GPAI Code of Practice
Last reviewed
May 16, 2026
Sources
20 citations
Review status
Source-backed
Revision
v1 ยท 3,991 words
Improve this article
Add missing citations, update stale details, or suggest a clearer explanation.
Suggest edit
CtrlK
Last reviewed
May 16, 2026
Sources
20 citations
Review status
Source-backed
Revision
v1 ยท 3,991 words
Add missing citations, update stale details, or suggest a clearer explanation.
The General-Purpose AI Code of Practice (abbreviated GPAI Code of Practice or CoP) is a voluntary compliance framework published by the European AI Office on 10 July 2025 to assist providers of general-purpose AI models in meeting the obligations in Chapter V of the EU AI Act. Drafted by thirteen independent chairs and vice-chairs through a multi-stakeholder process with more than a thousand participants, it became operative on 2 August 2025, the same day the EU AI Act's rules for GPAI model providers entered into application. Signing is technically optional, but non-signatories must demonstrate compliance through alternative means and are likely to face heightened scrutiny from the AI Office once enforcement powers vest on 2 August 2026.
The Code is divided into three chapters covering transparency, copyright, and safety and security. The first two apply to all GPAI providers on the EU market; the third targets only providers whose models meet the systemic risk threshold defined in Article 51, set at training compute above 10^25 floating-point operations. By August 2025, more than twenty companies had signed at least one chapter, including OpenAI, Anthropic, Google, Microsoft, Amazon, IBM, Mistral AI, Cohere, and Aleph Alpha. Meta declined publicly on 18 July 2025, and xAI signed only the safety and security chapter, making the Code one of the most visible fault lines in transatlantic AI governance.
The Code is rooted in Article 56 of the EU AI Act, which directs the AI Office to encourage and facilitate codes of practice at Union level to support proper application of the Regulation. Article 56 requires the codes to cover the obligations in Articles 53 and 55 and to be developed through a process involving GPAI providers, downstream providers, civil society, academia, and independent experts.
Article 53 imposes four baseline obligations on every provider that places a GPAI model on the EU market. Providers must draw up and keep up-to-date technical documentation in accordance with Annex XI; provide information and documentation to downstream system providers per Annex XII; put in place a policy to comply with Union copyright law, in particular by respecting reservations of rights expressed under Article 4(3) of Directive (EU) 2019/790; and make publicly available a sufficiently detailed summary of training content using a template provided by the AI Office.
Article 55 layers additional obligations on providers of GPAI models with systemic risk. These providers must perform model evaluation under standardised protocols including adversarial testing; assess and mitigate possible systemic risks at Union level; keep track of, document, and report relevant information about serious incidents to the AI Office without undue delay; and ensure an adequate level of cybersecurity protection for the model and its underlying physical infrastructure.
Article 56(3) makes the role of codes of practice explicit: providers may rely on a code to demonstrate compliance with Articles 53 and 55 until a harmonised standard is published in the Official Journal. The Commission may, through implementing acts, approve a code and give it general validity within the Union, an instrument known as an adequacy decision.
The drafting process began in September 2024 when the AI Office issued an open call for expressions of interest. More than a thousand stakeholders registered, drawn from GPAI model providers, downstream providers, trade associations, academics, independent experts, and civil society organisations. The Commission appointed thirteen independent chairs and vice-chairs, selected for expertise, independence, geographical diversity, and gender balance, structured around four working groups aligned with the AI Act's GPAI provisions.
| Working group | Topic | Chair | Vice-chairs |
|---|---|---|---|
| WG1 | Transparency and copyright | Nuria Oliver | Rishi Bommasani |
| WG2 | Risk identification and assessment | Matthias Samwald | Marta Ziosi, Alexander Zacherl |
| WG3 | Technical risk mitigation | Yoshua Bengio | Daniel Privitera, Nitarshan Rajkumar |
| WG4 | Governance risk mitigation | Marietje Schaake | Anka Reuel, Markus Anderljung |
The drafting cycle produced four successive drafts between November 2024 and July 2025. The first draft, published on 14 November 2024, established the broad architecture and an initial taxonomy of systemic risks. The second draft followed on 19 December 2024, refining evaluation protocols, transparency templates, and copyright provisions. The third draft, published on 11 March 2025, sharpened obligations around model documentation, incident reporting, and downstream information provision, and introduced a draft public summary template for training data. The final version was released on 10 July 2025 and ratified by the European Commission and the AI Board through adequacy decisions on 1 August 2025.
Each drafting iteration was accompanied by plenary sessions and dedicated workshops featuring GPAI model providers and a separate workshop for civil society organisations. Only one representative was permitted per organisation in each working group. By the close of drafting, the AI Office reported reviewing more than 1,600 written submissions and convening approximately 40 workshops. Industry participation was extensive, including OpenAI, Anthropic, Google DeepMind, Microsoft, Meta, Mistral AI, Cohere, Aleph Alpha, and Stability AI, alongside cloud providers, downstream developers, and civil society organisations such as the Future of Life Institute, Access Now, and European Digital Rights.
The published Code is organised into three chapters and a set of common technical appendices.
The Transparency chapter applies to all GPAI providers and operationalises Article 53(1)(a) and (b). It centres on a single Model Documentation Form that consolidates Annex XI and Annex XII disclosures. Signatories commit to populate the form for each model placed on the EU market, to keep it up to date, and to make relevant sections available to the AI Office on request and to downstream providers. The form covers model architecture, modalities, parameter counts, training compute, training data sources by category, energy consumption, intended and prohibited uses, known limitations, evaluation results, and recommended integration practices.
The Copyright chapter operationalises Article 53(1)(c). Signatories commit to put in place a copyright policy that complies with Union law, with particular attention to honouring rights reservations under Article 4(3) of the Copyright in the Digital Single Market Directive. Specific measures include respecting machine-readable opt-outs such as the Robots Exclusion Protocol and the TDM Reservation Protocol, taking reasonable measures not to crawl content from systematically infringing sources, mitigating downstream infringing outputs, designating a rightholder point of contact, and providing a complaints mechanism. Rightholders have argued that the opt-out provisions are too permissive, while several model providers have argued the chapter goes beyond Article 53 by imposing substantive duties.
The Safety and Security chapter is the longest and applies only to providers of GPAI models with systemic risk. It is structured around a Safety and Security Framework that each signatory must adopt and update for every qualifying model. Key commitments include structured risk identification across a taxonomy covering chemical, biological, radiological, and nuclear (CBRN) misuse, offensive cybersecurity, harmful manipulation, loss of control, and other large-scale risks; capability and risk thresholds with pre-defined mitigations; state-of-the-art model evaluations and adversarial testing; model and risk reports published prior to market placement; internal governance with board-level oversight, an independent reviewer for systemic risk assessments, and whistleblower protections; cybersecurity protections covering model weights, training data, and compute infrastructure; and reporting of serious incidents and near misses to the AI Office without undue delay.
| Chapter | Applies to | Core obligations |
|---|---|---|
| Transparency | All GPAI providers | Model Documentation Form covering architecture, training data, compute, evaluations, intended and prohibited uses; ongoing updates; provision to AI Office and downstream providers |
| Copyright | All GPAI providers | Copyright policy honouring Article 4(3) opt-outs; respect for machine-readable reservations; avoidance of systematically infringing sources; rightholder contact point and complaints mechanism |
| Safety and security | Providers of GPAI models with systemic risk | Safety and Security Framework; structured risk identification; capability and risk thresholds; state-of-the-art evaluations and adversarial testing; model and risk reports; board-level oversight; cybersecurity protections; serious incident reporting |
The Code also contains a set of technical appendices that elaborate on definitions, evaluation criteria, and templates. These appendices are intended to be updated by the AI Office in light of evolving practice without reopening the substantive text of the Code, an arrangement designed to keep the framework current as model capabilities advance.
The Code is open for signature on a chapter-by-chapter basis, meaning providers may sign all three chapters or a subset. By 1 August 2025, twenty-six companies had signed at least one chapter, according to Euronews and the AI Office. The signatories include most providers of frontier general-purpose models marketed in the European Union, with the notable exceptions of Meta and Chinese providers.
| Signatory | Headquarters | Notes |
|---|---|---|
| OpenAI | United States | Signed all three chapters; among the first major signatories |
| Anthropic | United States | Signed all three chapters |
| United States | Signed all three chapters; covers Google DeepMind models | |
| Microsoft | United States | Signed all three chapters |
| Amazon | United States | Signed all three chapters |
| IBM | United States | Signed all three chapters |
| Mistral AI | France | Signed all three chapters; among the earliest signatories |
| Cohere | Canada | Signed all three chapters |
| Aleph Alpha | Germany | Signed all three chapters |
| Black Forest Labs | Germany | Signed transparency and copyright chapters |
| Almawave | Italy | Signed all three chapters |
| Fastweb | Italy | Signed transparency and copyright chapters |
| ServiceNow | United States | Signed transparency and copyright chapters |
| WRITER | United States | Signed transparency and copyright chapters |
| Bria AI | Israel | Signed transparency and copyright chapters |
| Pleias | France | Signed all three chapters; open-weight provider |
| LINAGORA | France | Signed transparency and copyright chapters |
| Domyn | Italy | Signed transparency and copyright chapters |
| Lawise | Various | Signed transparency and copyright chapters |
| Open Hippo | EU | Signed transparency and copyright chapters |
| Accexible | EU | Signed transparency and copyright chapters |
| AI Studio Delta | EU | Signed transparency and copyright chapters |
| Dweve | EU | Signed transparency and copyright chapters |
| xAI | United States | Signed only the Safety and Security chapter |
The most-watched holdout is Meta. On 18 July 2025, Joel Kaplan, Meta's chief global affairs officer, announced on LinkedIn that the company would not sign, writing that the Code introduces a number of legal uncertainties for model developers, as well as measures which go far beyond the scope of the AI Act. Kaplan further argued that the EU's implementation of the law would throttle the development and deployment of frontier AI models in Europe and would stunt European companies looking to build businesses on top of them. Meta's refusal coincided with a broader transatlantic political dispute over digital regulation and a parallel open letter signed by chief executives of more than forty European companies asking the Commission to delay parts of the AI Act.
| Category | Companies | Status |
|---|---|---|
| All three chapters | OpenAI, Anthropic, Google, Microsoft, Amazon, IBM, Mistral AI, Cohere, Aleph Alpha, Almawave, Pleias | Full signatories |
| Transparency and copyright only | Black Forest Labs, Fastweb, ServiceNow, WRITER, Bria AI, LINAGORA, Domyn and others | Partial signatories below systemic risk threshold |
| Safety and security only | xAI | Selective signatory |
| Public refusal | Meta | Declined publicly, citing legal uncertainty and overreach |
| Did not sign | Chinese providers including DeepSeek, Alibaba, Baidu, Zhipu | No public signature |
Chinese providers, including DeepSeek, Alibaba, Baidu, and Zhipu, did not sign the Code. Several have not yet placed models on the EU market, and others have indicated that they will demonstrate compliance through other means.
The Code occupies a deliberately middle position in EU AI law. Adhering to it is not the same as complying with the AI Act, and the AI Office has emphasised that signatories must still comply with the Act on its own terms. Conversely, signing creates a strong presumption of compliance with the corresponding articles, subject to the AI Office's view of the signatory's actual implementation.
For non-signatories, the route to compliance is open but more onerous. Providers must produce equivalent documentation, evaluations, and governance arrangements and engage more intensively with the AI Office bilaterally. Non-signatories may face additional regulatory scrutiny, though scrutiny does not amount to a sanction in itself.
The Code is intended to operate until a harmonised standard adopted under Regulation (EU) 1025/2012 is published. Drafting of such standards by CEN and CENELEC under mandate JT 21 is expected to take several years, so the Code is the primary practical reference for GPAI compliance in the meantime.
The drafting and enforcement timeline interweaves several distinct dates under the AI Act and the Code. The most consequential are summarised below.
| Date | Milestone |
|---|---|
| 12 July 2024 | EU AI Act published in the Official Journal |
| 1 August 2024 | EU AI Act enters into force |
| 30 September 2024 | AI Office announces drafting process and appoints thirteen chairs and vice-chairs |
| 14 November 2024 | First draft of the Code published |
| 19 December 2024 | Second draft published |
| 11 March 2025 | Third draft published |
| 10 July 2025 | Final Code published by the AI Office |
| 18 July 2025 | Meta declines to sign |
| 1 August 2025 | European Commission and AI Board endorse the Code via adequacy decisions |
| 2 August 2025 | GPAI obligations enter into application; Code becomes operative |
| 2 August 2026 | AI Office's supervision and enforcement powers vest for new GPAI models |
| 2 August 2027 | Compliance deadline for GPAI models already placed on the market before 2 August 2025 |
The staggered enforcement scheme reflects compromises struck during the AI Act's trilogue negotiations in late 2023 and early 2024. Providers of models already on the market before 2 August 2025 are granted an additional two years to bring their models and documentation into compliance, while new entrants must comply from day one. Enforcement actions, including potential fines, may be brought only after 2 August 2026, giving providers a one-year buffer to adjust to the application of the obligations.
Under Article 101 of the AI Act, the Commission, acting through the AI Office, has exclusive enforcement jurisdiction over GPAI model providers, in contrast to the high-risk AI system regime in which national market surveillance authorities take the lead. From 2 August 2026, the Commission may impose fines of up to 3 percent of annual total worldwide turnover in the preceding financial year or EUR 15 million, whichever is higher.
Grounds for fines include failure to comply with documentation or information requests under Article 91, failure to comply with measures under Article 93, and failure to provide the Commission with access to a model for evaluation under Article 92. Procedural safeguards include a right to be heard, access to file, and judicial review by the Court of Justice of the European Union. The Commission may also adopt mitigation measures short of fines, such as ordering corrective action, recall of a model from the market, or production of additional documentation. The July 2025 guidelines emphasise that fines will be used as a last resort and that the AI Office expects cooperative enforcement in the early years.
The signatories generally welcomed the Code as a workable compliance instrument while emphasising areas of disagreement. OpenAI said signing reflected its longstanding commitment to safety and transparency. Anthropic described the Code as a coherent baseline for compliance with Articles 53 and 55 that is consistent with its Responsible Scaling Policy. Google described the Code as a constructive framework while reserving its position on parts of the Copyright chapter. Microsoft framed its signature as a commitment to responsible AI development, and Mistral AI presented its signature as a demonstration of European leadership on AI governance.
Meta's public refusal was the most consequential industry reaction. Meta argued that the systemic risk chapter required excessive disclosure of proprietary training data and evaluation methods and imposed governance structures that did not exist in any other jurisdiction. Meta indicated that it would seek to comply with Articles 53 and 55 through alternative documentation and evaluation arrangements.
Civil society reactions were mixed. The Future of Life Institute and Access Now welcomed the Safety and Security chapter as a meaningful instrument for managing frontier risks, while criticising the Transparency and Copyright chapters as insufficiently demanding. Rightholders' associations including CISAC criticised the Copyright chapter for not requiring explicit licences or sufficiently specific training data disclosures. The Open Source Initiative welcomed targeted exemptions for open-weight models but warned that the systemic risk threshold could capture some open-weight providers.
A further line of industry critique came from European chief executives. In July 2025, a letter signed by chief executives of more than forty European companies including ASML, Airbus, BNP Paribas, and Carrefour asked the Commission to delay parts of the AI Act by at least two years. The Commission did not delay the GPAI rules but did postpone certain high-risk AI obligations in an omnibus proposal in October 2025.
The GPAI Code of Practice is the first jurisdiction-specific framework targeting frontier general-purpose AI models, and it has invited comparison with a series of contemporaneous regulatory initiatives.
| Framework | Jurisdiction | Scope | Status | Sanctions |
|---|---|---|---|---|
| GPAI Code of Practice | European Union | GPAI providers, systemic-risk subset | Voluntary; binding via AI Act Articles 53 and 55 | Up to 3 percent of global turnover or EUR 15 million |
| EU AI Act high-risk regime | European Union | Specific high-risk AI systems | Binding | Up to 7 percent of global turnover or EUR 35 million |
| California SB 53 | California | Frontier AI developers | Binding | Up to USD 1 million per violation |
| Voluntary White House Commitments | United States | Voluntary signatories | Voluntary, non-binding | None |
| UK AI Safety Institute MoUs | United Kingdom | Frontier developers, voluntary access | Voluntary | None |
| G7 Hiroshima Process Code | G7 plus | Advanced AI system developers | Voluntary | None |
| Seoul Frontier AI Safety Commitments | Multilateral | Voluntary signatories | Voluntary | None |
California Senate Bill 53, signed into law on 29 September 2025, is the closest functional analogue to the Code's Safety and Security chapter. Both require frontier developers to publish safety frameworks, perform structured risk assessments, report critical incidents, and maintain whistleblower protections. The Code is voluntary in form but binding through its link to Articles 53 and 55, while SB 53 is mandatory for covered developers. The Code's systemic risk threshold sits at training compute above 10^25 floating-point operations, while SB 53 combines training compute above 10^26 with cumulative annual gross revenue above USD 500 million. The Code is enforced by the Commission through the AI Office; SB 53 is enforced by the California Attorney General. SB 53's fines are capped at USD 1 million per violation, far below the AI Act's potential fines.
The Code can also be compared to the voluntary commitments brokered by the Biden administration in July 2023, the UK AI Safety Institute's evaluation MoUs, the G7 Hiroshima Process Code of Conduct, and the Seoul Frontier AI Safety Commitments adopted in May 2024. These instruments are purely voluntary and lack any binding link to a statute, giving the GPAI Code a distinctive position as the only soft-law instrument that operates within a hard-law sanction regime. With the Trump administration's January 2025 revocation of the Biden executive order on AI and a federal shift toward deregulation, the GPAI Code and California SB 53 together define the de facto floor of frontier AI compliance for providers operating in the European Union or California.
Several substantive and procedural questions remain open. The AI Office is expected to issue additional guidance in 2026 on the public training data summary template, the criteria for classifying systemic risk models, and expectations associated with state-of-the-art evaluations. The relationship between the Code and forthcoming harmonised standards being developed under CEN-CENELEC JT 21 is also unsettled.
The AI Office's approach to enforcement after 2 August 2026 will be a major determinant of the Code's long-term influence. Cooperative enforcement is likely to retain industry buy-in, while aggressive use of fines could prompt providers to withdraw signatures or exit the EU market. Meta's continued refusal creates an alternative compliance path that other providers will watch closely.
The Code's influence is also likely to extend beyond the European Union through a Brussels effect. Non-EU regulators in the United Kingdom, Japan, South Korea, and Singapore have indicated that they are studying the Code closely. Multinational providers face incentives to standardise compliance practices globally, which may lead to convergence around the Code's documentation and evaluation templates even in jurisdictions without an analogous binding instrument.