Copyright, general purpose AI and the EU AI Act – insights from the second draft of the GPAI Code

The second draft of the EU’s General Purpose AI Code of Practice (GPAI Code) was published shortly before Christmas. Whilst it is very much still a working draft, it provides helpful insight into what may be expected of providers of general purpose AI (GPAI) models in order to comply with their copyright related obligations under Article 53 of the EU AI Act.

Background to the GPAI Code and the copyright aspects of the EU AI Act

The main purpose behind the GPAI Code is to give providers of general-purpose AI models guidance on compliance with Articles 53 and 56 of the EU AI Act. Article 53 is of particular interest from an IP perspective because it imposes two key copyright-related obligations on GPAI model providers who place their models on the EU market (regardless of where they were trained). Those providers must: 

1. put in place a policy to comply with EU copyright law, including, in particular, to identify and comply with any rights holders’ rights reservations preventing their works from being used for text and data mining (TDM) purposes (so-called “TDM opt-outs”); and
2. make publicly available a “sufficiently detailed” summary of the data used to train their model, according to a template to be provided by the AI Office. 

See our earlier blog for further detail.

Compliance with EU copyright law

It’s fair to say that the main copyright focus of this draft of the GPAI Code is on the first of the above-mentioned obligations – compliance with EU copyright law – which is covered in “Commitment 2” of the current draft.

That commitment is broken down into the following 11 “measures”, each with their own key performance indicators (with certain exceptions for SMEs), providing further granularity on what is required to achieve compliance.

1. Draw up and implement an internal copyright policy to comply with EU copyright law, covering all phases of development (including data collection, training, testing and placing on the market) and assign internal responsibilities for implementing and overseeing that policy. 
2. Publish a summary of the internal copyright policy on the GPAI model provider’s website, for transparency purposes.
3. Make reasonable efforts to assess the copyright compliance of third party datasets, including by carrying out copyright due diligence before entering into contracts with third parties for use of data sets in developing GPAI models and, for private non-publicly accessible datasets, make reasonable and proportionate efforts to obtain assurances from each third party about their compliance with EU copyright law, including with respect to the copyright status of data in the dataset, lawful access to that data and compliance with rights holders’ TDM opt-outs. 
4. For those signatories engaging in TDM for the purpose of training their GPAI models, make reasonable and proportionate efforts to ensure they have lawful access to all copyright content taken.
5. Take reasonable and proportionate measures not to crawl websites making available copyright infringing content.
6. Respect the Robot Exclusion Protocol (robots.txt) by employing crawlers that read and follow instructions expressed in accordance with that protocol.
7. Make best efforts, proportionate to the size and capacity of the GPAI model provider in question, to identify and comply with other appropriate expressions of rights reservation (at source or work level).
8. Publish, on their website, information about the measures they adopt to identify and comply with TDM opt-outs, including the name of all crawlers used for data collection and their relevant robots.txt features.
9. Make best efforts to prevent copyright-related overfitting in order to mitigate the risk that downstream AI systems generate copyright infringing outputs.
10. Prohibit copyright infringing uses of the model through terms and conditions, acceptable use policies or similar.
11. Designate a single point of contact to enable rights holders to communicate with them and to lodge complaints relating to the use of their works in the signatory’s GPAI model.

Summary of training data

Interestingly, the latest draft of the GPAI Code does not provide any further clarity on what should be included in the “sufficiently detailed” summary of training data required under Article 53(1)(d) of the EU AI Act. The press release accompanying publication of the second draft does, however, note that we can expect a proposal on the EU AI Office’s template “early next year” and that the EU AI Office will take into account comments from the GPAI Code participants before that template is officially adopted by the European Commission.

Comment

Whilst it is helpful to see how the GPAI Code is shaping up, it is still relatively early days and we expect more detail to be added as the code is further developed and updated.

With the UK Government’s recently launched consultation on copyright and AI suggesting a desire on the part of the UK Government to align the UK more closely with the copyright position under EU law (see here), we are watching to see how closely the two ultimately end up being aligned. Close alignment will further support GPAI model providers to maintain a consistent and coherent IP compliance strategy across the EU and UK.