The European Commission has published the General-Purpose AI (GPAI) Code of Practice, effective from August 2, 2025. The code is an adequate voluntary tool for providers of GPAI models to demonstrate compliance with the AI Act, meeting the transparency, copyright, and safety requirements.

The code marks a pivotal advancement in ensuring that generative AI technologies are deployed responsibly across the EU market, striking a balance between fostering innovation and managing associated risks while reinforcing the transparency and accountability of model development and deployment processes.

Transparency serves as a cornerstone of the code, aligning with the obligations under Article 53 AI Act., along with Annexes XI and XII. The code guides enterprises to offer a user-friendly model documentation form, ensuring timely updates and maintaining records under stringent quality and integrity controls to prevent unintended modifications.

This approach enhances the reliability and verifiability of technical documentation, fostering trust among stakeholders and mitigating issues arising from information asymmetry during deployment.

Regarding copyright, the code places a strong emphasis on the need for providers to develop, update, and implement copyright policies, assigning clear responsibilities within organizations for execution and oversight.

A summary of these policies must be made publicly available, accompanied by a complaint mechanism to address potential infringements.

When crawling websites, only legally accessible copyrighted content should be replicated or extracted, with appropriate technical safeguards implemented to minimize the risk of copyright-infringing outputs.

This focus reflects the EU’s commitment to protecting intellectual property rights and ensuring fair competition, while addressing the ethical implications of content generation in the AI era.

Regarding Safety and Security, the code outlines concrete state-of-the-art practices for managing systemic risks. The code establishes clear acceptance criteria for systemic risks, mandating the implementation of mitigation and protective measures across organizational levels.

Responsibilities for managing these risks are explicitly defined, and authority is granted to independent external assessors to conduct evaluations.

Providers are also required to report serious incidents to the AI Office and national competent authorities within specified timeframes.

Industry responses to the code reveal a diverse range of perspectives. The majority of signatory companies view the code as a constructive step toward enhancing safety and compliance, though some express concerns about potential delays to AI development.

Conversely, opponents argue that the code introduce legal uncertainties and overextend the interpretation of the AI Act, potentially stifling the advancement of cutting-edge AI models.

Certain European stakeholders have voiced a preference for prioritizing the interests of EU citizens and writers over benefiting foreign companies operating outside the region.

The implementation of the GPAI Code of Practice is poised to exert a profound influence on the global AI industry, establishing a clear compliance pathway for the EU market while encouraging multinational enterprises to align with stringent governance standards, thereby steering generative AI technologies toward a more responsible and sustainable future.