{"id":4877,"date":"2024-07-03T09:50:08","date_gmt":"2024-07-03T09:50:08","guid":{"rendered":"https:\/\/artificialintelligenceact.eu\/?p=4877"},"modified":"2025-08-15T18:20:02","modified_gmt":"2025-08-15T18:20:02","slug":"introduction-to-code-of-practice","status":"publish","type":"post","link":"https:\/\/artificialintelligenceact.eu\/introduction-to-code-of-practice\/","title":{"rendered":"An Introduction to the Code of Practice for General-Purpose AI"},"content":{"rendered":"\n<p><em><em>Last updated: 14 August 2025.<\/em><\/em><\/p>\n\n\n\n<p>As AI Act implementation gradually unfolds, it is important to understand the different mechanisms of enforcement included in the Regulation. One of the most important is the general-purpose AI Code of Practice, which was developed by the AI Office and a wide range of stakeholders.<\/p>\n\n\n\n<p><em>This summary, detailing the Code of Practice for general-purpose AI model providers, was put together by <\/em><a href=\"https:\/\/www.linkedin.com\/in\/jimmy-g-farrell\/\"><em>Jimmy Farrell<\/em><\/a><em>, EU AI policy co-lead at <\/em><a href=\"https:\/\/www.pourdemain.ngo\/en\"><em>Pour Demain<\/em><\/a><em>, and <\/em><a href=\"https:\/\/www.linkedin.com\/in\/tekla-emborg-b12aab166\/\"><em>Tekla Emborg<\/em><\/a><em>, Policy Researcher at <\/em><a href=\"https:\/\/futureoflife.org\/\"><em>Future of Life Institute<\/em><\/a><em>. For further questions, please reach out to <\/em><a href=\"mailto:jimmy.farrell@pourdemain.eu\"><em>jimmy.farrell@pourdemain.eu<\/em><\/a><em>.&nbsp;<\/em><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<div style=\"height:18px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p style=\"font-size:1.2em\">As AI Act implementation gradually unfolds, it is important to understand the different mechanisms of enforcement included in the Regulation. One of the most important is the general-purpose AI (GPAI) Code of Practice, which was developed by the AI Office and a wide range of stakeholders and published in July 2025.<\/p>\n\n\n\n<p>Coming up in this post:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#introduction\" data-type=\"internal\" data-id=\"#introduction\">Introduction<\/a><\/li>\n\n\n\n<li><a href=\"#standards-and-need-for-the-code\" data-type=\"internal\" data-id=\"#standards-and-need-for-the-code\">Standards and the Need for a Code of Practice<\/a>\n<ul class=\"wp-block-list\">\n<li><a href=\"#legal-requirements\" data-type=\"internal\" data-id=\"#legal-requirements\">Legal Requirements for the Code of Practice<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><a href=\"#brief-summary\" data-type=\"internal\" data-id=\"#brief-summary\">Brief Summary of Code of Practice Content<\/a><\/li>\n\n\n\n<li><a href=\"#scope-of-model-provider\" data-type=\"internal\" data-id=\"#scope-of-model-provider\">Scope of the GPAI Model Provider Definition<\/a>\n<ul class=\"wp-block-list\">\n<li><a href=\"#gpai-model-providers\" data-type=\"internal\" data-id=\"#gpai-model-providers\">GPAI Model Providers<\/a><\/li>\n\n\n\n<li><a href=\"#model-with-risk-providers\" data-type=\"internal\" data-id=\"#model-with-risk-providers\">GPAI Model with Systemic Risk Providers<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><a href=\"#signatures-who-signed\" data-type=\"internal\" data-id=\"#signatures-who-signed\">Signatures: Who Signed and What Does it Mean<\/a><\/li>\n\n\n\n<li><a href=\"#enforcement-of-the-code\" data-type=\"internal\" data-id=\"#enforcement-of-the-code\">Enforcement of the Code of Practice<\/a><\/li>\n\n\n\n<li><a href=\"#backstory\" data-type=\"internal\" data-id=\"#backstory\">Backstory: Drafting Process Paving the Road to the Code of Practice<\/a>\n<ul class=\"wp-block-list\">\n<li><a href=\"#working-group-structure\" data-type=\"internal\" data-id=\"#working-group-structure\">Working Group Structure<\/a><\/li>\n\n\n\n<li><a href=\"#plenary\" data-type=\"internal\" data-id=\"#plenary\">Plenary<\/a><\/li>\n\n\n\n<li><a href=\"#chairs-and-vice-chairs\" data-type=\"internal\" data-id=\"#chairs-and-vice-chairs\">Chairs and Vice-Chairs<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<div style=\"height:18px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div id=\"quick-summary\" class=\"wp-block-group has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"background-color:#edf1f4\">\n<h4 class=\"wp-block-heading\" id=\"quick-summary\">A quick summary on the Code of Practice:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Purpose<\/strong>: The AI Act Code of Practice (introduced in <a href=\"https:\/\/artificialintelligenceact.eu\/article\/56\/\">Article 56<\/a>) is a set of guidelines for compliance with the AI Act. It is a crucial tool for ensuring compliance with the EU AI Act obligations, especially in the <a href=\"https:\/\/artificialintelligenceact.eu\/implementation-timeline\/\">interim period<\/a> between when General Purpose AI (GPAI) model provider obligations came into effect (August 2025) and the adoption of standards (August 2027 or later). Though they are not legally binding, GPAI model providers can adhere to the Code of Practice to demonstrate compliance with GPAI model provider obligations until European standards come into effect.<\/li>\n\n\n\n<li><strong>Process<\/strong>: The Code was developed through a multi-stakeholder process, involving academic and independent experts, GPAI model providers, downstream deployers, members of civil society, and more.<\/li>\n\n\n\n<li><strong>Content<\/strong>: The Code has three chapters. The first two, Transparency and Copyright, apply to all GPAI model providers. The third, Safety and Security chapter, only applies to providers of GPAI models with systemic risk. For each chapter, the Code lays down certain commitments and corresponding measures for how providers can live up to the commitments.<\/li>\n\n\n\n<li><strong>Implementation<\/strong>: The Commission and the EU AI Board have <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/commission-opinion-assessment-general-purpose-ai-code-practice\">confirmed<\/a> that the GPAI Code is an adequate voluntary tool for providers of GPAI models to demonstrate compliance with the AI Act. Namely, the Code adequately covers the obligations provided for in <a href=\"https:\/\/artificialintelligenceact.eu\/article\/53\/\">Articles 53<\/a> and <a href=\"https:\/\/artificialintelligenceact.eu\/article\/55\/\">55<\/a> of the AI Act relevant to providers of GPAI models and GPAI models with systemic risk.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div style=\"height:18px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"introduction\">Introduction<\/h2>\n\n\n\n<p>This blog post explains the concept, process and significance of the Code of Practice, an AI Act tool to bridge the interim period between obligations for general-purpose AI (GPAI) model providers coming into force and the eventual adoption of harmonised European GPAI model standards. Following the publication of the final <a href=\"https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_25_1787\">Code of Practice<\/a> on 10 July, and the <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/commission-opinion-assessment-general-purpose-ai-code-practice\">confirmation<\/a> by the Commission and the AI Board of the adequacy of the final Code,&nbsp; this post summarises the most important and up-to-date information. A comprehensive summary of the content of the Code is provided in another <a href=\"https:\/\/artificialintelligenceact.eu\/code-of-practice-overview\/\">blog post<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"standards-and-need-for-the-code\">Standards and the Need for a Code of Practice<\/h2>\n\n\n\n<p>Following the entry into force of the AI Act on 1 August 2024, obligations within the Regulation are phased-in gradually, as detailed in an earlier <a href=\"https:\/\/artificialintelligenceact.eu\/ai-act-implementation-next-steps\/\">blog post<\/a>, with provisions on <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act\">prohibited AI systems<\/a> in effect since February 2025 and <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/guidelines-gpai-providers#:~:text=From%202%20August%202025%2C%20the,GPAI%20models%20enter%20into%20application.\">provisions relating to GPAI models<\/a> in effect since 2 August 2025. In the meantime, the complex process of developing harmonised European standards that operationalise AI Act obligations has begun. Whilst an official standardisation request has been adopted by the Commission and approved by CEN-CENELEC regarding standards for AI systems<sup data-fn=\"5a9a8e55-271d-4abf-8834-bf3d1cd5ad6c\" class=\"fn\"><a href=\"#5a9a8e55-271d-4abf-8834-bf3d1cd5ad6c\" id=\"5a9a8e55-271d-4abf-8834-bf3d1cd5ad6c-link\">1<\/a><\/sup>, an equivalent request on GPAI model standards is yet to be drafted. When such a standardisation request will be issued depends largely on how effectively the Code of Practice implements the relevant obligations under the AI Act. The standardisation process is detailed in a separate <a href=\"https:\/\/artificialintelligenceact.eu\/standard-setting\/\">blog post<\/a>.&nbsp;<\/p>\n\n\n\n<p>Under the AI Act, obligations for GPAI models, detailed in Articles 50-55, are enforceable twelve months<sup data-fn=\"17e4451c-5dfa-4712-b524-933d2abccae1\" class=\"fn\"><a href=\"#17e4451c-5dfa-4712-b524-933d2abccae1\" id=\"17e4451c-5dfa-4712-b524-933d2abccae1-link\">2<\/a><\/sup> after the Act enters into force (2 August 2025). However, the European standardisation process, involving mostly<sup data-fn=\"fcf73547-1822-456f-ad68-ac13208ff89e\" class=\"fn\"><a href=\"#fcf73547-1822-456f-ad68-ac13208ff89e\" id=\"fcf73547-1822-456f-ad68-ac13208ff89e-link\">3<\/a><\/sup> the European Committee for Standardisation (CEN) and the European Committee for Electrotechnical Standardisation (CENELEC), often takes up to three years<sup data-fn=\"de44d312-2237-4b42-8040-2c82bbd255dc\" class=\"fn\"><a href=\"#de44d312-2237-4b42-8040-2c82bbd255dc\" id=\"de44d312-2237-4b42-8040-2c82bbd255dc-link\">4<\/a><\/sup>. This process can last even longer with more technical standards, such as those for GPAI, and if drafted in coordination with International standards<sup data-fn=\"694c1235-4f04-40c1-a693-f49ebcd074e6\" class=\"fn\"><a href=\"#694c1235-4f04-40c1-a693-f49ebcd074e6\" id=\"694c1235-4f04-40c1-a693-f49ebcd074e6-link\">5<\/a><\/sup>, as prescribed in the AI Act<sup data-fn=\"084e2cda-53c5-4b17-8279-8ca438fc56e7\" class=\"fn\"><a href=\"#084e2cda-53c5-4b17-8279-8ca438fc56e7\" id=\"084e2cda-53c5-4b17-8279-8ca438fc56e7-link\">6<\/a><\/sup>. The multi-stakeholder engagement and consensus building approaches characteristic of standards setting further prolong the time-line. Thus, GPAI model provider obligations are not likely to be operationalised as technical standards any time soon.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"legal-requirements\">Legal requirements for the Code of Practice<\/h3>\n\n\n\n<p><a href=\"https:\/\/artificialintelligenceact.eu\/article\/56\/\">Article 56<\/a> of the AI Act outlines the Code of Practice as a placeholder mode of compliance to bridge the gap between GPAI model provider obligations coming into effect (twelve months) and the adoption of standards (three years or more). While <strong>not legally binding<\/strong>, GPAI model providers can rely on the Code of Practice to <strong>demonstrate compliance with GPAI model provider obligations in <\/strong><a href=\"https:\/\/artificialintelligenceact.eu\/article\/53\/\"><strong>Articles 53<\/strong><\/a><strong> and <\/strong><a href=\"https:\/\/artificialintelligenceact.eu\/article\/55\/\"><strong>55<\/strong><\/a> until standards are developed. These obligations include<sup data-fn=\"7f92ab9b-8f46-4746-83fe-434a2b4395dc\" class=\"fn\"><a href=\"#7f92ab9b-8f46-4746-83fe-434a2b4395dc\" id=\"7f92ab9b-8f46-4746-83fe-434a2b4395dc-link\">7<\/a><\/sup>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provision of technical documentation to the AI Office and National Competent Authorities<\/li>\n\n\n\n<li>Provision of relevant information to providers downstream that seek to integrate models into their AI or GPAI system (e.g. capabilities and limitations)<\/li>\n\n\n\n<li>Summaries of training data used<\/li>\n\n\n\n<li>Policies for complying with existing Union copyright law<\/li>\n<\/ul>\n\n\n\n<p>For GPAI models with systemic risk (models trained above the threshold of 10^25 floating point operations, or FLOP), further obligations include<sup data-fn=\"78538e92-a19e-421d-94e5-3c859e4ab548\" class=\"fn\"><a href=\"#78538e92-a19e-421d-94e5-3c859e4ab548\" id=\"78538e92-a19e-421d-94e5-3c859e4ab548-link\">8<\/a><\/sup>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>State of the art model evaluations<\/li>\n\n\n\n<li>Risk assessment and mitigation<\/li>\n\n\n\n<li>Serious incident reporting, including corrective measures<\/li>\n\n\n\n<li>Adequate cybersecurity protection<\/li>\n<\/ul>\n\n\n\n<p>Providers who do not demonstrate compliance with the Code of Practice will have to prove compliance to the above obligations to the Commission by alternative, possibly more burdensome and time-consuming means.<sup data-fn=\"ca191054-77b1-4e94-b71c-5eb05c398cb9\" class=\"fn\"><a href=\"#ca191054-77b1-4e94-b71c-5eb05c398cb9\" id=\"ca191054-77b1-4e94-b71c-5eb05c398cb9-link\">9<\/a><\/sup><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"brief-summary\">Brief Summary of Code of Practice Content<\/h2>\n\n\n\n<p>Since the drafting process began in October 2024, three draft versions of the Code of Practice were published before the final version in July 2025. The drafting Chairs and Vice-Chairs have set up an <a href=\"https:\/\/code-of-practice.ai\/?section=summary\">interactive web-page<\/a> with the full text, FAQ, and summaries. A comprehensive overview of the content of the Code is also provided in <a href=\"https:\/\/artificialintelligenceact.eu\/code-of-practice-overview\/\">another blog post<\/a>. Below you find a short summary.<\/p>\n\n\n\n<p>Overall, the Code has <strong>three chapters<\/strong>. The first two, Transparency and Copyright, apply to all GPAI model providers. The third, Safety and Security chapter, only applies to providers of GPAI models with systemic risk (above the 10^25 FLOP threshold), currently a small group of 5-15 companies worldwide<sup data-fn=\"24e17c46-748b-44a9-8b46-fd9c4fe3f1f1\" class=\"fn\"><a href=\"#24e17c46-748b-44a9-8b46-fd9c4fe3f1f1\" id=\"24e17c46-748b-44a9-8b46-fd9c4fe3f1f1-link\">10<\/a><\/sup>. The Code lays down a total of 12 commitments &#8211; one for each of the two first chapters and 10 for the Safety and Security Chapter &#8211; and corresponding measures for how providers can live up to the commitments.<\/p>\n\n\n\n<p><strong>Transparency chapter (all GPAI model providers)<\/strong><\/p>\n\n\n\n<p>Under this chapter, signatories commit to maintaining up-to-date, comprehensive documentation for every GPAI model they distribute within the EU (except for models that are free, open-source, and pose no systemic risk). This documentation must follow a standardized Model Documentation Form, detailing licensing, technical specs, use cases, datasets, compute and energy usage, and more. This documentation should be securely stored for at least ten years and made available, upon request, to the AI Office and downstream users. Public release of this information is encouraged to promote transparency.<\/p>\n\n\n\n<p><strong>Copyright chapter (all GPAI model providers)<\/strong><\/p>\n\n\n\n<p>Signatories commit to develop and regularly update a robust copyright policy that clearly defines internal responsibilities and complies with legal standards. They must ensure that data collected via web crawling is lawfully accessible, respect machine-readable rights signals like robots.txt, and avoid accessing websites flagged for copyright infringement. Technical safeguards should minimize the generation of infringing content, and terms of service must clearly prohibit unauthorized use. A designated contact point must be provided for copyright holders to submit complaints, with efficient and fair processes for handling them.&nbsp;<\/p>\n\n\n\n<p><strong>Safety and Security chapter (only GPAI model with systemic risk providers)<\/strong><\/p>\n\n\n\n<p>This chapter only concerns providers of GPAI models with systemic risk. Signatories must develop a state-of-the-art Safety and Security Framework before model release, outlining evaluation triggers, risk categories, mitigation strategies, forecasting methods, and organizational responsibilities. Systemic risks are to be identified through structured processes such as inventories, scenario analysis, and consultation with internal and external experts. Before progressing with development or deployment, signatories must evaluate whether identified risks are acceptable, applying defined risk-tier frameworks with built-in safety margins. A mandatory Safety and Security Model Report must be submitted prior to release and updated as risks evolve. To ensure organizational accountability, signatories must clearly assign oversight, ownership, monitoring, and assurance roles within their governance structures and ensure adequate resources, a strong risk culture, and protections for whistleblowers. Serious incidents must be promptly tracked, documented, and reported to regulators according to severity and tight deadlines. Finally, signatories are required to retain detailed records of safety and risk management activities for a minimum of ten years.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"scope-of-model-provider\">Scope of the GPAI Model Provider Definition<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"gpai-model-providers\">GPAI Model Providers<\/h3>\n\n\n\n<p>The <strong>Transparency and Copyright chapters of the Code are relevant to all providers of GPAI models<\/strong>. \u2018General-purpose AI models\u2019 are defined under the AI Act as models that display significant generality and are capable of competently performing a wide range of distinct tasks and that can be integrated into a variety of downstream systems or applications.<sup data-fn=\"62cd6787-bd15-443c-b68a-c2fa557f67df\" class=\"fn\"><a href=\"#62cd6787-bd15-443c-b68a-c2fa557f67df\" id=\"62cd6787-bd15-443c-b68a-c2fa557f67df-link\">11<\/a><\/sup> As an indicative criterion, the <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">GPAI Guidelines<\/a> suggest that models trained on more than 10^23 FLOP that can generate language, text-to-image or text-to-video are to be considered GPAI.<sup data-fn=\"048a637d-9296-4068-aec4-765a595125f5\" class=\"fn\"><a href=\"#048a637d-9296-4068-aec4-765a595125f5\" id=\"048a637d-9296-4068-aec4-765a595125f5-link\">12<\/a><\/sup> The model release mode (open weights, API, etc.) does not matter for the sake of the GPAI model definition, except when the model is used for research, development or prototyping activities prior to market placement.<sup data-fn=\"86f82661-ff9c-4122-b434-e0319634caca\" class=\"fn\"><a href=\"#86f82661-ff9c-4122-b434-e0319634caca\" id=\"86f82661-ff9c-4122-b434-e0319634caca-link\">13<\/a><\/sup> However, the release mode does matter for the applicable obligations as providers of GPAI models that are released under a free and open-source license are exempt from the obligations under Article 53 (1)(a) and (b).<sup data-fn=\"3328fdf1-1677-42b8-9359-f32beee09b6f\" class=\"fn\"><a href=\"#3328fdf1-1677-42b8-9359-f32beee09b6f\" id=\"3328fdf1-1677-42b8-9359-f32beee09b6f-link\">14<\/a><\/sup> GPAI model providers are natural or legal persons, public authorities, agencies or other bodies that develop a GPAI model or have a GPAI model developed and place it on the market under its own name or trademark, whether for payment or for free.<sup data-fn=\"5a697afd-d28f-47bd-b585-cbae73d7b9c7\" class=\"fn\"><a href=\"#5a697afd-d28f-47bd-b585-cbae73d7b9c7\" id=\"5a697afd-d28f-47bd-b585-cbae73d7b9c7-link\">15<\/a><\/sup><\/p>\n\n\n\n<p>It is possible for a downstream modifier to become the provider of a GPAI model first provided by an upstream actor. The Commission guidelines suggest that this will only be the case if the modification leads to a \u2018significant change in the model\u2019s generality, capabilities, or systemic risk\u2019.<sup data-fn=\"139ef1d6-4100-4f0e-a085-9cf8bcbdabae\" class=\"fn\"><a href=\"#139ef1d6-4100-4f0e-a085-9cf8bcbdabae\" id=\"139ef1d6-4100-4f0e-a085-9cf8bcbdabae-link\">16<\/a><\/sup> Such a change is presumed to happen if the downstream modifier uses more than one third compute for the modification relative to the compute used for the original model.<sup data-fn=\"8f0180b6-a5bd-40e0-bfbf-1f6a0258302e\" class=\"fn\"><a href=\"#8f0180b6-a5bd-40e0-bfbf-1f6a0258302e\" id=\"8f0180b6-a5bd-40e0-bfbf-1f6a0258302e-link\">17<\/a><\/sup> If this value is unknown to the downstream provider, this threshold is replaced by one third of the threshold for the model being presumed to be a GPAI model, which is currently 10^23 FLOP.<sup data-fn=\"d0b704cd-96b4-482b-85fe-1a3323710278\" class=\"fn\"><a href=\"#d0b704cd-96b4-482b-85fe-1a3323710278\" id=\"d0b704cd-96b4-482b-85fe-1a3323710278-link\">18<\/a><\/sup>&nbsp;<\/p>\n\n\n\n<p>The GPAI Guidelines provide examples to clarify the scope. For instance, a model trained using more than 10^24 FLOP for the narrow task of increasing the resolution of images is not considered a GPAI model.<sup data-fn=\"ce466a1d-3988-4ddf-81c2-d4f810ac1f65\" class=\"fn\"><a href=\"#ce466a1d-3988-4ddf-81c2-d4f810ac1f65\" id=\"ce466a1d-3988-4ddf-81c2-d4f810ac1f65-link\">19<\/a><\/sup> While the model in the example satisfies the compute threshold, it can only competently perform a narrow set of tasks, so it is not considered general-purpose.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"model-with-risk-providers\">GPAI Model with Systemic Risk Providers<\/h3>\n\n\n\n<p>The <strong>Safety and Security chapter of the Code is relevant to entities providing GPAI models systemic risk<\/strong>. \u2018Systemic risk\u2019 is defined as specific to the high-impact capabilities of GPAI models, having a significant impact on the Union market.<sup data-fn=\"ba13e9d1-7a6e-41e7-9986-ee954f4f3dc7\" class=\"fn\"><a href=\"#ba13e9d1-7a6e-41e7-9986-ee954f4f3dc7\" id=\"ba13e9d1-7a6e-41e7-9986-ee954f4f3dc7-link\">20<\/a><\/sup> This could be due to their reach or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain. Models are presumed to qualify as having high impact capabilities when the cumulative amount of computation used for its training is greater than 10^25 FLOP. This is a rebuttable presumption. Currently, it is estimated that <a href=\"https:\/\/epoch.ai\/data\/large-scale-ai-models#models-over-1e25-flop\">11 providers worldwide<\/a> provide models that surpass this threshold.<\/p>\n\n\n\n<p>It is possible for downstream modifiers to become providers of a new GPAI model with systemic risk, based on similar considerations as outlined above for GPAI downstream modifiers. I.e. if the downstream modifier uses more than one third compute for the modification relative to the training compute for the original GPAI model with systemic risk, the downstream modifier becomes the provider.<sup data-fn=\"eb357d8d-69b0-43b7-96f9-136dcba1f312\" class=\"fn\"><a href=\"#eb357d8d-69b0-43b7-96f9-136dcba1f312\" id=\"eb357d8d-69b0-43b7-96f9-136dcba1f312-link\">21<\/a><\/sup> If the original amount of training compute is unknown to the downstream provider, the threshold is replaced by one third of the threshold for the model being presumed to be a GPAI model with systemic risk, which is currently 10^25 FLOP.<\/p>\n\n\n\n<p>Providers of GPAI models with systemic risk can contest the classification by demonstrating that, despite surpassing the compute threshold, their model does not possess &#8216;high-impact capabilities&#8217; that match or exceed the most advanced models.<sup data-fn=\"b6081139-e193-485d-bfa2-e0312310e1cc\" class=\"fn\"><a href=\"#b6081139-e193-485d-bfa2-e0312310e1cc\" id=\"b6081139-e193-485d-bfa2-e0312310e1cc-link\">22<\/a><\/sup><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"signatures-who-signed\">Signatures: Who Signed and What Does it Mean<\/h2>\n\n\n\n<p>The Commission has <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/contents-code-gpai\">published<\/a> the signatory form, process description and a list of signatories on its website. The signatories include the majority of companies developing the most advanced GPAI models, with the notable exceptions of META and companies based in China. As per the date of this update, the following companies signed the Code of Practice:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Accexible<\/li>\n\n\n\n<li>AI Alignment Solutions<\/li>\n\n\n\n<li>Aleph Alpha<\/li>\n\n\n\n<li>Almawave<\/li>\n\n\n\n<li>Amazon<\/li>\n\n\n\n<li>Anthropic<\/li>\n\n\n\n<li>Bria AI<\/li>\n\n\n\n<li>Cohere<\/li>\n\n\n\n<li>Cyber Institute<\/li>\n\n\n\n<li>Domyn<\/li>\n\n\n\n<li>Dweve<\/li>\n\n\n\n<li>Euc Inova\u00e7\u00e3o Portugal<\/li>\n\n\n\n<li>Fastweb<\/li>\n\n\n\n<li>Google<\/li>\n\n\n\n<li>Humane Technology<\/li>\n\n\n\n<li>IBM<\/li>\n\n\n\n<li>Lawise<\/li>\n\n\n\n<li>Microsoft<\/li>\n\n\n\n<li>Mistral AI<\/li>\n\n\n\n<li>Open Hippo<\/li>\n\n\n\n<li>OpenAI<\/li>\n\n\n\n<li>Pleias<\/li>\n\n\n\n<li>re-inventa<\/li>\n\n\n\n<li>ServiceNow<\/li>\n\n\n\n<li>Virtuo Turing<\/li>\n\n\n\n<li>WRITER<\/li>\n<\/ul>\n\n\n\n<p>The GPAI Guidelines specify that providers of GPAI models (with systemic risk) can demonstrate compliance with their obligations under the AI Act by adhering to the Code of Practice, now that the AI Board and the AI Office have published their confirming assessments of the Code. For signatories, the Commission will focus their enforcement activities on monitoring adherence to the Code, show these increased trust, and may take commitments to the Code into account as mitigating factors when fixing the amount of fines.<sup data-fn=\"b2e19f61-d80d-4dda-9537-f47e26b371aa\" class=\"fn\"><a href=\"#b2e19f61-d80d-4dda-9537-f47e26b371aa\" id=\"b2e19f61-d80d-4dda-9537-f47e26b371aa-link\">23<\/a><\/sup> Non-signatories, on the other hand, are expected to demonstrate compliance via other adequate means.<sup data-fn=\"2b881005-56d6-4fd5-a037-7bcd2a3b04cb\" class=\"fn\"><a href=\"#2b881005-56d6-4fd5-a037-7bcd2a3b04cb\" id=\"2b881005-56d6-4fd5-a037-7bcd2a3b04cb-link\">24<\/a><\/sup> These may receive a larger number of requests for information, and will typically need to provide more detailed information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enforcement-of-the-code\">Enforcement of the Code of Practice<\/h2>\n\n\n\n<p>The GPAI rules took effect on 2 August 2, 2025, meaning all new models released from that date must comply. However, the Commission\u2019s enforcement actions \u2013 such as requests for information, access to models, or model recalls \u2013 will only begin a year later, on 2 August 2, 2026. This grace period gives providers time to work with the AI Office to ensure they meet the standards. For models released before 2 August 2, 2025, providers have until 2 August 2, 2027 to bring them into compliance.<\/p>\n\n\n\n<p>According to the GPAI Guidelines, the Commission will take a collaborative, staged and proportionate approach to its supervision, investigation, enforcement and monitoring of the GPAI provisions.<sup data-fn=\"7c0c00de-eb69-4ed6-88fd-a9ff80addf5b\" class=\"fn\"><a href=\"#7c0c00de-eb69-4ed6-88fd-a9ff80addf5b\" id=\"7c0c00de-eb69-4ed6-88fd-a9ff80addf5b-link\">25<\/a><\/sup><\/p>\n\n\n\n<p>The Commission may decide to approve of the Code by way of an implementing act, which would give it \u2018general validity\u2019 within the Union.<sup data-fn=\"204f8543-8206-455b-a713-30ea60bc6de1\" class=\"fn\"><a href=\"#204f8543-8206-455b-a713-30ea60bc6de1\" id=\"204f8543-8206-455b-a713-30ea60bc6de1-link\">26<\/a><\/sup> It is unclear whether the Commission will choose to do so and what the legal implications of such an implementing act would be.<\/p>\n\n\n\n<p><a href=\"https:\/\/thefuturesociety.org\/wp-content\/uploads\/2025\/06\/ProtectingGPAIRules.pdf\">Academics and civil society organisations<\/a>, as well as independent <a href=\"https:\/\/www.mlex.com\/mlex\/articles\/2364139\/experts-call-for-regular-reviews-risk-priorities-for-eu-s-code-for-ai-models\">experts involved<\/a> in drafting the code, have pointed out that adequate enforcement of the Code would require substantially more resources and staff than currently allocated. In particular, almost a threefold increase, compared to mid-2025 levels, in the number of staff in the Regulation and Compliance unit and AI Safety units of the AI Office. It is not yet clear whether such resources will be allocated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"backstory\">Backstory: Drafting Process Paving the Road to the Code of Practice<\/h2>\n\n\n\n<p>The drafting process began in October 2024 and included more than a thousand stakeholders, following an open <a href=\"https:\/\/ec.europa.eu\/eusurvey\/runner\/General-Purpose-AI-Code-of-Practice-Expression-Interest\">call for expression of interest<\/a>. These stakeholders provided written inputs on three different Code drafts. The participants included a range of actors including GPAI model providers, downstream providers, trade associations, academics, independent experts, and civil society organisations. This multi-stakeholder process was led by thirteen independent Chairs and Vice-Chairs.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"working-group-structure\">Working group structure<\/h3>\n\n\n\n<p>The Chairs divided the drafting into <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/news\/ai-act-participate-drawing-first-general-purpose-ai-code-practice#:~:text=The%20Code%20of%20Practice%20will,of%20Practice%20to%20demonstrate%20compliance.\">four different content categories<\/a> in accordance with the GPAI model section of the AI Act:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Working Group 1: Transparency and copyright-related rules<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Detailing documentation to downstream providers and the AI Office on the basis of Annexes XI and XII to the AI Act, policies to be put in place to comply with Union law on copyright and related rights, and making publicly available a summary about the training content.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Working Group 2: Risk identification and assessment measures for systemic risk<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Detailing the risk taxonomy based on a proposal by the AI Office and identifying and detailing relevant technical risk assessment measures, including model evaluation and adversarial testing.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Working Group 3: Risk mitigation measures for systemic risk<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Identifying and detailing relevant technical risk mitigation measures, including cybersecurity protection for the general-purpose AI model and the physical infrastructure of the model.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Working Group 4: Internal risk management and governance for general-purpose AI model providers<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Identifying and detailing policies and procedures to operationalise risk management in internal governance of general-purpose AI model providers, including keeping track of, documenting, and reporting serious incidents and possible corrective measures.<\/p>\n\n\n\n<p><em>Source: <\/em><a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/news\/ai-act-participate-drawing-first-general-purpose-ai-code-practice#:~:text=The%20Code%20of%20Practice%20will,of%20Practice%20to%20demonstrate%20compliance.\"><em>European Commission<\/em><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"plenary\">Plenary<\/h3>\n\n\n\n<p>After each new draft iteration, the Chairs hosted plenary sessions to answer questions and allow for stakeholder presentations. The Plenaries were divided into four working groups, based on the different content categories outlined above, with only one representative allowed from each organisation in every working group. The \u201ckick-off\u201d plenary happened on 30 September 2024 &#8211; a virtual meeting featuring nearly a thousand attendees<sup data-fn=\"de31087a-af96-4912-9977-da0dab53c859\" class=\"fn\"><a href=\"#de31087a-af96-4912-9977-da0dab53c859\" id=\"de31087a-af96-4912-9977-da0dab53c859-link\">27<\/a><\/sup> across industry, rightsholders, civil society, and academia.<sup data-fn=\"7b750162-ad2c-4cf7-8da9-a1222ac9def7\" class=\"fn\"><a href=\"#7b750162-ad2c-4cf7-8da9-a1222ac9def7\" id=\"7b750162-ad2c-4cf7-8da9-a1222ac9def7-link\">28<\/a><\/sup> Three further plenaries took place for all working groups. In parallel to the four working groups, there were dedicated workshops featuring GPAI model providers and WG Chair\/Vice-Chairs&nbsp;to inform each iterative drafting round, as these stakeholders were seen as the main addressees of the CoP. Further, there was a separate workshop for civil society organisations.<\/p>\n\n\n\n<p>The early phases of the drafting process stuck to the timeline as initially set out. In the latter phase,&nbsp; there was a two-week delay to the release of the third draft and plenary round, and a month delay in the publication of the final Code, presented in a&nbsp; Closing Plenary on <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/ai-code-practice\">3 July 2025<\/a> and published on 10 July.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXej9uRFGmgSoRqenz7ZXCtSHXDaUkA12vvasvXIQe3ta73Wptl1_zOmChX2QspS5SOm8uOaDY_V41cWA-azUDWwzLOq_SWPXUBRm8NZQP5mZHyFxWt7Yqr6q-7fA5vr6nxg0zel0gW2v4Qp76hK0d5oFKad?key=CycMQWQiJVs0CwB6eKj2mA\" alt=\"\"\/><\/figure>\n\n\n\n<p><em>Figure 1: CoP drafting process &#8211; Source: <\/em><a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/news\/ai-act-participate-drawing-first-general-purpose-ai-code-practice#:~:text=The%20Code%20of%20Practice%20will,of%20Practice%20to%20demonstrate%20compliance.\"><em>European Commission<\/em><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"chairs-and-vice-chairs\">Chairs and Vice-Chairs<\/h3>\n\n\n\n<p>The Chairs and Vice-Chairs were a crucial component of the Code of Practice drafting process. They were <a href=\"https:\/\/www.euractiv.com\/section\/tech\/news\/academics-to-chair-drafting-the-code-of-practice-for-general-purpose-ai\/\">designated<\/a> based on demonstrated expertise in relevant areas, ability to fulfill the role (time commitments and operational experience) and independence, referring to <em>\u201cno financial interest or other interest, which could affect their independence, impartiality and objectivity\u201d. <\/em>They were the \u201cpen holders\u201d responsible for collating the input from all stakeholders into one succinct Code of Practice. The Chairs, and their respective background, are listed below:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Working Group 1:<\/strong> Transparency and copyright-related rules<\/h4>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th><strong>Name<\/strong><\/th><th><strong>Role<\/strong><\/th><th><strong>Expertise<\/strong><\/th><th><strong>Country<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Nuria Oliver<\/td><td>Co-chair<\/td><td>Director of the ELLIS Alicante Foundation<\/td><td>Spain<\/td><\/tr><tr><td>Alexander Peukert&nbsp;<\/td><td>Co-chair<\/td><td>Professor of Civil, Commercial, and Information Law at Goethe University Frankfurt am Main<\/td><td>Germany<\/td><\/tr><tr><td>Rishi Bommasani<\/td><td>Vice Chair<\/td><td>Society Lead at the Stanford Center for Research on Models as part of the Stanford Institute for Human-Centered AI<\/td><td>US<\/td><\/tr><tr><td>C\u00e9line Castets-Renard<\/td><td>Vice Chair<\/td><td>Full Law Professor at the Civil Law Faculty, University of Ottawa, and Research Chair Holder Accountable AI in a Global Context<\/td><td>France<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Working Group 2:<\/strong> Risk identification and assessment, including evaluations<\/h4>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Name<\/th><th>Role<\/th><th>Expertise<\/th><th>Country<\/th><\/tr><\/thead><tbody><tr><td>Matthias Samwald&nbsp;<\/td><td>Chair<\/td><td>Associate Professor at the Institute of Artificial Intelligence at the Medical University of Vienna<\/td><td>Austria<\/td><\/tr><tr><td>Marta Ziosi<\/td><td>Vice Chair<\/td><td>Postdoctoral Researcher at the Oxford Martin AI Governance Initiative<\/td><td>Italy<\/td><\/tr><tr><td>Alexander Zacherl<\/td><td>Vice Chair<\/td><td>Independent Systems Designer. Previously at UK AI Safety Institute and DeepMind<\/td><td>Germany<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Working Group 3: <\/strong>Technical risk mitigation<\/h4>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th><strong>Name<\/strong><\/th><th>Role<\/th><th>Expertise<\/th><th>Country<\/th><\/tr><\/thead><tbody><tr><td>Yoshua Bengio<\/td><td>Chair<\/td><td>Full Professor at Universit\u00e9 de Montr\u00e9al, and the Founder and Scientific Director of Mila \u2013 Quebec AI Institute (Turing Award Winner)<\/td><td>Canada<\/td><\/tr><tr><td>Daniel Privitera<\/td><td>Vice Chair<\/td><td>Founder and Executive Director of the KIRA Center<\/td><td>Italy and Germany<\/td><\/tr><tr><td>Nitarshan Rajkumar<\/td><td>Vice Chair<\/td><td>PhD candidate researching AI at the University of Cambridge<\/td><td>Canada<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Working Group 4:<\/strong> Internal risk management and governance of General-purpose AI providers<\/h4>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th><strong>Name<\/strong><\/th><th><strong>Role<\/strong><\/th><th><strong>Expertise<\/strong><\/th><th><strong>Country<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Marietje Schaake<\/td><td>Chair<\/td><td>Fellow at Stanford\u2019s Cyber Policy Center and at the Institute for Human-Centred AI<\/td><td>Netherlands<\/td><\/tr><tr><td>Markus Anderljung<\/td><td>Vice Chair<\/td><td>Director of Policy and Research at the Centre for the Governance of AI<\/td><td>Sweden<\/td><\/tr><tr><td>Anka Reuel<\/td><td>Vice Chair<\/td><td>Computer Science Ph.D. candidate at Stanford University<\/td><td>Germany<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The time commitment for these consequential positions was significant. However, for financial independence reasons, the Chair or Vice-Chair positions were all unpaid (this also applied to all Plenary participants), but they were supported by external contractors, namely a <a href=\"https:\/\/content.mlex.com\/#\/content\/1598151\/ai-model-providers-to-see-eu-code-of-practice-drafting-involve-french-consultancy-wavestone\">consortium of consultancies<\/a> including French consultancy Wavestone.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Notes and references<\/h2>\n\n\n<ol class=\"wp-block-footnotes\"><li id=\"5a9a8e55-271d-4abf-8834-bf3d1cd5ad6c\"><a href=\"https:\/\/ec.europa.eu\/growth\/tools-databases\/enorm\/mandate\/593_en\" data-type=\"link\" data-id=\"https:\/\/ec.europa.eu\/growth\/tools-databases\/enorm\/mandate\/593_en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">\u00a0<a href=\"https:\/\/ec.europa.eu\/growth\/tools-databases\/enorm\/mandate\/593_en\">Standardisation request for AI systems<\/a><\/a> <a href=\"#5a9a8e55-271d-4abf-8834-bf3d1cd5ad6c-link\" aria-label=\"Jump to footnote reference 1\">\u21a9\ufe0e<\/a><\/li><li id=\"17e4451c-5dfa-4712-b524-933d2abccae1\"><a href=\"https:\/\/artificialintelligenceact.eu\/article\/113\/\" data-type=\"article\" data-id=\"3056\">Article 113(b)<\/a> <a href=\"#17e4451c-5dfa-4712-b524-933d2abccae1-link\" aria-label=\"Jump to footnote reference 2\">\u21a9\ufe0e<\/a><\/li><li id=\"fcf73547-1822-456f-ad68-ac13208ff89e\">\u00a0The European Telecommunications Standards Institute (ETSI) may also be involved. <a href=\"#fcf73547-1822-456f-ad68-ac13208ff89e-link\" aria-label=\"Jump to footnote reference 3\">\u21a9\ufe0e<\/a><\/li><li id=\"de44d312-2237-4b42-8040-2c82bbd255dc\">\u00a0<a href=\"https:\/\/www.cencenelec.eu\/european-standardization\/european-standards\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CEN-CENELEC<\/a> <a href=\"#de44d312-2237-4b42-8040-2c82bbd255dc-link\" aria-label=\"Jump to footnote reference 4\">\u21a9\ufe0e<\/a><\/li><li id=\"694c1235-4f04-40c1-a693-f49ebcd074e6\"><a href=\"https:\/\/www.iso.org\/developing-standards.html#:~:text=The%20voting%20process%20is%20the,usually%20takes%20about%203%20years.\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ISO<\/a> <a href=\"#694c1235-4f04-40c1-a693-f49ebcd074e6-link\" aria-label=\"Jump to footnote reference 5\">\u21a9\ufe0e<\/a><\/li><li id=\"084e2cda-53c5-4b17-8279-8ca438fc56e7\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/40\/\">Article 40(3)<\/a> <a href=\"#084e2cda-53c5-4b17-8279-8ca438fc56e7-link\" aria-label=\"Jump to footnote reference 6\">\u21a9\ufe0e<\/a><\/li><li id=\"7f92ab9b-8f46-4746-83fe-434a2b4395dc\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/53\/\">Article 53<\/a> <a href=\"#7f92ab9b-8f46-4746-83fe-434a2b4395dc-link\" aria-label=\"Jump to footnote reference 7\">\u21a9\ufe0e<\/a><\/li><li id=\"78538e92-a19e-421d-94e5-3c859e4ab548\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/55\/\">Article 55<\/a> <a href=\"#78538e92-a19e-421d-94e5-3c859e4ab548-link\" aria-label=\"Jump to footnote reference 8\">\u21a9\ufe0e<\/a><\/li><li id=\"ca191054-77b1-4e94-b71c-5eb05c398cb9\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/53\/\">Article 53(4)<\/a> and <a href=\"https:\/\/artificialintelligenceact.eu\/article\/55\/\">55(2)<\/a> <a href=\"#ca191054-77b1-4e94-b71c-5eb05c398cb9-link\" aria-label=\"Jump to footnote reference 9\">\u21a9\ufe0e<\/a><\/li><li id=\"24e17c46-748b-44a9-8b46-fd9c4fe3f1f1\">\u00a0<a href=\"https:\/\/code-of-practice.ai\/?section=safety-security\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Safety and Security FAQ<\/a> <a href=\"#24e17c46-748b-44a9-8b46-fd9c4fe3f1f1-link\" aria-label=\"Jump to footnote reference 10\">\u21a9\ufe0e<\/a><\/li><li id=\"62cd6787-bd15-443c-b68a-c2fa557f67df\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/3\/\">Article 3(63)<\/a> <a href=\"#62cd6787-bd15-443c-b68a-c2fa557f67df-link\" aria-label=\"Jump to footnote reference 11\">\u21a9\ufe0e<\/a><\/li><li id=\"048a637d-9296-4068-aec4-765a595125f5\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Commission Guidelines<\/a> paragraph 17 <a href=\"#048a637d-9296-4068-aec4-765a595125f5-link\" aria-label=\"Jump to footnote reference 12\">\u21a9\ufe0e<\/a><\/li><li id=\"86f82661-ff9c-4122-b434-e0319634caca\">\u00a0However, note that the release mode does matter for the applicable obligations as providers of GPAI models that are released under a free and open-source license are exempt from the obligations under Article 53 (1)(a) and (b) (see <a href=\"https:\/\/artificialintelligenceact.eu\/article\/53\/\">Article 53(2)<\/a> and GPAI Guidelines chapter 4) <a href=\"#86f82661-ff9c-4122-b434-e0319634caca-link\" aria-label=\"Jump to footnote reference 13\">\u21a9\ufe0e<\/a><\/li><li id=\"3328fdf1-1677-42b8-9359-f32beee09b6f\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/53\/\">Article 53(2)<\/a> and <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">GPAI Guidelines<\/a> chapter 4 <a href=\"#3328fdf1-1677-42b8-9359-f32beee09b6f-link\" aria-label=\"Jump to footnote reference 14\">\u21a9\ufe0e<\/a><\/li><li id=\"5a697afd-d28f-47bd-b585-cbae73d7b9c7\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/3\/\">Article 3(3)<\/a> <a href=\"#5a697afd-d28f-47bd-b585-cbae73d7b9c7-link\" aria-label=\"Jump to footnote reference 15\">\u21a9\ufe0e<\/a><\/li><li id=\"139ef1d6-4100-4f0e-a085-9cf8bcbdabae\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 62 <a href=\"#139ef1d6-4100-4f0e-a085-9cf8bcbdabae-link\" aria-label=\"Jump to footnote reference 16\">\u21a9\ufe0e<\/a><\/li><li id=\"8f0180b6-a5bd-40e0-bfbf-1f6a0258302e\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 63 <a href=\"#8f0180b6-a5bd-40e0-bfbf-1f6a0258302e-link\" aria-label=\"Jump to footnote reference 17\">\u21a9\ufe0e<\/a><\/li><li id=\"d0b704cd-96b4-482b-85fe-1a3323710278\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 64 <a href=\"#d0b704cd-96b4-482b-85fe-1a3323710278-link\" aria-label=\"Jump to footnote reference 18\">\u21a9\ufe0e<\/a><\/li><li id=\"ce466a1d-3988-4ddf-81c2-d4f810ac1f65\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 20 <a href=\"#ce466a1d-3988-4ddf-81c2-d4f810ac1f65-link\" aria-label=\"Jump to footnote reference 19\">\u21a9\ufe0e<\/a><\/li><li id=\"ba13e9d1-7a6e-41e7-9986-ee954f4f3dc7\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/3\/\">Article 3(65)<\/a> <a href=\"#ba13e9d1-7a6e-41e7-9986-ee954f4f3dc7-link\" aria-label=\"Jump to footnote reference 20\">\u21a9\ufe0e<\/a><\/li><li id=\"eb357d8d-69b0-43b7-96f9-136dcba1f312\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 63 <a href=\"#eb357d8d-69b0-43b7-96f9-136dcba1f312-link\" aria-label=\"Jump to footnote reference 21\">\u21a9\ufe0e<\/a><\/li><li id=\"b6081139-e193-485d-bfa2-e0312310e1cc\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/52\/\">Article 52(2)<\/a> <a href=\"#b6081139-e193-485d-bfa2-e0312310e1cc-link\" aria-label=\"Jump to footnote reference 22\">\u21a9\ufe0e<\/a><\/li><li id=\"b2e19f61-d80d-4dda-9537-f47e26b371aa\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 94 <a href=\"#b2e19f61-d80d-4dda-9537-f47e26b371aa-link\" aria-label=\"Jump to footnote reference 23\">\u21a9\ufe0e<\/a><\/li><li id=\"2b881005-56d6-4fd5-a037-7bcd2a3b04cb\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 95 <a href=\"#2b881005-56d6-4fd5-a037-7bcd2a3b04cb-link\" aria-label=\"Jump to footnote reference 24\">\u21a9\ufe0e<\/a><\/li><li id=\"7c0c00de-eb69-4ed6-88fd-a9ff80addf5b\">\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\">Commission Guidelines<\/a> paragraph 102 <a href=\"#7c0c00de-eb69-4ed6-88fd-a9ff80addf5b-link\" aria-label=\"Jump to footnote reference 25\">\u21a9\ufe0e<\/a><\/li><li id=\"204f8543-8206-455b-a713-30ea60bc6de1\">\u00a0<a href=\"https:\/\/artificialintelligenceact.eu\/article\/56\/\">Article 56(6)<\/a> <a href=\"#204f8543-8206-455b-a713-30ea60bc6de1-link\" aria-label=\"Jump to footnote reference 26\">\u21a9\ufe0e<\/a><\/li><li id=\"de31087a-af96-4912-9977-da0dab53c859\">\u00a0Number disclosed in Commission <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/news\/kick-plenary-general-purpose-ai-code-practice-took-place-online\">press release<\/a> <a href=\"#de31087a-af96-4912-9977-da0dab53c859-link\" aria-label=\"Jump to footnote reference 27\">\u21a9\ufe0e<\/a><\/li><li id=\"7b750162-ad2c-4cf7-8da9-a1222ac9def7\">\u00a0Euractiv <a href=\"https:\/\/www.euractiv.com\/section\/tech\/news\/commission-discloses-disagreements-between-general-purpose-ai-providers-and-other-stakeholders\/\">article<\/a> discussing diversity of participants <a href=\"#7b750162-ad2c-4cf7-8da9-a1222ac9def7-link\" aria-label=\"Jump to footnote reference 28\">\u21a9\ufe0e<\/a><\/li><\/ol>","protected":false},"excerpt":{"rendered":"<p>Last updated: 14 August 2025. As AI Act implementation gradually unfolds, it is important to understand the different mechanisms of enforcement included in the Regulation. One of the most important is the general-purpose AI Code of Practice, which was developed by the AI Office and a wide range of stakeholders. This summary, detailing the Code [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"[{\"content\":\"<a href=\\\"https:\/\/ec.europa.eu\/growth\/tools-databases\/enorm\/mandate\/593_en\\\" data-type=\\\"link\\\" data-id=\\\"https:\/\/ec.europa.eu\/growth\/tools-databases\/enorm\/mandate\/593_en\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener nofollow\\\">\u00a0<a href=\\\"https:\/\/ec.europa.eu\/growth\/tools-databases\/enorm\/mandate\/593_en\\\">Standardisation request for AI systems<\/a><\/a>\",\"id\":\"5a9a8e55-271d-4abf-8834-bf3d1cd5ad6c\"},{\"content\":\"<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/113\/\\\" data-type=\\\"article\\\" data-id=\\\"3056\\\">Article 113(b)<\/a>\",\"id\":\"17e4451c-5dfa-4712-b524-933d2abccae1\"},{\"content\":\"\u00a0The European Telecommunications Standards Institute (ETSI) may also be involved.\",\"id\":\"fcf73547-1822-456f-ad68-ac13208ff89e\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/www.cencenelec.eu\/european-standardization\/european-standards\/\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener nofollow\\\">CEN-CENELEC<\/a>\",\"id\":\"de44d312-2237-4b42-8040-2c82bbd255dc\"},{\"content\":\"<a href=\\\"https:\/\/www.iso.org\/developing-standards.html#:~:text=The%20voting%20process%20is%20the,usually%20takes%20about%203%20years.\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener nofollow\\\">ISO<\/a>\",\"id\":\"694c1235-4f04-40c1-a693-f49ebcd074e6\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/40\/\\\">Article 40(3)<\/a>\",\"id\":\"084e2cda-53c5-4b17-8279-8ca438fc56e7\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/53\/\\\">Article 53<\/a>\",\"id\":\"7f92ab9b-8f46-4746-83fe-434a2b4395dc\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/55\/\\\">Article 55<\/a>\",\"id\":\"78538e92-a19e-421d-94e5-3c859e4ab548\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/53\/\\\">Article 53(4)<\/a> and <a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/55\/\\\">55(2)<\/a>\",\"id\":\"ca191054-77b1-4e94-b71c-5eb05c398cb9\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/code-of-practice.ai\/?section=safety-security\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener nofollow\\\">Safety and Security FAQ<\/a>\",\"id\":\"24e17c46-748b-44a9-8b46-fd9c4fe3f1f1\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/3\/\\\">Article 3(63)<\/a>\",\"id\":\"62cd6787-bd15-443c-b68a-c2fa557f67df\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener nofollow\\\">Commission Guidelines<\/a> paragraph 17\",\"id\":\"048a637d-9296-4068-aec4-765a595125f5\"},{\"content\":\"\u00a0However, note that the release mode does matter for the applicable obligations as providers of GPAI models that are released under a free and open-source license are exempt from the obligations under Article 53 (1)(a) and (b) (see <a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/53\/\\\">Article 53(2)<\/a> and GPAI Guidelines chapter 4)\",\"id\":\"86f82661-ff9c-4122-b434-e0319634caca\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/53\/\\\">Article 53(2)<\/a> and <a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">GPAI Guidelines<\/a> chapter 4\",\"id\":\"3328fdf1-1677-42b8-9359-f32beee09b6f\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/3\/\\\">Article 3(3)<\/a>\",\"id\":\"5a697afd-d28f-47bd-b585-cbae73d7b9c7\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 62\",\"id\":\"139ef1d6-4100-4f0e-a085-9cf8bcbdabae\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 63\",\"id\":\"8f0180b6-a5bd-40e0-bfbf-1f6a0258302e\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 64\",\"id\":\"d0b704cd-96b4-482b-85fe-1a3323710278\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 20\",\"id\":\"ce466a1d-3988-4ddf-81c2-d4f810ac1f65\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/3\/\\\">Article 3(65)<\/a>\",\"id\":\"ba13e9d1-7a6e-41e7-9986-ee954f4f3dc7\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 63\",\"id\":\"eb357d8d-69b0-43b7-96f9-136dcba1f312\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/52\/\\\">Article 52(2)<\/a>\",\"id\":\"b6081139-e193-485d-bfa2-e0312310e1cc\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 94\",\"id\":\"b2e19f61-d80d-4dda-9537-f47e26b371aa\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 95\",\"id\":\"2b881005-56d6-4fd5-a037-7bcd2a3b04cb\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act\\\">Commission Guidelines<\/a> paragraph 102\",\"id\":\"7c0c00de-eb69-4ed6-88fd-a9ff80addf5b\"},{\"content\":\"\u00a0<a href=\\\"https:\/\/artificialintelligenceact.eu\/article\/56\/\\\">Article 56(6)<\/a>\",\"id\":\"204f8543-8206-455b-a713-30ea60bc6de1\"},{\"content\":\"\u00a0Number disclosed in Commission <a href=\\\"https:\/\/digital-strategy.ec.europa.eu\/en\/news\/kick-plenary-general-purpose-ai-code-practice-took-place-online\\\">press release<\/a>\",\"id\":\"de31087a-af96-4912-9977-da0dab53c859\"},{\"content\":\"\u00a0Euractiv <a href=\\\"https:\/\/www.euractiv.com\/section\/tech\/news\/commission-discloses-disagreements-between-general-purpose-ai-providers-and-other-stakeholders\/\\\">article<\/a> discussing diversity of participants\",\"id\":\"7b750162-ad2c-4cf7-8da9-a1222ac9def7\"}]"},"categories":[1],"tags":[],"class_list":["post-4877","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"meta_box":[],"_links":{"self":[{"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/posts\/4877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/comments?post=4877"}],"version-history":[{"count":29,"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/posts\/4877\/revisions"}],"predecessor-version":[{"id":5977,"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/posts\/4877\/revisions\/5977"}],"wp:attachment":[{"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/media?parent=4877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/categories?post=4877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artificialintelligenceact.eu\/wp-json\/wp\/v2\/tags?post=4877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}