GPAI: final ver­si­on of the Commission’s Code of Prac­ti­ce and Guidelines

EN 
EN  DE  FR 

from

on

Indu­stries

Aut­ho­ri­ty

Laws

,

Topics

,
Take-Aways (AI)
  • The EU Com­mis­si­on published gui­de­lines for gene­ral-pur­po­se AI models on July 18, 2025; com­pli­ance crea­tes a pre­sump­ti­on of conformity.
  • The Code of Prac­ti­ce for GPAIM was fina­li­zed on July 10, 2025; it offers prac­ti­cal imple­men­ta­ti­on aids, but is not legal­ly binding.
  • GPAIM pro­vi­ders can join the code; some com­pa­nies (e.g. Meta) reject this and cri­ti­ci­ze legal uncertainties.

The AI Act pro­vi­des for both gene­ral Gui­de­lines of the Com­mis­si­on befo­re (“Gui­de­lines”; Art. 96) also Codes of Prac­ti­ce spe­ci­fi­cal­ly for pro­vi­ders of AI models for gene­ral pur­po­ses (GPAIM; the “Codes of Con­duct”; Art. 56).

In con­trast to the Gui­de­lines, the Codes of Prac­ti­ce are not published by the Com­mis­si­on, but by the Indu­stry – under the gui­dance of the AI Office – and are less con­cer­ned with the inter­pre­ta­ti­on of the rele­vant pro­vi­si­ons of the AI Act than with pos­si­ble prac­ti­cal imple­men­ta­ti­on measures.

Gui­de­lines for GPAIM providers

In pre­pa­ra­ti­on for the obli­ga­ti­ons of GPAIM pro­vi­ders coming into effect on August 2, 2025 (Art. 113), the EU Com­mis­si­on has now on July 18, 2025 the gui­de­lines for gene­ral-pur­po­se AI models published:

The gui­de­lines are not legal­ly bin­ding; the bin­ding inter­pre­ta­ti­on of the AI Act is reser­ved to the ECJ. Howe­ver, com­pli­ance with them gives rise to a pre­sump­ti­on of con­for­mi­ty with the obli­ga­ti­ons for pro­vi­ders of GPAI models, and the EU Com­mis­si­on will adhe­re to the Code of Prac­ti­ce in its enforce­ment of the AI Act.

Code of Prac­ti­ce for GPAIM pro­vi­ders: final version

At the same time July 10, 2025 the Code of Prac­ti­ce published in its final ver­si­on.

It does not estab­lish any bin­ding rules eit­her, but is inten­ded to pro­vi­de the indu­stry with assi­stance in com­ply­ing with the obli­ga­ti­ons of GPAIM pro­vi­ders and demon­st­ra­ting com­pli­ance. The Code of Prac­ti­ce con­sists of three chap­ters, Trans­pa­ren­cy and Copy­right (for all pro­vi­ders) and Secu­ri­ty (for GPAIM pro­vi­ders with syste­mic risks). The Mem­ber Sta­tes and the Com­mis­si­on now have to assess the appro­pria­ten­ess of the Code of Practice.

GPAIM pro­vi­ders are invi­ted to join the Code of Prac­ti­ce (Art. 56 para. 7). Meta has has alre­a­dy announ­ced that it will refrain from:

Euro­pe is hea­ding down the wrong path on AI,” Kaplan posted in a state­ment. “We have careful­ly review­ed the Euro­pean Commission’s Code of Prac­ti­ce for gene­ral-pur­po­se AI (GPAI) models and Meta won’t be sig­ning it. This Code intro­du­ces a num­ber of legal uncer­tain­ties for model deve­lo­pers, as well as mea­su­res which go far bey­ond the scope of the AI Act.”