — C2PA manifest in MP4 metadata + 3-second title card + persistent overlay
  5. Code generation — header comment with machine-readable ID + build SHA + visible attribution
  6. Structured data (JSON / CSV / XML) — manifest embedded in metadata field + visible header row
  7. API responses (REST / GraphQL) — manifest in response header `X-DEFONEOS-Watermark` + body `_meta.watermark`

6 · Public verification API (the 30-second trust root)

Any third party can verify a DEFONEOS watermark in <30 seconds:

  1. Extract watermark ID from output (manifest ID + build SHA visible)
  2. Visit csoai.org/verify/watermark/{manifest_id}
  3. Read the public record: model · version · build · timestamp · BFT vote · sigil chain
{
  "watermark_id": "WATERMARK-2026-08-02-abc123",
  "status": "valid",
  "model": "sov3-small-9b",
  "model_version": "v0.95.1",
  "build_sha256": "abc123...",
  "created_at": "2026-08-02T...",
  "bft_council_vote": "BFT-1247-28-5-0",
  "issuer_signature": "valid (Ed25519)",
  "public_endpoint": "csoai.org/verify/watermark/WATERMARK-2026-08-02-abc123"
}

7 · The 5 buyer-side deployment scenarios

ScenarioBuyer use caseWatermark visibility
1. Customer-facing chatBronze/Silver buyer → EU consumerVisible label required (Art-50 mandatory)
2. Internal decision supportGold buyer → internal employeesVisible label optional (Art-50 exempt for internal)
3. Synthetic media publicationMedia/news buyer → public distributionVisible label required + 3-second title card (sector standard)
4. Code generationDeveloper buyer → engineersHeader comment + machine-readable metadata (developer convention)
5. Sovereign-Defence / Sovereign-Air-GapDefence buyer → classified contextWatermark in escrow only (no public visibility) · SIGIL-anchored at point of generation

8 · Pre-2026-08-02 compliance work

DateMilestoneOwner
2026-07-21Watermarking library integrated into SOV3-small v2 (per capability roadmap)ML Platform Lead
2026-07-255-class robustness test battery complete · ≥95% survival confirmedML Platform Lead + CISO
2026-07-28C2PA manifest generator + verifier live at csoai.org/verify/watermarkPlatform Engineering
2026-07-305 cross-walks documented (this pack)Compliance Director
2026-08-0133-agent BFT pre-vote ≥23/33BFT Chair
2026-08-02Article 50 enters into force · DEFONEOS pack public · all sovereign weight outputs watermarked by default

9 · Cross-walk to existing DEFONEOS artefacts

Watermark layerSource
SIGIL chaindefoneos-mod-post-market-monitoring-plan.html
Model versiondefoneos-mod-ai-bom-sbom-card.html
BFT council votedefoneos-mod-seal-certification-spec.html
EU AI Act compliancedefoneos-mod-eu-cyber-resilience-act-readiness.html

10 · The 5 Anti-Patterns (Watermarking Disasters We Refuse)

  1. No "watermark trivially removable." 5-class robustness test battery required; ≥95% survival.
  2. No "user-visible label hidden in fine print." 24px minimum height on images, 3-second announcement in audio, 3-second title card in video.
  3. No "machine-readable manifest unsigned." Ed25519 SIGIL mandatory.
  4. No "buyer opt-out without disclosure." Buyers may suppress user-visible label for internal use, but manifest always present.
  5. No "no public verification." csoai.org/verify/watermark always live.

11 · Next Steps

  1. Verify this pack hash: curl https://csoai.org/defoneos-mod-ai-act-art-50-watermarking-pack.html | shasum -a 256
  2. Inspect a sample watermark: csoai.org/verify/watermark/sample
  3. Browse EU AI Act compliance summary: defoneos-mod-eu-cyber-resilience-act-readiness.html
  4. Request DEFONEOS watermarking integration for your deployment: commercial@csoai.org
  5. Subscribe to watermarking advisories: csoai.org/advisories/subscribe
SIGIL: T102-ai-act-art-50-watermarking-pack-e5f1a8b6c3d9 · care_score 0.95 · BFT 33-agent vote: 28 approve / 5 amend / 0 reject (quorum 25/33)
Authority: DEFONEOS Sovereign Architecture Board, ratified 2026-07-14
License: Open — EU AI Office · EU deployers · C2PA Coalition · NIST · ISO/IEC · Google SynthID · Microsoft Azure Content Authenticity free to cite and redistribute with SIGIL preserved
Owner: DEFONEOS Compliance · compliance@csoai.org