EU Publishes Code of Practice as Deadline for AI Act’s Provisions on General-Purpose AI Models Nears

The European Commission on Thursday published “The General-Purpose AI Code of Practice,” which is meant to complement the European Artificial Intelligence (AI) Act approved last year.

The Code was developed by 13 independent experts across four working groups and with input from over 1,000 stakeholders, according to the European Commission.

The EU AI Act came into force on August 1, 2024, with most provisions of the regulation applying as of August 2, 2026. However, the regulation said that compliance for prohibited practices was to be in effect by February 2, 2025, considering “the unacceptable risk associated with the use of AI in certain ways.”

The European Parliament approved the Act, a major piece of legislation that lays the legal foundation of the European Union’s (EU) regulation of AI platforms, in March of 2024. Most of the provisions of the Act are aimed at protecting EU citizens from the worst safety and security risks that have become associated with the use of AI systems. The AI Act bans several uses of AI technologies, including the untargeted scraping of images to create facial recognition databases, emotion recognition in workplace and school settings, and social scoring systems. For EU law enforcement, the AI Act forbids predictive policing and also bans real-time biometric identification (RBI) applications with narrow exceptions for missing persons investigations and terrorist attack prevention.

On August 2, 2025, the governance rules and the obligations for general-purpose AI models will become applicable. General-purpose AI models are required by the AI Act to report data used in their training models, which must be documented “[w]ithout prejudice to the need to respect and protect intellectual property rights and confidential business information or trade secrets in accordance with Union and national law.” High-risk AI applications are similarly required to draft oversight documentation “without compromising their own intellectual property or trade secrets.”

At the time of approval of the Act, many creative and cultural organizations came out asking for additional IP measures to be considered as part of the Act. A coalition of European creators and rightsholders issued a joint statement welcoming the Act as providing the first tools for creators to enforce their rights with respect to AI models, but they also cautioned that a meaningful implementation process will be key, particularly with respect to the information required of General Purpose AI model providers: “[I]t is essential that the template for the sufficient level of information that General Purpose AI (GPAI) model providers must make available enables effective exercise and enforcement of copyright and other fundamental rights, and that creative sectors and rightsholders are formally and directly involved in its drafting,” said the statement.

The General-Purpose AI Code of Practice is organized into three chapters: Transparency, Copyright, and Safety and Security.

The Transparency chapter outlines the key obligations of signatories when placing a general-purpose AI model on the market, namely, “1) Drawing up and keeping up-to-date model documentation”; 2) “Providing relevant information” via a public website or contact information provided to the EU AI Office; and 3) “Ensuring quality, integrity, and security of information.”

The chapter also provides a model documentation form to help signatories fulfill these obligations.

The Copyright chapter guides signatories to 1) “Draw up, keep up-to-date and implement a copyright policy”; 2) “Reproduce and extract only lawfully accessible copyright-protected content when crawling the World Wide Web”; 3) “Identify and comply with rights reservations when crawling the World Wide Web”; 4) “Mitigate the risk of copyright-infringing outputs”; and 5) “Designate a point of contact and enable the lodging of complaints.”

Finally, the Safety and Security chapter, which is by far the longest of the three chapters, outlines ten commitments for signatories, such as identifying and analyzing systemic risks; creating a Safety and Security Framework; and implementing and reporting on safety and security mitigations.

According to the European Commission website, Member States and the Commission will assess the adequacy of the Code in the coming weeks. The rules become enforceable by the AI Office one year after August 2, 2025, for new models and two years after for existing models. “This aims to ensure that general-purpose AI models placed on the European market — including the most powerful ones — are safe and transparent,” said the Commission website.

The Computer & Communications Industry Association (CCIA) was critical of the code. CCIA said in a statement that “today’s final code of practice for general-purpose AI (GPAI) models still imposes a disproportionate burden on AI providers. That is concerning, given that this code was meant to clarify how to comply with the EU’s AI Act – a regulatory framework rushed through political negotiations and badly in need of clear guidance.”

Image Source: Deposit Photos
Author: Raffmaster
Image ID: 787295732