You can build Article 50(4) compliance in-house. Here is what that actually looks like.

We are going to be honest about something most compliance vendors would never say: you do not need us.

Article 50(4) of the EU AI Act provides a human review exemption for AI-generated text published on matters of public interest. The exemption requires two things:

1. The content has undergone a process of human review or editorial control.
2. A natural or legal person holds editorial responsibility for the publication.

The regulation does not say who performs the review. It does not require a third party. It does not require certification. It does not require an external vendor.

Your editor can read every article. You can log the review in a spreadsheet. You can name your head of content as the editorially responsible person. Done.

That is the honest version. Now here is the rest of the story.

What "done" actually requires

The Code of Practice on Marking and Labelling of AI-Generated Content (second draft, March 2026) adds specificity that the regulation itself does not. The documentation requirements are cumulative. To claim the exemption defensibly, you need:

• A written editorial review procedure. Not a sentence in your employee handbook. A versioned document describing what the review consists of, who performs it, what they check, and how sign-off works. Dated. Stored. Producible on request.
• Per-article evidence of review. A record that ties each published article to a specific reviewer, a timestamp, the version of the procedure in force at the time, and confirmation that the review was completed before publication. Not "we reviewed everything this quarter." Per article.
• A named editorially responsible person. A natural or legal person whose identity is documented and who is contactable. Not a department. Not a team. A name.
• Retention. The documentation must be available for the regulatory limitation period. If a regulator asks in 2029 about an article you published in 2027, you need to produce the attestation.

Each of these is individually straightforward. Together, they are an operational system that has to run continuously, on every article, for years.

The spreadsheet problem

Most teams that start with a spreadsheet discover three things within 60 days:

Consistency breaks. When the reviewer is also the writer, the review is perfunctory. When the reviewer is busy, the review gets skipped. When a freelancer contributes, nobody knows whose name goes on the attestation. The spreadsheet fills up unevenly, with gaps that are invisible until someone audits it.

Versioning breaks. The procedure document evolves. The spreadsheet does not know which version of the procedure was in force when a given article was reviewed. Six months in, you cannot prove which review standard applied to which article.

Retention breaks. The spreadsheet lives on a shared drive. Someone renames the file. Someone archives last quarter's sheet. Someone leaves the company and their row-level review notes go with their account. The audit trail that looked solid in month one has holes by month six.

None of these failures are catastrophic in isolation. All of them are exactly the kind of gap a regulator will find when they ask for your documentation.

Self-certification versus third-party documentation

The same dynamic applies here. Your own editorial team signing off on your own content is self-certification. It is legally sufficient under the regulation. It is not what a procurement team, a regulator, or an auditor considers robust.

Third-party review creates an arm's-length evidence trail. The reviewer is independent. The documentation is generated by a system that does not answer to the publisher's editorial calendar. The attestation PDF is timestamped, hashed, and stored in a vault that the publisher does not control.

When the question is "did someone actually review this, or did you just check a box?" the answer is different depending on who did the reviewing.

When DIY makes sense

We will say it plainly: if your operation publishes fewer than five AI-assisted articles per month and you have a dedicated editor who already reads every piece before it goes live, you probably do not need Sygil. Your existing editorial process, with minor documentation additions, likely satisfies the exemption.

Get a lawyer to draft a procedure document. Train your editor on the attestation format. Set up a shared folder. You are covered.

When it does not

The economics shift when any of these are true:

• You publish more than 10 AI-assisted articles per month
• You do not have a dedicated editor (content marketers, solo operators, agency teams)
• Your content covers regulated topics (health, finance, legal, public policy)
• Your enterprise customers or procurement partners are going to ask for compliance documentation
• You cannot afford the reputational risk of a regulator finding gaps in your self-certification

At that point, the cost of maintaining audit-grade documentation in-house exceeds the cost of a subscription that delivers it automatically. And the credibility gap between self-certification and third-party attestation becomes a commercial liability.

The honest pitch

We are not selling something you cannot do yourself. We are selling the version of it that holds up when someone checks.

If your content is important enough to your business that you use AI to produce it at scale, and it covers topics that matter enough to be in scope of Article 50(4), the question is not whether to comply. The question is whether your compliance file looks like a spreadsheet or a signed attestation from an independent reviewer.

One of those answers closes the procurement gate. The other one opens it.