EU Commission endorses General-Purpose AI Code of Practice as tool for compliance under AI Act
The European Commission has issued an opinion confirming that the General-Purpose AI Code of Practice meets the requirements of Articles 53 and 55 of the AI Act. While non-binding, the Code is expected to play a key role in helping AI model providers demonstrate compliance with new EU obligations on transparency, copyright, and systemic risk management.
On 1 August 2025, the European Commission published its official opinion on the General-Purpose AI Code of Practice, developed under Article 56 of the EU AI Act (Regulation 2024/1689). The Code, drafted through a multistakeholder process led by the European AI Office, provides a voluntary framework for providers of general-purpose AI models to demonstrate adherence to legal obligations—particularly those relating to documentation, transparency, copyright, and systemic risk mitigation.
According to the Commission, the Code ‘adequately covers’ the obligations set out in Articles 53 and 55 of the AI Act. These articles establish new compliance requirements for AI providers, including obligations to document training data, maintain transparency with downstream users, respect copyright, and assess and mitigate systemic risks posed by their models.
The document is structured into three chapters: Transparency, Copyright, and Safety & Security, with a total of 12 commitments. Notably, the Safety and Security chapter applies specifically to models considered to pose systemic risks, introducing procedures for model evaluation, cybersecurity, and governance-related mitigations.
The Commission found that the Code sets clear objectives, aligns with the legal framework, and provides practical tools such as a Model Documentation Form and detailed appendices on risk typologies and mitigation strategies. It also notes that while the Code lacks formal key performance indicators, its reporting commitments—especially for systemic risk, are adequate for current implementation.
While the Code is voluntary, adherence to it may serve as evidence of compliance during regulatory oversight. The Commission emphasized that participation in the Code does not replace broader obligations under EU law, particularly with regard to copyright.
The AI Office is expected to monitor the Code’s implementation and coordinate updates at least every two years. Adjustments may be triggered by technological developments, emerging risks, or enforcement experience.
This opinion does not preclude future reassessment of the Code’s adequacy. The Commission retains the authority to issue further guidance or to call for revisions in response to evolving challenges in the AI sector.
