Introduction
The drafting of the first General-Purpose AI Code of Practice for the European Union marks a significant milestone in the development of AI governance. This initiative [4], involving approximately 1,000 stakeholders [1] [4], aims to establish a comprehensive framework to guide AI model providers in complying with the EU AI Act.
Description
Dr Theodoros Karathanasis will participate in meetings focused on drafting the first General-Purpose AI Code of Practice for the EU [3], a significant milestone in the iterative process involving approximately 1,000 stakeholders. This drafting process, facilitated by the European AI Office [4], commenced on September 30, 2024, and will unfold over four rounds, with the first round concluding by May 2, 2025. The initial draft [2] [4], released on November 14, 2024, was developed by independent experts and incorporates input from providers of general-purpose AI models while considering international approaches [1] [4]. It aims to assist these providers in complying with the EU AI Act, which took effect on August 1, 2025.
The draft serves as a foundational document [1] [2] [4], inviting feedback on several “Open Questions” to shape subsequent iterations. It outlines guiding principles and objectives [1] [4], aiming to provide clarity regarding the potential structure and content of the final Code [1]. Key areas of focus include transparency, copyright compliance [2] [5], risk identification and assessment [2], and governance risk mitigation [2]. While adherence to the Code is not mandatory [2], it is expected to play a crucial role in demonstrating compliance with the EU AI Act [2], which allows for the establishment of specific regulations for general-purpose AI models.
The draft outlines transparency obligations [2], requiring providers to maintain specific records [2], such as an Acceptable Use Policy and details on the web crawlers used for training data, addressing concerns from copyright holders [5]. It also proposes a policy framework for the lifecycle of general-purpose AI models, emphasizing the need for companies to implement a Safety and Security Framework (SSF) to manage risks proportionately to their systemic impact [5]. This includes measures for data protection and access controls [5], as well as ongoing risk assessments and the involvement of external experts when necessary [5].
The final document will establish clear objectives [1] [4], measures [1] [2] [3] [4] [5], and key performance indicators (KPIs) to guide the development and deployment of trustworthy and safe general-purpose AI models [1] [4]. Additionally, it will address systemic risks associated with these models, including risks related to cyber capabilities and autonomous systems [2], and will detail risk management policies for providers [2], suggesting both technical and governance measures [2].
Next week [1] [4], the Chairs will engage with stakeholders [1] [4], representatives from EU Member States, and observers in dedicated working group meetings to discuss the draft [1] [4]. Each working group will focus on recent drafting progress [1] [4], allowing participants to share their views and pose questions [1]. Following these discussions [1], key insights will be presented to the full Plenary [1]. Participants have been provided with the draft and will have until November 28 to submit written feedback through the Futurium platform. The Chairs may adjust the draft based on this input [1] [4], ensuring that the measures and KPIs are proportionate to the risks and consider the size of the AI model provider [1]. The Code will also reflect exemptions for open-source model providers [1] [4], emphasizing a balance between clear requirements and flexibility to adapt to technological advancements [1]. Non-compliance with the AI Act could result in substantial fines [5], reaching up to €35 million or seven percent of global annual profits [5], whichever is greater [5].
Conclusion
The development of the General-Purpose AI Code of Practice is poised to significantly impact AI governance within the EU. By establishing clear guidelines and performance indicators, the Code aims to ensure the safe and trustworthy deployment of AI models. Its implications extend to risk management, transparency [1] [2] [4] [5], and compliance [4] [5], with potential financial penalties for non-compliance underscoring its importance. The collaborative drafting process [1] [4], involving diverse stakeholders, reflects a commitment to creating a robust framework adaptable to technological advancements.
References
[1] https://eoc.org.cy/first-draft-of-the-general-purpose-ai-code-of-practice-published-written-by-independent-experts/
[2] https://www.akingump.com/en/insights/alerts/eu-ai-act-in-action-first-draft-general-purpose-ai-code-of-practice
[3] https://ai-regulation.com/event/eu-gpai-code-of-practice/
[4] https://digital-strategy.ec.europa.eu/en/library/first-draft-general-purpose-ai-code-practice-published-written-independent-experts
[5] https://www.engadget.com/ai/the-eu-publishes-the-first-draft-of-regulatory-guidance-for-general-purpose-ai-models-223447394.html
