Comment détecter une image générée par IA ?

TruthLens utilise une combinaison d'Error Level Analysis (ELA), d'analyse PRNU, de modèles de détection IA et de vérification C2PA pour identifier les artefacts caractéristiques des images générées par Midjourney, DALL-E, Stable Diffusion ou d'autres outils génératifs.

Puis-je utiliser TruthLens pour contester une fraude sur Vinted ou LeBonCoin ?

Oui. Le rapport PDF certifié généré par TruthLens inclut le hash SHA256 du fichier, l'horodatage de l'analyse, le score de probabilité et les détails forensiques. Ce document peut être soumis au service client de la plateforme ou à un avocat comme élément de preuve dans un litige.

Qu'est-ce que l'analyse ELA (Error Level Analysis) ?

L'Error Level Analysis (ELA) est une technique forensique qui analyse les niveaux de compression JPEG d'une image pour détecter les zones qui ont été modifiées ou insérées. Les zones manipulées présentent des niveaux d'erreur différents du reste de l'image, révélant ainsi les retouches ou les insertions d'éléments générés.

TruthLens peut-il détecter les deepfakes ?

Oui, TruthLens détecte les images deepfake en analysant les incohérences de bruit capteur (PRNU), les artefacts de génération IA et les métadonnées suspectes. L'analyse vidéo deepfake sera disponible en V2.

Mes images sont-elles conservées après l'analyse ?

Non. Les fichiers uploadés sont supprimés immédiatement après l'analyse. Seuls les métadonnées, le hash SHA256 et les résultats d'analyse sont conservés dans votre historique, conformément à notre politique de confidentialité RGPD.

The EU AI Act and AI Content Transparency: What Changes

The European Union has adopted the world's first comprehensive legal framework for artificial intelligence. Beyond its rules on high-risk systems, the AI Act introduces unprecedented transparency obligations: content generated or manipulated by AI must be identifiable as such. For any company that produces, distributes, or moderates images, video, or text, this changes the rules of the game. Here, without unnecessary jargon, is what the AI Act actually requires regarding AI content transparency, who is concerned, on what timeline, and how to prepare in practice.

The AI Act in brief: a risk-based regulation

The AI Act (Regulation (EU) 2024/1689) is a European regulation — meaning it applies directly across all member states, without national transposition. Its logic rests on a risk-tiered classification of AI systems:

Unacceptable risk: banned practices (generalized social scoring, harmful subliminal manipulation, certain forms of real-time biometric identification).
High risk: AI used in sensitive domains (hiring, credit, medical devices, critical infrastructure), subject to strict compliance requirements.
Limited risk: systems subject primarily to transparency obligations — this is where the rules on AI-generated content sit.
Minimal risk: the vast majority of uses (spam filters, games), with no specific obligation.

AI content transparency falls mainly into this "limited risk" category. The guiding principle is simple: a person should be able to know when they are interacting with an AI or looking at content fabricated by a machine.

Why transparency became central

The mass spread of generative models (photorealistic images, cloned voices, doctored videos) has blurred the line between real and synthetic. Without labeling, a deepfake can circulate as if it were evidence, and an invented image can fuel visual misinformation and fake news. European lawmakers therefore made traceability and labeling a pillar of digital trust.

The transparency obligations on AI content

This is the heart of the matter. The AI Act imposes two complementary types of obligation: one on those who build the systems (providers), the other on those who use them to produce or distribute content (deployers).

Provider side: mark outputs in a machine-readable way

Providers of generative AI systems — those who develop and place on the market models producing synthetic text, images, audio, or video — must ensure that their outputs are marked in a machine-readable format and detectable as artificially generated or manipulated.

In practice, this pushes the industry toward technical solutions such as:

invisible digital watermarking, like the SynthID watermarking approach;
cryptographically signed provenance metadata, via the C2PA standard and Content Credentials;
robust markers, designed to survive recompression and cropping as far as possible.

The regulation remains technologically neutral: it sets the objective (make content identifiable) without mandating a single technology. This is precisely why market standards such as C2PA and watermarking are set to play a key role in demonstrating compliance.

Deployer side: inform the public

Deployers — companies, media, agencies, public administrations using these tools — have disclosure obligations:

Deepfakes: anyone distributing an image, sound, or video constituting a deepfake (manipulated content resembling real people, objects, or events and capable of misleading) must disclose that the content has been artificially generated or manipulated. Adjustments exist notably for clearly artistic, satirical, or fictional works, where disclosure can be tailored so as not to distort the work.
Public-interest text: AI-generated text published to inform the public on matters of public interest must also be flagged, unless it has undergone assumed human editorial control.
Direct interaction: when a person interacts with an AI system (chatbot, conversational agent), they must be informed, unless it is obvious.

Table: who must do what

Actor	Role	Main transparency obligation	Concrete examples
Provider	Designs/places a generative model on the market	Mark outputs in machine-readable format, detectable as synthetic	Image-model studio, voice-generator vendor
Deployer	Uses AI to produce/distribute content	Disclose deepfakes; flag AI-generated public-interest text	Ad agency, newsroom, brand, public body
Chatbot deployer	Puts a conversational agent in front of the public	Inform the user they are talking to an AI	Automated customer service
Distributor/platform	Hosts and relays content	Facilitate display of labels and metadata	Social network, CMS, marketplace

Who is concerned, and beyond Europe?

The AI Act has extraterritorial reach: it applies not only to actors established in the EU, but also to those who, from outside the EU, make their systems or the outputs of those systems available on the European market. A US or Asian company whose AI content is viewed by European users therefore falls, in practice, within scope.

Concerned to varying degrees are:

model and content-generation platform vendors;
user companies (marketing, communications, e-commerce) that publish AI-assisted visuals or text;
media and newsrooms balancing transparency with editorial freedom;
platforms relaying third-party content;
public administrations communicating with the public.

Interplay with GDPR and the DSA

The AI Act does not stand alone. It interacts with the GDPR (when personal data is processed, for example a person's face in a deepfake) and with the Digital Services Act, which already imposes content-moderation and systemic-risk obligations — including disinformation — on large platforms. For a company, compliance must therefore be thought of cross-functionally, not regulation by regulation.

The timeline: phased entry into application

The AI Act entered into force in 2024, but its obligations apply progressively, across several phases staggered between 2025 and 2027. The general principle adopted by lawmakers:

the prohibitions (unacceptable-risk practices) apply first, within the earliest months;
rules on general-purpose AI models follow;
transparency obligations on generated content (deepfakes, text, interaction) and full application to high-risk systems come at later horizons, in the region of 2026 and beyond.

The exact dates and practical arrangements are clarified over time by the Commission, the future European AI Office, and implementing acts or guidelines. Rather than fixing a date to the day — which may evolve — it is safer to treat 2025-2026 as the progressive compliance window for content transparency, and to anticipate now.

Why anticipate despite the staggered timeline

Three reasons make waiting risky:

Market momentum: large platforms and providers are already deploying watermarking and Content Credentials, creating a de facto norm.
Tooling lead times: integrating detection and marking into a production chain takes months.
Reputational risk: distributing an unlabeled deepfake can damage a brand long before any regulatory sanction.

Practical consequences for companies

Beyond the text, what should you actually do? Compliance plays out in organization, processes, and tooling.

Map your AI uses

First step: know where generative AI is used in the company. Marketing visuals, product sheets, avatars, voiceovers, blog articles, social-media illustrations… Many organizations underestimate the real extent of these uses, often scattered across teams.

Set up a transparency chain

Once mapping is done, establish clear rules:

mark generated content systematically (visible mention and/or metadata);
preserve provenance of files (who generated what, with which tool);
check incoming content (UGC, supplier visuals) before publication;
document your procedures so you can demonstrate good faith.

This logic aligns with validating content compliance in the enterprise: transparency is not a one-off act but an auditable process.

The role of a forensic tool

Marking at the source is not enough: you also need to verify third-party or unmarked content. This is where forensic analysis comes in. TruthLens combines several layers of analysis — EXIF metadata, presence of a C2PA manifest, Error Level Analysis (ELA), PRNU, AI vision — to estimate an image's authenticity and produce a certified PDF report usable both internally and externally.

For a company, this addresses two AI Act needs: showing that it verifies the content it distributes, and documenting its decisions. You can analyze an image right now and get a detailed report.

AI Act need	Company action	What a tool like TruthLens adds
Identify synthetic content	Verify visuals before distribution	AI detection + C2PA/EXIF reading
Document compliance	Keep a record of checks	Timestamped certified PDF report
Secure the publishing chain	Control UGC and external sources	Browser extension + analysis API

Transparency and provenance: two sides of one trust

It helps to distinguish two complementary mechanisms that the AI Act indirectly encourages.

Marking (watermarking)

Watermarking embeds a signal in the content itself, ideally invisible and robust. It answers the requirement for outputs "detectable as artificially generated." Its limit: robustness against aggressive transformations remains a technical challenge, and not every generator applies it.

Provenance (Content Credentials)

Provenance attaches a signed identity record to the file, describing its origin and history. C2PA answers the traceability requirement. Its limit: metadata can be stripped on re-sharing, which is why combining approaches matters.

Together, marking and provenance form the technical backbone of the transparency the regulator wants. Understanding how to guarantee the authenticity of AI content helps you choose the right combination for your organization.

FAQ

Does the AI Act require me to label every AI-generated image?

The clearest disclosure obligation targets deepfakes (manipulated content resembling real people or events and liable to mislead) and public-interest text. For clearly creative or decorative visuals, obligations are more flexible. In practice, transparently labeling AI content remains the safest approach and the best aligned with the spirit of the regulation.

My company is outside the EU — am I concerned?

Yes, potentially. The AI Act has extraterritorial reach: as soon as your AI systems or their outputs are made available or accessed on the European market, you may fall within scope. It is better to build these requirements in early than to discover your exposure late.

Is watermarking enough to be compliant?

Watermarking is an important building block, but rarely sufficient on its own. Its robustness against transformations is limited, and it does not cover end-to-end traceability. Combining watermarking, C2PA provenance, explicit labeling, and forensic verification offers far more solid and demonstrable coverage.

How do I prove that I verify the content I distribute?

By documenting your checks. A timestamped analysis report — like the certified PDF report produced by TruthLens — attests that you examined a piece of content (metadata, C2PA, AI detection) before publishing. Kept within your processes, it serves as evidence of your diligence in case of a question or audit.