This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
THE LENS
Digital developments in focus
| 3 minute read

GPAI Model Code finally published

Today, the European Commission has published the final version of the General Purpose AI (GPAI) Code of Practice – the voluntary guide designed to help organisation comply with the GPAI provisions in the EU AI Act. 

The GPAI rules are due to come into force next month (on 2nd August). Despite media speculation about whether or not the EU would delay implementation of the AI Act in light of political and industry pressure, and the delayed publication of the Code itself (which was originally expected in May), the Commission has recently confirmed that it is still planning to push ahead with the original timeframes.

What’s in the Code?

The Code has three chapters:

  • Transparency:  transparency is a key requirement for GPAI model providers, given that such models underpin many AI systems and information is required to integrate the models into various downstream products. The code contains a Model Documentation Form which is intended to be a user friendly way of sharing the necessary information. 
  • Copyright: the aim is to help providers comply with the requirement in the EU AI Act to put in place a policy complying with EU copyright law, although its provisions have proved controversial, particularly with rights holders. We are producing a separate blog on the IP aspects of this code.  
  • Safety and Security: this chapter only applies to a limited number of providers of the most advanced models – namely those providers of GPAI models which pose systemic risk. The Commission describes this as including risks to fundamental rights and safety ‘including lowering barriers for the development of chemical or biological weapons, or risks related to loss of control over the model.’ These providers must assess and mitigate such risks, and the safety and security chapter contains practices for such systemic risk management. 

Guidance and FAQs

In addition to the Code, the Commission has published a set of FAQs (last updated in June) which accompany the GPAI rules and code, and cover questions such as “what are GPAI models?” and “if someone fine-tunes or otherwise modifies a model, do they have to comply with the obligations for providers of general-purpose AI models?.” The additional guidance which has been promised to clarify some of these questions is yet to be published, although this is now expected later in July.  

Next steps

The Code must be endorsed by both the Commission and by the Members states. Once this process is complete, providers of GPAI models who sign up to it can use the code to demonstrate their compliance with the GPAI provisions in the EU AI Act. Those that do not sign up to the Code will need to develop alternative means to complying with the obligations. 

The clarificatory guidance to accompany the FAQs is expected later in July, and definitely before the 2 August application date for the EU AI Act’s GPAI rules. 

The GPAI rules then become enforceable by the AI Office of the Commission one year later (August 2026) in relation to new GPAI models, and two years later (August 2027) for models that are already on the market.

Comment

The Code has had a somewhat bumpy journey so far. The EU AI Act provides for such a code to exist, and we have seen three drafts before this final version – all of which were drafted with stakeholder engagement.  The hope was therefore that it would provide a practical roadmap for compliance with the GPAI rules which gave certainty to providers, users and other impacted parties alike. Instead, to-date, it has received criticism from all sides, with model providers saying they will not sign up to the Code as they are unhappy with impractical provisions which go beyond the Act itself, and rights holders unhappy with what they see as a watering down of IP law. Changes have been made to this final version. However, whether they are enough to win round its critics is not yet clear. The mood music to-date is not sounding positive from the AI provider side. The Computer & Communications Industry Association, which counts many GPAI providers amongst its members, is concerned with the changes to the copyright guidance and more generally has stated that this final version of the Code “still imposes a disproportionate burden on AI providers.”  While the Act states that the AI Office may “invite” providers of GPAI models to adhere to codes of practice, it remains to be seen how many will voluntarily sign up to this GPAI Code. 

 

 

 

"Co-designed by AI stakeholders, the Code is aligned with their needs. Therefore, I invite all general-purpose AI model providers to adhere to the Code. Doing so will secure them a clear, collaborative route to compliance with the EU's AI Act" Henna Virkkunen, the EU Commission’s Executive Vice-President for Tech Sovereignty, Security and Democracy.

Sign up to receive the latest insights. Click here to subscribe to The Lens Blog.

Tags

ai, digital regulation