Steam, Play, and App Store AI Content Disclosure Intake Checklist for Indie Teams (2026 Next Fest)

If your game uses any generative AI in player-visible paths—dialogue, voice, images, moderation assists, or dynamic quest text—you now maintain four parallel truth surfaces: Steam backend fields, Google Play Data Safety, Apple App Privacy labels, and partner PDF annexes. They do not share one form. They do share one failure mode in 2026: the answers disagree with the binary players download.

This is an AI integration workflow checklist, not legal advice. It translates publicly visible 2026 store patterns and forum-reported partner questions into a single evidence packet your team can update once per release and copy honestly into each intake.

Why this matters now (May 2026)

Three deadlines overlap:

1. Steam Next Fest October 2026 — Festival demos attract first-time players who read store AI labels after watching trailers. Mismatch between trailer voice (AI) and demo build (scripted) produces refund-adjacent trust hits even on free demos.
2. Mobile store enforcement cadence — Google Play and Apple continue tightening Data Safety / Privacy Nutrition reviews in 2026 Q2–Q3; AI-assisted features that call remote APIs without matching disclosure rows trigger upload blocks, not warnings.
3. Partner annex expansion — Publisher and platform questionnaires in 2026 increasingly include AI training data, human review, and fallback behavior sections separate from consumer-facing labels. Teams that answered Steam only get yellow flags when the annex asks for subprocessors you never listed.

The fix is not more lawyers on retainer for a three-person studio. The fix is one pinned disclosure packet in release-evidence/ai-disclosure/ that every store copy pulls from.

Direct answer (TL;DR)

1. Inventory every player-visible AI touchpoint (runtime API, on-device model, pre-generated asset).
2. Classify each touchpoint: generative vs assistive vs offline cached.
3. Pin subprocessors, data categories, retention, and human-gate owner in one JSON + Markdown packet.
4. Align demo, trailer, and store copy to the same classification—no "AI dialogue" marketing on a scripted demo.
5. Re-run intake checklist on every build hash you submit to Steam, Play, or App Store Connect.

The four surfaces (what each one actually asks)

None of these forms replace your privacy policy templates. They constrain what the policy must say.

Step 1 — Build the AI touchpoint inventory (ninety minutes)

Create release-evidence/ai-disclosure/touchpoint-inventory.md:

| ID | Feature | Runtime? | Model location | Player-visible? | Fallback if API down? | Owner |
|----|---------|----------|----------------|-----------------|----------------------|-------|
| T1 | NPC bark lines | Yes | Remote API | Yes | Scripted pool | Design |
| T2 | Capsule key art | No | Offline SD batch | Store only | N/A | Art |

Rules:

• Runtime means the shipped binary can call the model without a patch.
• Player-visible includes store page assets if the same pipeline generates in-game content.
• Fallback must exist for every runtime generative path before Next Fest—see LLM dialogue fallback resource list.

If a row has no fallback, the feature is not shippable in a festival demo under 2026 player expectations.

Step 2 — Classify generative vs assistive (the taxonomy partners use)

Generative (disclose aggressively): text, voice, images, or levels created at runtime for the player.

Assistive (still disclose, narrower scope): AI helps developers build content that ships static in the build.

Cached / offline: model ran in pipeline; player binary contains only outputs. Still disclose on Steam if outputs are marketed as AI; often simpler on mobile if no runtime collection.

Teams confuse assistive and generative constantly. The test: Does the player's session trigger a new model call? If yes, generative.

Step 3 — Steam AI content disclosure (2026 practical mapping)

Steam's backend questions evolve; treat them as categories, not checkboxes to minimize.

Workflow:

1. Open Steamworks → your app → AI Content (or equivalent 2026 section name).
2. For each touchpoint ID, map to Steam categories (text, art, voice, etc.).
3. If any runtime generative path exists, do not claim "no AI content."
4. Match store page short description—players cross-check in 2026.

Pair with demo honesty discipline: if the demo uses scripted dialogue only, store copy must not imply live LLM unless the festival build includes it.

Step 4 — Google Play Data Safety alignment

For Android or cross-platform titles:

1. Export SDK list from Gradle / Godot Android export / Unity external dependency manager.
2. Mark SDKs that call inference endpoints (OpenAI, Anthropic, Google AI, ElevenLabs, etc.).
3. Map each to Data Safety rows: data types collected, purpose, encryption, deletion.

2026 pattern: Teams ship a browser demo on itch and forget the Play AAB shares analytics SDKs with unrelated AI wrappers. Run the Google Play sixteen KB alignment pass in the same week as disclosure review—same release window.

Cross-shipping GameMaker HTML5 + Play? Queue the Play Data Safety chapter in your engine guide plan when you author mobile lanes.

Step 5 — Apple App Privacy labels

Apple's taxonomy ≠ Google's. Build a translation table in your packet:

Run ninety-minute App Privacy inventory before cert uploads.

Step 6 — Partner annex (human gates and training data)

Partners ask questions Steam does not:

• Was training data opt-in for your assets?
• Who approves model output before players see it?
• What happens when the model returns policy-violating text?

Answer with mechanisms, not virtues. Point to:

• Human-gated AI patch notes workflow for text promotion discipline.
• Course Lesson 180 patterns for red-team + human sign-off on governance packets (if you run live-ops education internally).
• release-evidence/ai-disclosure/human-gate-owners.md listing named roles—not "the team."

The single evidence packet layout

release-evidence/ai-disclosure/
  touchpoint-inventory.md
  subprocessor-list.json
  steam-answers-snapshot.md
  play-data-safety-snapshot.md
  apple-privacy-snapshot.md
  partner-annex-paragraphs.md
  demo-build-hash.txt
  trailer-claims-audit.md

subprocessor-list.json minimal schema:

{
  "version": "1.0.0",
  "vendors": [
    {
      "name": "Example Inference API",
      "purpose": "runtime_npc_paraphrase",
      "data_categories": ["user_text"],
      "retention_days": 0,
      "dpa_url": "https://vendor.example/dpa"
    }
  ]
}

Bump version when vendors change. Partner annex cites version, not "latest."

Trailer and demo claims audit (non-optional)

Before Next Fest upload:

Violations here are 2026 review bombs, not compliance paperwork.

Human-gated promotion workflow (runtime text)

For any generative text path:

1. Draft in staging environment only.
2. Auto-moderate with allow-listed categories.
3. Human promote to player-visible tables with signer ID + timestamp.
4. Log refusals—not only accepts.

Without step 3, you do not have a defensible partner answer. You have a liability.

Fallback net requirements (technical, not marketing)

Every runtime generative touchpoint needs:

• Deterministic scripted pool (size documented)
• Timeout ≤ 2s for festival builds (player patience threshold)
• Telemetry event ai_fallback_used (privacy-safe) to prove fallbacks fire—see PostHog first-event pipeline

Ninety-minute intake sprint (before each store submission)

Add Block: AI Disclosure to the 30-minute operating review: "Store answers match build hash Y/N."

Stack rationalization tie-in

Micro-studios consolidating to one engine and one storefront should consolidate AI vendors the same way. Four LLM APIs for four features means four DPA rows, four failure modes, and four disclosure drift vectors.

Pick:

• One runtime inference vendor (or on-device stack)
• One art pipeline vendor (if any)
• One moderation vendor

Common mistakes (2026)

1. Disclosing only on Steam while shipping mobile the same week.
2. Treating pre-generated voice lines as "not AI" because they were bounced offline.
3. Omitting analytics SDKs that send prompts or embeddings.
4. Letting marketing update store copy without engineering inventory sync.
5. Answering partner annex from memory instead of pinned packet version.
6. Shipping festival demo with generative path disabled but trailer still showing it.
7. No fallback—players hit error strings that read as bugs.

Subprocessor discipline (the row partners audit first)

Partners rarely care which model brand you prefer. They care whether your subprocessor list matches reality.

Minimum columns in subprocessor-list.json:

2026 failure mode: Game calls Vendor A in production but annex lists Vendor B because a contractor swapped API keys without updating JSON. Fix: CI grep for inference base URLs against allow-list in repo.

Incident response paragraph (pre-write for annex)

Before a crisis, pin a paragraph in partner-annex-paragraphs.md:

• How you disable runtime AI (feature flag name)
• Who can toggle it (role, not person name if team rotates)
• How you notify players (patch note channel)
• Retention of prompt logs (if any) and deletion SLA

You will not write this well at 2 a.m. when a moderation failure trends on social.

Console and Quest angles (PC-first teams still asked)

Even PC-only indies get annex questions about Meta Quest, PlayStation, or Xbox AI policies when signing platform NDAs. Your packet should include:

• Whether inference runs on-headset or phone-companion app
• Whether voice data leaves the device

If you answer "N/A," say why (PC SKU only) with build evidence—not blank cells.

Calendar: when to run intake relative to Next Fest

Changing Steam AI answers during fest without a matching build is a trust cliff.

Worked example (fictional three-touchpoint game)

Game: Cozy shop sim with optional LLM customer chatter, SD-generated portrait icons (offline), marketing trailer narrated by TTS.

Packet version 1.0.0 pins this table. Marketing cannot enable T1 in trailer until demo build includes T1 with fallback verified.

Governance packet crosswalk (advanced teams)

If you run live-ops governance education internally, map disclosure packet fields to:

• Lesson 180 human sign-off on red-team findings
• Lesson 172 mock-audit deficiency tags (ai_disclosure_drift as a failure mode tag you define)
• SLSA provenance pass so partners can tie disclosure version to build hash

Indies without SQL governance still benefit: the same hash discipline applies in Markdown.

Expanded common mistakes (store-review flavor)

8. Embedding player chat into support tickets without disclosure row for "user messages sent to vendor."
9. Moderation API that reads UGC but is not listed because "it's not generative."
10. A/B testing two disclosure regimes on different depots—pick one truth per app ID.
11. itch.io page claiming "no AI" while Steam says yes—players compare.
12. Press kit PDF out of sync with Steam—journalists quote press kit.

Programming integration notes (Unity / Godot / web)

Unity: Centralize inference calls behind one AiRuntimeService assembly; ban scatter UnityWebRequest posts to inference URLs from gameplay scripts.

Godot: Single autoload AiDialogueRouter with explicit MODE_SCRIPTED | MODE_LLM enum logged at boot.

Phaser / web: Disclose browser storage of prompts if you cache; tab refocus must not resend PII—pair with Phaser OOM / session playbook.

Decision tree

Q1: Does any player-visible content change per session because of a model call?
→ Yes → Full generative disclosure + fallback + human gate.

Q2: Is AI only used in Blender / Substance / external DCC?
→ Assistive → Disclose on Steam if marketed; simpler mobile if nothing runtime collects.

Q3: Are you submitting to a publisher this quarter?
→ Yes → Build partner annex paragraphs before Steam fields (annex is stricter).

Q4: Does demo build hash match disclosure packet demo-build-hash.txt?
→ No → Stop submission; update packet first.

Key takeaways

1. One evidence packet beats four ad-hoc form sessions.
2. Touchpoint inventory is the source of truth—not marketing memory.
3. Generative vs assistive classification drives every surface.
4. Demo + trailer + store must agree with the inventory.
5. Fallback nets are disclosure prerequisites for runtime AI in 2026 festivals.
6. Human-gated promotion is how you answer partner annex questions with receipts.
7. Mobile and Steam diverge in taxonomy—use a translation table.
8. Vendor rationalization reduces compliance surface like engine rationalization.
9. Re-run the ninety-minute sprint on every submission hash.
10. Pair disclosure work with privacy templates and LLM resource list.

FAQ

We only use AI in development. Do we disclose?
If no player-visible AI and no marketing claim, Steam may be "no." If marketing says "AI-assisted creation," disclose assistive scope honestly.

Is Copilot in our IDE a disclosure issue?
Not player-facing—document as dev tooling only; do not conflate with runtime generative paths.

Can we change disclosure after Next Fest starts?
Yes, but decreasing disclosed scope after players bought in reads as deception. Prefer narrowing marketing before narrowing forms.

What if our fallback is another cloud model?
Disclose both; fallback is not "off AI."

Do voice clones count?
Yes—voice is a first-class generative category on Steam and in partner annexes.

How does this relate to GDPR?
EU players still need lawful basis and subprocessors in privacy policy; this checklist aligns store forms with that policy.

We have no lawyer. Is this enough?
This is an engineering checklist. Have counsel review partner annex paragraphs before signing publisher deals.

Fastest win this week?
Create touchpoint-inventory.md with three rows max. Truth beats completeness.

Does fine-tuning on our own dataset change disclosure?
You still disclose runtime behavior and subprocessors; training posture is a partner annex paragraph, not a Steam checkbox substitute.

What about open-weight models run locally?
Disclose on-device generative behavior; mobile labels may still need "data not collected" if nothing leaves device—verify with counsel.

Can we defer mobile disclosure until after PC launch?
Only if you do not ship mobile binaries. The moment an AAB uploads, the packet must exist.

Moderation and UGC (often forgotten touchpoints)

If players can type text that your game sends to a moderation API, you have a runtime touchpoint even when output is not generative.

Disclose:

• That UGC leaves the device
• Categories moderated (harassment, PII, etc.)
• Whether moderated text is stored for appeals

Indie chat systems in 2026 frequently add moderation before festivals; add the touchpoint when you wire the API, not the night before upload.

Voice and likeness (2026 scrutiny)

Voice cloning and synthetic narration moved from novelty to default trailer polish. Disclosure rules:

• Trailer-only TTS → disclose on store and credit the tool in trailer end card
• In-game dynamic TTS → generative runtime + fallback (silent line or pre-baked alternate)
• Real actor performance with AI cleanup → assistive if no new words generated; generative if lines are synthesized

When unsure, disclose up and narrow marketing copy down.

Copy-paste blocks for store backends (edit to match inventory)

Steam short description addendum (if runtime generative):
"Includes optional AI-generated dialogue with scripted fallback when offline. See privacy policy for data handling."

Play Data Safety internal note:
"Runtime inference: user text submitted for dialogue paraphrase; not used for advertising; deleted within [N] days."

Partner annex single sentence:
"All player-visible model outputs pass human review via [role] before promotion; runtime inference can be disabled via [flag]."

Replace bracketed fields from packet—never ship brackets publicly.

Checklist export (printable)

• [ ] Touchpoint inventory matches build hash
• [ ] Every runtime row has fallback tested this week
• [ ] Subprocessor JSON version bumped if vendor changed
• [ ] Steam AI fields copied from snapshot
• [ ] Play + Apple rows copied from translation table
• [ ] Trailer audit table has zero "claim without demo" rows
• [ ] Partner annex paragraphs reference packet version
• [ ] Privacy policy URL live and matches subprocessors
• [ ] Operating review Block: AI Disclosure = Y

Glossary

• Touchpoint — Any feature where AI affects player-visible output or store marketing.
• Generative runtime — Model invoked during play session.
• Assistive pipeline — AI used in DCC; static output in build.
• Disclosure packet — Versioned release-evidence/ai-disclosure/ bundle.
• Human gate — Named role approving promotion of model output to players.

Workflow close: Disclosure intake is boring until it blocks a festival upload. Pin the packet now; copy answers in October without inventing a fifth story.