The EU has introduced a major update to its AI governance approach with the formal acceptance of the General-Purpose AI (GPAI) Code of Practice, a new framework designed to help foundation model providers comply with the EU AI Act. Developed with input from over 1,000 stakeholders across academia, industry and civil society, the Code offers practical guidance for operationalizing the AI Act’s principles. It applies to any AI model capable of performing a broad range of tasks, regardless of deployment method or integration into downstream systems. The EU Commission is actively encouraging adoption of the Code, positioning it as the most streamlined path to compliance and a means of reducing regulatory risk. This marks a critical step forward in enforcing the world’s most comprehensive AI legislation.
The code has three key chapters: Transparency, Copyright and Safety and Security.
Chapter 1: Transparency
This chapter mandates that all General Purpose AI (GPAI) providers clearly document and communicate their models’ capabilities, limitations and risks. They must complete a standardized Model Documentation Form, share it with relevant authorities and downstream users, and publish a detailed summary of their training data.
Chapter 2: Copyright
To uphold intellectual property rights, GPAI providers must adopt an EU-compliant copyright policy and respect content usage restrictions like robots.txt. They must also prevent their models from producing infringing outputs, define clear terms of service and designate a contact point for rights holder concerns.
Chapter 3: Safety and Security (For Models With Systemic Risk)
This chapter imposes stricter requirements on high-impact GPAI models deemed to pose systemic risk, requiring a full risk management framework, model testing, incident reporting and robust cybersecurity. Providers must implement strong monitoring and access controls, aligning with these interim standards as the AI Act continues to evolve.
Why it Matters
While the code is the responsibility of the model providers, the impact of the code will be felt by downstream developers, organizations that deploy AI, the end users and the public at large. Model providers that adhere to the GPAI code of practice will send a powerful trust signal to the rest of the ecosystem. The models will be better, safer and more easily aligned with positive outcomes as a result of the transparency and safety and security measures in the code.
- Developers: Inherit a higher level of safety and security from model providers. They know the foundational component has undergone rigorous risk management, adversarial testing, and cybersecurity hardening, which simplifies their own risk assessments. They can review documentation about the data that models were trained on. Trust and confidence lead to innovation speed.
- Deployers: Deployers can shortcut lengthy procurement evaluations by validating that a model provider complies with the GPAI code of practice- short hand for rigorous documentation and testing. Documentation of model risks can help deployers make better decisions and manage risk across the organization. Ultimately, higher quality foundation models will drive better results for businesses looking to drive their AI use cases.
- End users: End users can use AI systems that are more reliable and less risky. They can make better, more informed decisions about which systems they wish to use for what purposes, facilitating experimentation, trust and adoption..
- The public: AI systems that have a critical impact on things like loan applications or law enforcement are of higher quality and controlled for bias. Creating a clear chain of documentation and responsibility, the Code makes it easier to understand why an AI system made a particular decision and to hold the appropriate actors accountable when things go wrong.
Risks That the GPAI Code of Practice Doesn’t Cover
While the General-Purpose AI Code of Practice aims to make foundation models more fair, safe and robust for all stakeholders, AI risks in the enterprise still persist. Even a well-designed foundation model can lead to undesirable outcomes if not deployed and managed safely. Data risks such as sensitive data leakage, improper handling of sensitive information, or cyberattacks can arise and compound within other parts of the AI ecosystem, with AI itself potentially exacerbating these issues.
Organizations that wish to deploy foundation models against their own data or developers that wish to build applications that will handle customer data must take responsibility for the data risk not covered by the GPAI code of practice. Most organizations wish to use proprietary data and external data from various sources to provide reference data to AI models, using different techniques to engineer context for general-purpose models that have not been explicitly trained with data from the processes they’re being deployed into. They must be careful not to leave themselves vulnerable to leaks, data poisoning attacks or regulatory fines for improper handling of sensitive data. A few common data and AI security pitfalls:
- Misclassified data: Data classification challenges arise when the sheer volume and diversity of unstructured data sources overwhelm manual classification efforts, making them unreliable. Without deep scanning and accurate classification of all data that could be exposed to AI, this can result in sensitive information, such as personally identifiable information (PII), remaining unlabeled and subsequently being fed into AI models, potentially leading to its verbatim regurgitation.
- Permissions bleed: Traditionally, data was secured by restricting access to authorized users and roles for specific data sources and timeframes. However, AI proliferation introduces a new layer with broad data access and more users. Authorized AI users can retrieve data via AI that they couldn’t access directly, leading to “permissions bleed” because AIs don’t inherit data permissions.
- Unsanitized Data Inputs: Data collection can open the door to indirect or poisoning attacks where an attacker will place malicious code in files that the AI will later process. End users may also introduce sensitive data to the system unexpectedly, leading to improper handling of sensitive data or leakage.
- Loss of data context: To utilize data for AI it often is moved from source systems and filtered, merged, joined, aggregated, chunked or otherwise processed for AI use. Complex AI pipelines, especially in multi-model environments, can compromise data provenance and security by obscuring data origins through multiple transformations and AI interactions. Furthermore, a loss of access entitlements makes protecting data incredibly challenging.
