Skip to content

EU AI Act: Code of Conduct for General-Purpose AI Model Developers

On point: The EU adopts a code of conduct for AI developers effective August 2, 2025; new models must comply immediately, older models have until 2027. The code governs transparency, copyright, and security with detailed documentation and reporting requirements.

The European Union has adopted a code of conduct that provides developers of general-purpose AI (GPAI) models with a clear framework for complying with EU AI Act requirements. The code enters into force on August 2, 2025 – with a transition period for older models until 2027.

The Code of Good Practice provides developers of general-purpose AI models with a comprehensive rulebook for meeting EU AI Act requirements. While compliance with the code is voluntary, providers can also demonstrate their compliance through alternative methods.

The new GPAI rules will take effect on August 2, 2025, meaning all models published after that date must be compliant. However, enforcement measures by the European Commission – such as information requests, model access, or recalls – will not begin until one year later, on August 2, 2026. This transition period enables providers to collaborate with the AI Office.

For models published before August 2, 2025, compliance must be achieved by August 2, 2027.

The code is divided into three main chapters:

**Transparency chapter**: Signatories must maintain comprehensive, up-to-date documentation for each GPAI model in the EU – with the exception of free open-source models without systemic risk. The documentation follows a standardized form and includes licensing information, technical specifications, use cases, datasets, computational and energy consumption. This must be securely stored for at least ten years and made available upon request to the AI Office and downstream users.

**Copyright chapter**: This chapter ensures compliance with EU copyright law, in particular the requirement of prior authorization, provided no exceptions apply. Signatories must develop and regularly update a robust copyright policy that defines responsibilities and is legally compliant. They must ensure that data from web crawling is lawfully accessible, respect machine-readable rights signals, and avoid websites with copyright protection.

**Security and safety chapter**: This extensive chapter addresses security frameworks, systemic risks, security measures, and serious incident reporting – with a total of ten obligations to identify, analyze, and mitigate risks.


Source: artificialintelligenceact.eu

Share on: