EU's General-Purpose AI Code of Practice Set to Transform Business Compliance and Risk Management
The EU's General-Purpose AI Code of Practice, effective August 2, aims to guide businesses in compliance and transparency.
Key Points
- • GPAI Code effective on August 2, 2025, under EU's AI Act.
- • Major AI firms are signatories, committing to transparency and compliance.
- • Criticism arises regarding insufficient copyright protections.
- • Penalties for non-compliance could reach 7% of global turnover.
On August 2, 2025, the European Union will implement the General-Purpose Artificial Intelligence (GPAI) Code of Practice as part of its AI Act, marking a significant regulatory shift affecting businesses utilizing general-purpose AI technologies. This new framework is designed to aid organizations in navigating compliance with the AI Act's requirements, with a specific focus on transparency, copyright issues, and safety protocols for AI systems deemed to have systemic risks.
The GPAI Code, which is voluntary but strongly influenced by the EU’s legal requirements, has garnered the support of major AI companies such as Anthropic, OpenAI, Google, Amazon, and IBM. These organizations will be expected to disclose critical information about their AI models, adhere to strict copyright policies, and report serious incidents related to their technologies to EU authorities. With the emphasis on transparency, businesses will need to assess risks associated with their AI offerings continuously, ensuring they do not violate EU copyright laws, which has raised concerns among copyright holders.
Despite its constructive intentions, the GPAI Code has faced criticism, particularly from a coalition of approximately 40 copyright stakeholders, including news organizations and artist collectives. They argue that the code fails to provide adequate protection for intellectual property, labeling it a 'missed opportunity' that undermines the EU AI Act’s objectives. These stakeholders highlight the necessity for stronger protections as businesses increasingly rely on generative AI systems.
Analyst Enza Iannopollo points out that while direct compliance responsibility lies with generative AI providers, other companies in the value chain will also be significantly affected by these regulations. Businesses should brace for increased scrutiny and be proactive in aligning their risk management practices to address the upcoming requirements for transparency within their AI supply chains.
The AI Act, which became effective in August 2024, mandates EU member states to establish national authorities to enforce its provisions by the implementation date of the GPAI Code. Non-compliance with the stipulated regulations risks penalties that could amount to 7% of a company’s global turnover, underscoring the urgency for businesses to adapt swiftly to this evolving regulatory landscape.