plainstamp 0.7.7 → 0.7.9

package/CHANGELOG.md

@@ -16,6 +16,25 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 Distribution is **npm-only**. Source remains in the operating organization's private repository; there is no public source repository host. Contact channel for issues, accuracy reports, security reports, and contribution proposals is **helpfulbutton140@agentmail.to** (see `docs/CONTRIBUTING.md`, `docs/SECURITY.md`).
 
+## [0.7.9] — 2026-05-09
+
+### Improved (validate-disclosure precision)
+
+- `validateDisclosure` now matches signals at word boundaries instead of as substrings — fixes a false-positive class where, for example, "preconsenting" matched the signal "consent". Tokens in the candidate are split on non-word characters; signals must appear as whole tokens.
+- Returns a new `elements` field with per-element detail: `element_id`, `found`, `confidence` (`high` | `medium` | `missing`), and `matched_signals` (the tokens that matched). Confidence bands:
+  - **high**: an id-derived signal matched, OR ≥ 2 body-derived signals matched.
+  - **medium**: exactly 1 body-derived signal matched.
+  - **missing**: no signals matched.
+- The existing `passes` and `missing_elements` fields are unchanged (backwards-compatible). Callers that want richer detail can read `elements`; callers that don't can continue treating the report as a binary check.
+- Tests: 66/66 passing (63 baseline + 3 new — word-boundary, confidence reporting, missing-confidence on signal-free input).
+
+## [0.7.8] — 2026-05-09
+
+### Documentation
+
+- README adds a "Builder's guides" section above the rule corpus listing, organized by compliance vertical (financial services, healthcare, employment, voice agent, EU, state-specific). Twelve long-form guides linked, each grounded in regulator-published source text. The guides index also lives at https://plainstamp.pages.dev/guides/.
+- No code changes; npm publish refreshes the README rendered on npmjs.com.
+
 ## [0.7.7] — 2026-05-09
 
 ### Fixed (URL-monitor stabilization, round 3 — JSF random ids)

package/README.md

@@ -154,6 +154,38 @@ const reports = validateDisclosureForQuery(
 );
 ```
 
+## Builder's guides
+
+Long-form, citation-grounded guides organized by compliance vertical.
+Each guide walks through scope, required elements, common failure
+patterns, and a minimum-viable-compliance checklist.
+
+**Financial services AI**
+- [CFPB Circular 2023-03 — adverse-action notices for AI credit decisions](https://plainstamp.pages.dev/guides/cfpb-circular-2023-03-ai-adverse-action-builder-guide/)
+- [FINRA RN 24-09 — AI in customer communications](https://plainstamp.pages.dev/guides/finra-rn-24-09-ai-customer-communications-builder-guide/)
+
+**Healthcare AI**
+- [HHS Section 1557 (Patient Care Decision Support Tools)](https://plainstamp.pages.dev/guides/hhs-section-1557-pcdst-builder-guide/)
+- [FDA PCCP for AI/ML medical devices](https://plainstamp.pages.dev/guides/fda-pccp-aiml-medical-device-builder-guide/)
+- [Texas TRAIGA HB 149 — government and healthcare tracks](https://plainstamp.pages.dev/guides/texas-traiga-hb-149-builder-guide/)
+
+**Employment AI**
+- [EEOC Title VII AI selection procedures](https://plainstamp.pages.dev/guides/eeoc-title-vii-ai-employment-builder-guide/)
+- [NYC Local Law 144 (AEDT)](https://plainstamp.pages.dev/guides/nyc-local-law-144-aedt-builder-guide/)
+
+**Voice agent / outbound calling**
+- [FCC TCPA AI-voice robocall ruling](https://plainstamp.pages.dev/guides/fcc-tcpa-ai-voice-robocall-builder-guide/)
+
+**EU compliance**
+- [EU AI Act Article 50](https://plainstamp.pages.dev/guides/eu-ai-act-article-50-builder-guide/)
+
+**State-specific deep dives**
+- [California bot disclosure (B&P § 17941)](https://plainstamp.pages.dev/guides/california-bot-disclosure-bp-17941-builder-guide/)
+- [Colorado AI Act SB 24-205](https://plainstamp.pages.dev/guides/colorado-ai-act-sb-24-205-builder-guide/)
+- [EU AI Act Article 50 — chatbot disclosure (focused)](https://plainstamp.pages.dev/guides/eu-ai-act-article-50-chatbot-disclosure/)
+
+[See all guides →](https://plainstamp.pages.dev/guides/)
+
 ## How matching works
 
 - **Jurisdiction.** A rule whose jurisdiction equals the query, or whose jurisdiction is a hyphen-bounded prefix of it. So a query for `us-ca` matches both `us-ca`-specific rules AND federal-`us` rules. A query for `us` does NOT match `us-ca`-specific rules — federal-only.

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { lookup, generateDisclosureText, validateDisclosure, } from "./lookup.js";
+export { lookup, generateDisclosureText, validateDisclosure, type ElementReport, } from "./lookup.js";
 export { loadBundledRules, loadRulesFromPath, setBundledRules, } from "./rules-loader.js";
 export { computeCoverageMatrix, renderCoverageMarkdown, renderCoverageCsv, type CoverageMatrix, type CoverageCell, } from "./coverage.js";
 export type { DisclosureRuleT, RuleSetT, LookupQueryT, LookupResultT, ChannelT, UseCaseT, SeverityT, JurisdictionIdT, DisclosureElementT, } from "./schema.js";
@@ -26,6 +26,7 @@ export declare function validateDisclosureForQuery(query: LookupQueryT, candidat
     rule_id: string;
     passes: boolean;
     missing_elements: string[];
+    elements: import("./lookup.js").ElementReport[];
     warning: string;
 }[];
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,iBAAiB,EACjB,KAAK,cAAc,EACnB,KAAK,YAAY,GAClB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,eAAe,EACf,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,eAAe,EACf,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,OAAO,EACP,OAAO,EACP,QAAQ,EACR,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,OAAO,GACR,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,QAAQ,EACR,cAAc,EACd,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,UAAU,EACV,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,EACxB,WAAW,EACX,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,OAAO,EACP,MAAM,EACN,SAAS,EACT,eAAe,EACf,UAAU,EACV,YAAY,GACb,MAAM,oBAAoB,CAAC;AAI5B,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEhF;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,YAAY,GAAG,aAAa,EAAE,CAEnE;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAK5C;AAED,uDAAuD;AACvD,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAGnE;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,YAAY,EACnB,aAAa,EAAE,MAAM;;;;;IAKtB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,sBAAsB,EACtB,kBAAkB,EAClB,KAAK,aAAa,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,iBAAiB,EACjB,KAAK,cAAc,EACnB,KAAK,YAAY,GAClB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,eAAe,EACf,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,eAAe,EACf,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,OAAO,EACP,OAAO,EACP,QAAQ,EACR,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,OAAO,GACR,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,QAAQ,EACR,cAAc,EACd,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,UAAU,EACV,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,EACxB,WAAW,EACX,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,OAAO,EACP,MAAM,EACN,SAAS,EACT,eAAe,EACf,UAAU,EACV,YAAY,GACb,MAAM,oBAAoB,CAAC;AAI5B,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEhF;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,YAAY,GAAG,aAAa,EAAE,CAEnE;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAK5C;AAED,uDAAuD;AACvD,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAGnE;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,YAAY,EACnB,aAAa,EAAE,MAAM;;;;;;IAKtB"}

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,iBAAiB,GAGlB,MAAM,eAAe,CAAC;AAYvB,OAAO,EACL,OAAO,EACP,OAAO,EACP,QAAQ,EACR,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,OAAO,GACR,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,QAAQ,EACR,cAAc,GAGf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,UAAU,EACV,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,EACxB,WAAW,EACX,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAU5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,MAAM,IAAI,QAAQ,EAAE,kBAAkB,IAAI,UAAU,EAAE,MAAM,aAAa,CAAC;AAGnF;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAmB;IAChD,OAAO,QAAQ,CAAC,gBAAgB,EAAE,EAAE,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAAmB,EACnB,aAAqB;IAErB,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC1C,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;AAClE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,sBAAsB,EACtB,kBAAkB,GAEnB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,iBAAiB,GAGlB,MAAM,eAAe,CAAC;AAYvB,OAAO,EACL,OAAO,EACP,OAAO,EACP,QAAQ,EACR,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,OAAO,GACR,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,QAAQ,EACR,cAAc,GAGf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,UAAU,EACV,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,EACxB,WAAW,EACX,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAU5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,MAAM,IAAI,QAAQ,EAAE,kBAAkB,IAAI,UAAU,EAAE,MAAM,aAAa,CAAC;AAGnF;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAmB;IAChD,OAAO,QAAQ,CAAC,gBAAgB,EAAE,EAAE,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAAmB,EACnB,aAAqB;IAErB,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC1C,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;AAClE,CAAC"}

package/dist/lookup.d.ts

@@ -33,10 +33,20 @@ export declare function generateDisclosureText(rule: DisclosureRuleT): {
  * (accepting non-compliant text) are possible. For high-stakes disclosures,
  * verify against the cited regulator-published text and consult counsel.
  */
+export interface ElementReport {
+    element_id: string;
+    found: boolean;
+    /** Confidence band based on how many signals matched. */
+    confidence: "high" | "medium" | "missing";
+    /** Signals that matched the candidate (whole-word). */
+    matched_signals: string[];
+}
 export declare function validateDisclosure(rule: DisclosureRuleT, candidate: string): {
     rule_id: string;
     passes: boolean;
     missing_elements: string[];
+    /** Per-element detail: which signals matched and confidence band. */
+    elements: ElementReport[];
     warning: string;
 };
 //# sourceMappingURL=lookup.d.ts.map

package/dist/lookup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"lookup.d.ts","sourceRoot":"","sources":["../src/lookup.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACd,MAAM,aAAa,CAAC;AAErB;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,GAAG,aAAa,EAAE,CAuB5E;AAoCD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,eAAe,GAAG;IAC7D,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,CAOA;AAiED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,eAAe,EACrB,SAAS,EAAE,MAAM,GAChB;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB,CAkBA"}
+{"version":3,"file":"lookup.d.ts","sourceRoot":"","sources":["../src/lookup.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACd,MAAM,aAAa,CAAC;AAErB;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,GAAG,aAAa,EAAE,CAuB5E;AAoCD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,eAAe,GAAG;IAC7D,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,CAOA;AA2FD;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;IACf,yDAAyD;IACzD,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC1C,uDAAuD;IACvD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,eAAe,EACrB,SAAS,EAAE,MAAM,GAChB;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,qEAAqE;IACrE,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;CACjB,CA4CA"}

package/dist/lookup.js

@@ -120,43 +120,71 @@ const STOPWORDS = new Set([
     "your",
 ]);
 function signalsFor(element) {
-    const signals = [];
+    const id = [];
     for (const token of element.id.split("-")) {
         if (token.length > 3)
-            signals.push(token.toLowerCase());
+            id.push(token.toLowerCase());
     }
+    const body = [];
     const collect = (text) => {
         for (const word of text.toLowerCase().split(/[^a-z0-9]+/)) {
             if (word.length > 4 && !STOPWORDS.has(word))
-                signals.push(word);
+                body.push(word);
         }
     };
     collect(element.description);
     if (element.example !== undefined)
         collect(element.example);
-    return [...new Set(signals)];
+    return {
+        id: [...new Set(id)],
+        body: [...new Set(body)],
+    };
 }
 /**
- * Validates a candidate disclosure text against a rule's required elements.
- *
- * The check is heuristic. For each required element it derives a small set of
- * keyword signals (id tokens, significant words from the element description
- * and example) and checks whether any appear in the candidate (case-insensitive).
- * An element with no signals found is reported as missing.
- *
- * This is a sanity check, NOT a legal-sufficiency determination. False
- * negatives (rejecting compliant text) are possible and false positives
- * (accepting non-compliant text) are possible. For high-stakes disclosures,
- * verify against the cited regulator-published text and consult counsel.
+ * Tokenize candidate text into a Set of lowercase word tokens for
+ * word-boundary matching. Substrings within longer tokens do NOT
+ * match — fixes false positives like "preconsent" matching "consent".
  */
+function tokenize(text) {
+    const out = new Set();
+    for (const word of text.toLowerCase().split(/[^a-z0-9]+/)) {
+        if (word.length > 0)
+            out.add(word);
+    }
+    return out;
+}
 export function validateDisclosure(rule, candidate) {
-    const lower = candidate.toLowerCase();
+    const tokens = tokenize(candidate);
+    const elementReports = [];
     const missing = [];
     for (const el of rule.required_elements) {
         if (!el.required)
             continue;
         const signals = signalsFor(el);
-        const found = signals.some((s) => lower.includes(s));
+        const idMatches = signals.id.filter((s) => tokens.has(s));
+        const bodyMatches = signals.body.filter((s) => tokens.has(s));
+        const allMatches = [...new Set([...idMatches, ...bodyMatches])];
+        // Confidence rule:
+        // - high   = an id-token matched, OR ≥ 2 body tokens matched
+        // - medium = exactly 1 body token matched (signal present but weak)
+        // - missing = no signals matched
+        let confidence;
+        if (idMatches.length > 0 || bodyMatches.length >= 2) {
+            confidence = "high";
+        }
+        else if (bodyMatches.length === 1) {
+            confidence = "medium";
+        }
+        else {
+            confidence = "missing";
+        }
+        const found = confidence !== "missing";
+        elementReports.push({
+            element_id: el.id,
+            found,
+            confidence,
+            matched_signals: allMatches,
+        });
         if (!found)
             missing.push(el.id);
     }
@@ -164,7 +192,8 @@ export function validateDisclosure(rule, candidate) {
         rule_id: rule.id,
         passes: missing.length === 0,
         missing_elements: missing,
-        warning: "Heuristic substring check. NOT a legal-sufficiency determination. For high-stakes disclosures, verify against the cited regulator-published text and consult counsel.",
+        elements: elementReports,
+        warning: "Heuristic word-boundary check with confidence bands. NOT a legal-sufficiency determination. Even high-confidence elements may not satisfy the rule's substantive requirements; medium-confidence elements warrant manual review. For high-stakes disclosures, verify against the cited regulator-published text and consult counsel.",
     };
 }
 //# sourceMappingURL=lookup.js.map

package/dist/lookup.js.map

@@ -1 +1 @@
-{"version":3,"file":"lookup.js","sourceRoot":"","sources":["../src/lookup.ts"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,MAAM,CAAC,KAAe,EAAE,KAAmB;IACzD,MAAM,OAAO,GAAoB,EAAE,CAAC;IAEpC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,eAAe,EAAE,OAAO;YACxB,cAAc,EAAE,SAAS;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,QAAQ,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,IAAqB,EAAE,KAAmB;IAC9D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,YAAY,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3E,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,YAAY,KAAK,KAAK,CAAC,YAAY;QACtC,CAAC,CAAC,6BAA6B,IAAI,CAAC,YAAY,EAAE;QAClD,CAAC,CAAC,2CAA2C,IAAI,CAAC,YAAY,gBAAgB,KAAK,CAAC,YAAY,GAAG,CACtG,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;IAE9D,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc;QAAE,OAAO,EAAE,CAAC;IAC3E,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,gCAAgC,KAAK,CAAC,QAAQ,GAAG;QACnD,CAAC,CAAC,wEAAwE,CAC7E,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,IAAY,EAAE,KAAa;IACtD,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,KAAK,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAqB;IAI1D,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;QAC1B,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,SAAS;YACpC,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,SAAS;IACT,OAAO;IACP,OAAO;IACP,SAAS;IACT,MAAM;IACN,OAAO;IACP,QAAQ;IACR,MAAM;IACN,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,SAAS;IACT,OAAO;IACP,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;CACP,CAAC,CAAC;AAEH,SAAS,UAAU,CAAC,OAAqD;IACvE,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE;QAC/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1D,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;IACH,CAAC,CAAC;IACF,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7B,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAAqB,EACrB,SAAiB;IAOjB,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,IAAI,CAAC,EAAE,CAAC,QAAQ;YAAE,SAAS;QAC3B,MAAM,OAAO,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,EAAE;QAChB,MAAM,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC5B,gBAAgB,EAAE,OAAO;QACzB,OAAO,EACL,uKAAuK;KAC1K,CAAC;AACJ,CAAC"}
+{"version":3,"file":"lookup.js","sourceRoot":"","sources":["../src/lookup.ts"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,MAAM,CAAC,KAAe,EAAE,KAAmB;IACzD,MAAM,OAAO,GAAoB,EAAE,CAAC;IAEpC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,eAAe,EAAE,OAAO;YACxB,cAAc,EAAE,SAAS;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,QAAQ,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,IAAqB,EAAE,KAAmB;IAC9D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,YAAY,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3E,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,YAAY,KAAK,KAAK,CAAC,YAAY;QACtC,CAAC,CAAC,6BAA6B,IAAI,CAAC,YAAY,EAAE;QAClD,CAAC,CAAC,2CAA2C,IAAI,CAAC,YAAY,gBAAgB,KAAK,CAAC,YAAY,GAAG,CACtG,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;IAE9D,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc;QAAE,OAAO,EAAE,CAAC;IAC3E,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,gCAAgC,KAAK,CAAC,QAAQ,GAAG;QACnD,CAAC,CAAC,wEAAwE,CAC7E,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,IAAY,EAAE,KAAa;IACtD,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,KAAK,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAqB;IAI1D,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;QAC1B,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,SAAS;YACpC,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,SAAS;IACT,OAAO;IACP,OAAO;IACP,SAAS;IACT,MAAM;IACN,OAAO;IACP,QAAQ;IACR,MAAM;IACN,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,SAAS;IACT,OAAO;IACP,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;CACP,CAAC,CAAC;AASH,SAAS,UAAU,CACjB,OAAqD;IAErD,MAAM,EAAE,GAAa,EAAE,CAAC;IACxB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE;QAC/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1D,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC,CAAC;IACF,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7B,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,OAAO;QACL,EAAE,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;QACpB,IAAI,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;KACzB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,QAAQ,CAAC,IAAY;IAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1D,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAwBD,MAAM,UAAU,kBAAkB,CAChC,IAAqB,EACrB,SAAiB;IASjB,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,cAAc,GAAoB,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,IAAI,CAAC,EAAE,CAAC,QAAQ;YAAE,SAAS;QAC3B,MAAM,OAAO,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC;QAE/B,MAAM,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAEhE,mBAAmB;QACnB,6DAA6D;QAC7D,oEAAoE;QACpE,iCAAiC;QACjC,IAAI,UAAuC,CAAC;QAC5C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACpD,UAAU,GAAG,MAAM,CAAC;QACtB,CAAC;aAAM,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,KAAK,SAAS,CAAC;QACvC,cAAc,CAAC,IAAI,CAAC;YAClB,UAAU,EAAE,EAAE,CAAC,EAAE;YACjB,KAAK;YACL,UAAU;YACV,eAAe,EAAE,UAAU;SAC5B,CAAC,CAAC;QACH,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,EAAE;QAChB,MAAM,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC5B,gBAAgB,EAAE,OAAO;QACzB,QAAQ,EAAE,cAAc;QACxB,OAAO,EACL,sUAAsU;KACzU,CAAC;AACJ,CAAC"}

package/docs/guides/eu-ai-act-article-50-builder-guide.md

@@ -0,0 +1,354 @@
+# EU AI Act Article 50: a builder's guide
+
+> **Informational only — not legal advice.** Verify against the cited
+> regulator-published text and consult counsel for production deployments.
+> See `AI-DISCLOSURE.md` in this package.
+
+If your AI product is delivered to anyone in the European Union — by
+a provider established in the EU, or by a provider outside the EU
+whose system's output is used inside the EU — **Article 50 of the
+EU AI Act** is the disclosure framework you need to ship before
+**August 2, 2026**. Article 50 has two distinct obligations that
+people often conflate but that target different actors and different
+artifacts: 50(1) covers AI *systems that interact with humans*
+(chatbots, voice agents, AI assistants), and 50(2) covers *AI-
+generated synthetic content* (images, audio, video, text — including
+output from general-purpose models). This guide separates the two,
+spells out who has to do what, what counts as a sufficient
+disclosure under each, the deepfake / public-interest text overlay
+in 50(4), and what extraterritorial reach actually means in practice.
+
+## What Article 50 actually says
+
+The EU AI Act ([Regulation (EU) 2024/1689](https://eur-lex.europa.eu/eli/reg/2024/1689/oj))
+was published in the Official Journal on July 12, 2024 and entered
+into force on August 1, 2024. The substantive obligations under
+Article 50 (titled *Transparency obligations for providers and
+deployers of certain AI systems*) **apply from August 2, 2026** —
+two years after entry into force.
+
+Article 50 has four operative paragraphs that matter for builders:
+
+| Paragraph | Who | What | Notes |
+|---|---|---|---|
+| 50(1) | Providers of AI systems intended to interact directly with natural persons | Inform persons they are interacting with an AI system | "Unless obvious to a reasonably well-informed person under the circumstances." |
+| 50(2) | Providers of AI systems generating synthetic audio, image, video, or text content (including general-purpose AI) | Mark output in machine-readable format detectable as artificially generated | "As far as technically feasible." |
+| 50(3) | Deployers of emotion-recognition or biometric-categorisation systems | Inform the natural persons exposed to the system | Separate, narrower obligation. |
+| 50(4) | Deployers of AI generating "deep fakes" (image/audio/video) or AI-generated text published to inform the public on matters of public interest | Disclose that the content has been artificially generated or manipulated | Two different sub-obligations bundled together. |
+
+Article 50 is enforced as a **transparency obligation** under Title
+IV of the Act. Penalties for non-compliance are in Article 99: up
+to **€15M or 3% of total worldwide annual turnover**, whichever is
+higher (for non-compliance with obligations on AI systems other than
+prohibited and high-risk). Member states implement enforcement; the
+EU AI Office coordinates.
+
+## Article 50(1): chatbot / voice-agent disclosure
+
+The 50(1) obligation falls on **the provider** of an AI system that
+is "intended to interact directly with natural persons." That
+includes:
+
+- Customer-facing chatbots (B2C support, marketing, sales bots).
+- AI voice agents (outbound calling, IVR).
+- AI assistants (productivity assistants, sales-rep assistants
+  whose interactions touch end-users).
+- AI tutors (in education products).
+- AI companions (NY Companion Models law has a parallel state-level
+  rule).
+- Any conversational AI feature embedded in a larger product.
+
+The obligation is on the **provider** — the entity that develops
+the AI system or has it developed. If you ship a customer-facing
+AI product into the EU, you are the provider for purposes of 50(1).
+If you embed someone else's AI (e.g., OpenAI's API) inside your
+product, you may be both a deployer (of OpenAI's general-purpose
+model) and a provider (of your derived AI system) — the provider
+hat is the one that triggers 50(1).
+
+The "unless obvious" carve-out is significant in practice but
+narrow in interpretation. Examples where the AI nature is "obvious":
+
+- A clearly-branded chatbot with an explicit "AI assistant" label and
+  a robot icon.
+- A page introducing a conversational interface with a banner
+  announcing "Talk to our AI assistant."
+
+Examples where the AI nature is **not** obvious (disclosure
+required):
+
+- A live-chat window that doesn't distinguish between human and AI
+  responses.
+- A voice agent that uses a human-sounding voice without any audio
+  cue.
+- Email correspondence that appears handwritten / personal but is
+  AI-generated.
+- An AI persona that uses a human-presenting name and avatar.
+
+The disclosure must be made "in a clear and distinguishable manner
+at the latest at the time of the first interaction or exposure" —
+i.e., upfront, not buried in a Terms of Service. The exact text
+isn't prescribed; clarity and prominence are.
+
+Plain-language template that satisfies 50(1) and most US state-level
+rules layered on top:
+
+> *"You are interacting with an AI system, not a human. Some
+> responses may be generated using artificial intelligence."*
+
+## Article 50(2): synthetic-content labeling
+
+The 50(2) obligation falls on **providers of AI systems generating
+synthetic audio, image, video, or text content, including general-
+purpose AI systems**. The required output is:
+
+- **Marked in a machine-readable format** as artificially generated
+  or manipulated.
+- **Detectable as artificially generated or manipulated** by tools
+  designed to read those marks.
+
+This is fundamentally different from the 50(1) obligation. 50(1) is
+*human-readable* disclosure to users. 50(2) is *machine-readable*
+provenance metadata baked into the output itself. The two
+obligations stack — a generative AI assistant that produces an image
+needs both a user-facing chatbot disclosure (50(1)) AND machine-
+readable image marking (50(2)).
+
+Acceptable techniques (per Recital 133):
+
+- **C2PA / Content Credentials** (Coalition for Content Provenance
+  and Authenticity) — widely-adopted standard for image, audio, and
+  video provenance metadata. Adobe, Microsoft, and others ship
+  C2PA-marking tools.
+- **Watermarking** — perceptible or imperceptible signal embedded in
+  the output. Imperceptible watermarking (frequency-domain markers,
+  steganographic encoding) is preferred for non-deepfake use cases
+  to preserve user experience.
+- **Cryptographic methods** — signed metadata that survives
+  compression and transformation.
+- **Logging metadata in the file format** — Exif fields, ID3 tags,
+  PDF metadata, MP4 metadata — though these are easier to strip.
+
+The "as far as technically feasible" qualifier is real. Pure-text
+output is the hardest case: text watermarking is an active research
+area without a settled standard. For text, the Recital 133 expectation
+is that providers make a good-faith effort with current state-of-the-
+art techniques (e.g., Anthropic's Constitutional Classifier-style
+output watermarks, OpenAI's hidden token-frequency biases).
+
+## Article 50(4): the deepfake and public-interest-text overlay
+
+Article 50(4) is two sub-obligations bundled together; they apply to
+**deployers**, not providers, of AI systems:
+
+### 50(4) first sentence: deepfakes
+
+Deployers of AI systems that generate or manipulate image, audio, or
+video content constituting **a deep fake** must disclose that the
+content has been artificially generated or manipulated.
+
+A "deep fake" under Article 3(60) means AI-generated or -manipulated
+content that resembles existing persons, objects, places, entities or
+events and would falsely appear to a person to be authentic.
+
+Carve-outs:
+
+- **Artistic, creative, satirical, fictional, or analogous works**:
+  the disclosure is satisfied "in an appropriate manner that does
+  not hamper the display or enjoyment of the work" — i.e., the
+  disclosure can be in the credits, in a sidebar, in metadata —
+  rather than on the work itself.
+- **For deepfakes used in policing of crime**: separate exemption
+  if authorized by law.
+
+Practical disclosure examples: a watermark on a deepfake image, a
+banner on video, a credit at the end of audio content.
+
+### 50(4) second sentence: AI-generated text on matters of public interest
+
+Deployers of AI systems generating or manipulating text published to
+**inform the public on matters of public interest** must disclose
+that the text has been artificially generated or manipulated.
+
+This targets:
+
+- AI-generated news articles published to a public audience.
+- AI-generated political commentary intended for public consumption.
+- AI-generated content on matters of public health, safety, or
+  policy published to the public.
+
+Carve-outs:
+
+- The text is subject to **human review or editorial control** AND
+  a natural or legal person holds editorial responsibility.
+- The publication is for purposes other than informing the public on
+  matters of public interest.
+
+Practical implication: AI-drafted news content with no human
+editorial review must carry an "AI-generated" disclosure. Same
+content with documented editorial human review by a named editor
+satisfies the carve-out.
+
+## Provider vs deployer: who bears each obligation
+
+Article 50 distributes obligations precisely; getting this wrong is
+a common compliance failure pattern. The Act's definitions
+(Article 3) draw the line:
+
+- **Provider** (Art 3(3)): natural or legal person that *develops* an
+  AI system or has it developed and places it on the market or puts
+  it into service under its own name or trademark, whether for
+  payment or free of charge.
+- **Deployer** (Art 3(4)): natural or legal person *using* an AI
+  system under its authority, except where the AI system is used in
+  the course of a personal non-professional activity.
+
+Mapping to Article 50:
+
+| Obligation | Who | Common production owner |
+|---|---|---|
+| 50(1) — chatbot disclosure | Provider | The team that builds and ships the chatbot |
+| 50(2) — synthetic-content marking | Provider | The team that builds and ships the gen-AI feature |
+| 50(3) — emotion-recognition / biometric notice | Deployer | The customer / business using the system |
+| 50(4) — deepfake / public-interest-text disclosure | Deployer | The publisher / company posting the content |
+
+A SaaS image-generation product: the SaaS company is a **provider**
+under 50(2) and must mark outputs. The SaaS *customer* using the
+output to publish a deepfake is a **deployer** under 50(4) and must
+add the deepfake disclosure on top.
+
+## Extraterritorial reach: when does this apply to non-EU companies
+
+Article 2 of the Act states the territorial scope. The Act applies
+to:
+
+- **Providers placing AI systems on the EU market or putting them
+  into service in the EU**, regardless of whether the provider is
+  established in the EU or a third country.
+- **Deployers of AI systems located within the EU**.
+- **Providers and deployers of AI systems located in a third
+  country, where the output produced by the AI system is used in
+  the EU**.
+
+The third bullet is the controversial one. A US-based AI provider
+whose system has even one EU end-user is in scope. A US news website
+publishing AI-generated articles read by EU citizens may be in scope.
+The "used in the EU" interpretation is being clarified by the EU AI
+Office through guidance documents; conservative interpretation
+treats any EU-accessible AI deployment as in scope.
+
+For US-based companies serving global audiences, the practical
+floor is: **assume Article 50 applies if you ship AI features that
+EU citizens can access**. The cost of compliance (a disclosure line
+in the chatbot, C2PA marking on images) is small compared to the
+penalty exposure.
+
+## How Article 50 stacks with other rules
+
+| Other rule | How it stacks |
+|---|---|
+| **GDPR** (especially Art 22 on automated decisions) | GDPR is separate. Art 50 disclosure does not replace GDPR consent or right to explanation. Both apply when both apply. |
+| **California B&P § 17941** (bot disclosure) | Substantively similar to 50(1) but applies to incentivizing-sale or influencing-vote contexts. A 50(1)-compliant disclosure typically satisfies 17941; converse not always true. |
+| **California SB 942** (AI Transparency Act) | Provides for AI image/audio/video provenance + watermarking — partly aligned with 50(2). Templates need to satisfy both. |
+| **NY Companion Models law** (NY GBL Art 47, A6767) | Stricter than 50(1) for "AI companion" subset; 50(1) is a floor. |
+| **EU member-state implementations** | Member states implement enforcement and may impose additional obligations within the AI Act framework. Track Germany / France / Spain / Italy / Netherlands first. |
+| **National laws on deepfakes** (DE Stoltenberg AI law in development; FR loi visant à sécuriser et réguler) | Layer on top of 50(4); strictest applies. |
+
+## Common compliance failure patterns
+
+- **50(1) treated as "chatbot disclosure" only.** Voice agents, AI
+  email-drafting tools, and AI persona accounts on social platforms
+  are also "AI systems that interact directly with natural persons"
+  and require 50(1) disclosure.
+- **50(2) treated as optional because text is "technically
+  infeasible."** The "as far as technically feasible" qualifier is
+  not a blanket exemption. Providers are expected to use current
+  state-of-the-art text-marking techniques (e.g., output watermarks)
+  even if not perfect.
+- **50(4) deepfake disclosure missing on commercial deepfake video.**
+  Marketing content that uses AI-generated likenesses of real people
+  needs a 50(4) deployer disclosure even when the provider-side 50(2)
+  marking is in place.
+- **Non-EU provider assumes territorial exclusion.** Cloud-based AI
+  service with EU end-users is in scope under Art 2(1)(c).
+- **Provider-deployer obligations conflated.** SaaS company assumes
+  the customer is responsible for 50(2) marking; in fact 50(2) is the
+  provider's obligation that the SaaS company must build into its
+  product before customers ever interact with it.
+- **Disclosure buried in Terms of Service.** 50(1) requires a clear
+  and distinguishable disclosure at the time of first interaction;
+  ToS-only disclosure is not compliant.
+- **No editorial-review documentation for AI-generated public-
+  interest text.** Publisher relies on the carve-out without having
+  documented evidence of human editorial review. Defense fails on
+  inspection.
+
+## How plainstamp helps
+
+`plainstamp` ships two EU AI Act Article 50 rules:
+`eu-ai-act-art50-chatbot` (50(1) chatbot/voice/agent disclosure) and
+`eu-ai-act-art50-genai-content` (50(2) synthetic content marking).
+Each returns the disclosure-element checklist, plain-language and
+formal-language templates, citation back to Regulation (EU)
+2024/1689, and a `last_verified` date. Lookup:
+
+```bash
+# Chatbot / voice agent
+npx plainstamp lookup --jurisdiction eu --channel live-chat --use-case b2c-customer-support
+npx plainstamp lookup --jurisdiction eu --channel voice --use-case b2c-marketing
+
+# Generative AI content
+npx plainstamp lookup --jurisdiction eu --channel ai-generated-image --use-case b2c-marketing
+npx plainstamp lookup --jurisdiction eu --channel ai-generated-content --use-case b2c-marketing
+```
+
+For US companies serving EU audiences, layer the EU queries on top
+of the US-jurisdiction queries — the disclosure copy needs to satisfy
+each applicable rule.
+
+## The minimum viable compliance posture
+
+If your AI deployment is starting from zero on Article 50 and August
+2, 2026 is approaching, ship these six artifacts in order:
+
+1. **50(1) chatbot disclosure.** Clear, prominent disclosure on
+   first interaction with any AI system that engages natural
+   persons. Plain-language template above is sufficient.
+2. **50(2) machine-readable marking** for image / audio / video
+   outputs. Adopt C2PA Content Credentials as the default; for
+   non-C2PA-aware tooling, use cryptographic signatures embedded in
+   format-level metadata.
+3. **50(2) text-output marking** to the extent technically feasible.
+   Document the technique chosen and the rationale (this is the
+   "good-faith effort" record).
+4. **50(4) deepfake disclosure pipeline** for any deployer use of
+   deepfake outputs. Watermark + visible disclosure on the
+   published deepfake.
+5. **50(4) AI-generated public-interest text governance.** Documented
+   editorial-review process if relying on the carve-out, OR
+   AI-generated disclosure on each piece of public-interest content.
+6. **Provider-deployer mapping.** A documented mapping of which
+   Article 50 obligations apply to your team as provider and which
+   apply to your customers as deployers; communicate the deployer
+   obligations to customers.
+
+Then layer the higher-fidelity work — member-state implementation
+specifics, sector overlays (healthcare AI under MDR, financial AI
+under DORA), GDPR Art 22 stacking — onto the higher-risk use cases
+first.
+
+## Source-of-truth links
+
+- **Regulation (EU) 2024/1689 (AI Act) — full text** ([eur-lex.europa.eu](https://eur-lex.europa.eu/eli/reg/2024/1689/oj))
+- **EU AI Office** ([digital-strategy.ec.europa.eu](https://digital-strategy.ec.europa.eu/en/policies/ai-office))
+- **C2PA — Coalition for Content Provenance and Authenticity** ([c2pa.org](https://c2pa.org))
+- **Recital 133 (synthetic content marking)** — see EUR-Lex full text above.
+- **Recitals 132 and 134 (Article 50 transparency framework)** — see EUR-Lex full text above.
+
+`plainstamp` is maintained by an autonomous AI agent operating under
+KS Elevated Solutions LLC. Accuracy reports, rule-update suggestions,
+and security disclosures: [helpfulbutton140@agentmail.to](mailto:helpfulbutton140@agentmail.to).
+
+---
+
+[`← Back to plainstamp`](https://plainstamp.pages.dev/)