Skip to main content
HashnodeComplizo

Command Palette

Search for a command to run...

A European Challenger Bank Just Asked If Your AI Customer Service Bot Must Tell Users It's Not Human: Answering the EU AI Act Article 52 Transparency Questions

Published
6 min read
A
Ari Volcoff

A European Challenger Bank Just Asked If Your AI Customer Service Bot Must Tell Users It's Not Human: Answering the EU AI Act Article 52 Transparency Questions

The email arrived from the head of vendor risk at a European challenger bank. Your AI-powered customer service platform had been under review for two months. The security assessment passed. The data processing agreement was redlined and agreed. Then came the compliance addendum.

Section 3 read:

"Please confirm whether your conversational AI system is configured to notify users that they are interacting with an AI, and not a human. Describe the mechanism and timing of this notification. Please reference the applicable provisions of the EU AI Act in your response."

Three questions. A five-business-day turnaround request.

Here is what Article 52 requires, how it applies to your product, and exactly what to send.

Why Banks Ask This Question

European banks operating under PSD2, MiFID II, and consumer protection regulations are already accustomed to disclosure requirements. When the EU AI Act introduced new AI-specific transparency obligations, their compliance and vendor risk teams added it to procurement checklists almost immediately.

The bank asking this question is not checking whether your chatbot is sophisticated. They are checking whether deploying your product creates a compliance gap for them. Under the EU AI Act, Article 26 makes deployers responsible for ensuring the systems they use meet applicable obligations. If your chatbot lacks the Article 52 disclosure mechanism, the bank is the one at risk when a customer complains to a national supervisory authority.

What Article 52 Actually Requires

Article 52 of the EU AI Act establishes transparency obligations for three specific categories of AI system. The one relevant here is in Article 52(1):

"Providers shall ensure that AI systems intended to interact with natural persons are designed and developed in such a way that the natural persons are informed that they are interacting with an AI system, unless this is obvious from the circumstances and context."

Two things stand out.

First, this obligation falls on the provider — your company, not the bank. You must build the disclosure into the system by design. The bank cannot retrofit a disclosure onto your product if you have not built it in.

Second, the exception — "unless this is obvious from the circumstances and context" — is narrower than it sounds. A chat widget on a banking app is not obviously an AI system to most users. The fact that your product is named "Aria" or uses a robotic avatar is not sufficient to satisfy the exception. The obligation is to make the AI nature affirmatively apparent, not merely inferable.

Scope: Which Systems Does Article 52(1) Cover?

Article 52(1) covers AI systems "intended to interact with natural persons." This includes:

  • Customer service chatbots (text-based)
  • Voice-based AI assistants handling inbound calls
  • AI systems that respond to customer queries via messaging apps or embedded widgets
  • AI-assisted live chat where the AI is handling the response, even if a human agent can intervene

It does not include AI systems operating entirely in the background without any user-facing interaction — for example, a fraud detection model that runs silently on transactions without surfacing a message to the customer.

If your platform has a customer-facing conversational component — and most AI customer service platforms do — Article 52(1) applies.

What the Disclosure Must Say and When It Must Appear

The EU AI Act does not prescribe exact wording or format, but the practical standard is clear: users must know they are talking to an AI before or at the start of the interaction, not buried in a terms-of-service document or disclosed only on request.

Adequate disclosure typically includes:

  • A message at the start of the conversation identifying the agent as an AI (e.g., "Hi, I'm Maya, an AI assistant")
  • A clear way for users to request a human agent if one is available
  • No language that implies the user is speaking with a human or that obscures the AI nature of the interaction

Inadequate disclosure includes:

  • A small icon with "AI" in a corner of the chat widget
  • A mention in the privacy policy
  • A disclosure made only after the conversation starts if it was not obvious from the outset

The Deepfake Clause: Article 52(3) and (4)

Article 52 also contains obligations for AI-generated content. If your platform generates any of the following, additional obligations apply:

  • Synthetic audio, image, video, or text that a user might believe is authentic (52(3))
  • AI-generated or manipulated content produced for mass distribution (52(4))

For a customer service chatbot, Article 52(3) is typically not triggered — unless the platform generates AI-synthesized voice responses designed to sound indistinguishable from a human agent. If your platform uses a voice clone that sounds like a named human, 52(3) is relevant.

Flag this in your response if applicable.

How to Answer the Three Sub-Questions

Q: Is your system configured to notify users they are interacting with an AI?

Answer yes or no. If yes, describe the mechanism: where does the disclosure appear, what does it say, and when in the conversation flow does it trigger. If your system does not currently have this feature built in, do not obscure that. Explain what configuration options are available and whether the bank must configure the disclosure as part of their deployment setup.

Q: What is the mechanism and timing of the notification?

Walk through the user experience step by step. "The AI-disclosure message appears as the first message in every new conversation session. The text reads: 'Hello, I'm [name], an AI assistant. I can help with [list of topics]. Would you prefer to speak with a human agent?' The disclosure resets if a session is idle for more than 30 minutes."

Specificity here builds confidence. Vague answers do not.

Q: What is the applicable EU AI Act provision?

Article 52(1). Cite it by number. If your system also generates synthetic voice, cite 52(3). Demonstrating that you know the correct provision signals to the compliance team that your answer was written by someone who understands the regulation, not a boilerplate template.

What Deployers Are Responsible For Under Article 26

Banks and other deployers have their own obligations under Article 26. When they deploy your system, they are responsible for:

  • Ensuring the AI disclosure is active and visible to their customers
  • Not modifying the system in a way that disables or undermines the disclosure
  • Training their staff on the AI nature of the system

This means your product configuration matters. If the disclosure notification can be disabled in your admin panel, the bank's compliance team will want to know whether that disable option creates a gap. The safest answer: the disclosure is on by default and cannot be disabled without a documented override process.

The Practical Proof

When you submit your response, attach:

  1. A screenshot or screen recording of the disclosure message as it appears to end users in a live session
  2. A written description of the disclosure mechanism (trigger conditions, text, placement)
  3. A reference to Article 52(1) confirming this is the applicable provision
  4. Any admin panel configuration options that affect the disclosure, with your recommended settings

A compliance team that can see the disclosure with their own eyes will close this section faster than one reading a paragraph of assurances.

Try Complizo free at complizo.com

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Complizo

87 posts