European Commission Received Final Version of the Code of Practice for General Purpose AI
As of July 10th, 2025, experts handed over their final version of the Code of Practice (CoP) for General Purpose AI (GPAI) pursuant Art. 56 AI Act. The AI Office facilitated the drawing up of the Code by hosting the stakeholder expert groups, gathering more than 1,000 experts from various domains, including model providers, small and medium-sized enterprises, academics, AI safety experts, rights-holders, and civil society organizations. As of July 17th, 2025, the AI Office has complemented the publication by a signature procedure.



Codes of Practice under the AI Act
A Code of Practice (CoP) pursuant Art. 56 AI Act serves a distinct purpose. It shall facilitate to demonstrate compliance. Art. 55.2 AI Act states “Providers of general-purpose AI models with systemic risk may rely on codes of practice within the meaning of Article 56 to demonstrate compliance with the obligations set out in paragraph 1 of this Article”. A corresponding provision entails Art. 53.4 AI Act for Providers of GPAI in general.
Obligations pursuant Art. 55 AI Act address Providers of GPAI with systemic risks, whereas Art. 55.1 AI Act defines distinct obligations. Such obligations refer to elements such as to perform model, evaluations, conducting and documenting adversarial testing of the model, to assess and mitigate possible systemic risks at Union level, to keep track of, document, and report relevant information about serious incidents and possible corrective measures, to ensure an adequate level of cybersecurity protection.
Obligations pursuant Art. 53 AI Act address any Provider of GPAI models, whereas Art. 53,1 AI Act defines distinct obligations. Such obligations refer to elements such as to draw up and keep up-to-date the technical documentation of the model, to draw up, keep up-to-date and make available information and documentation to Providers of AI systems who intend to integrate the general-purpose AI model into their AI systems, to put in place a policy to comply with Union law on copyright and related rights, to draw up and make publicly available a sufficiently detailed summary about the content used for training of the general-purpose AI model.
A CoP reflects on of several compliance tools under the AI Act. A CoP is considered a bridge builder and gap filler, until harmonised standards will be published, Art. 55.2 AI Act. Art. 55.2 AI Act states that Providers may rely on a CoP “[…] until a harmonised standard is published. Compliance with European harmonised standards grants providers the presumption of conformity to the extent that those standards cover those obligations. Providers of general-purpose AI models with systemic risks who do not adhere to an approved code of practice or do not comply with a European harmonised standard shall demonstrate alternative adequate means of compliance for assessment by the Commission.” A corresponding provision entails Art. 53.4 AI Act for Providers of GPAI in general.
In other words: In the context of Art. 53 and 55 AI Act, once a harmonised standard will be published, any related CoP becomes obsolete.
A CoP also serves its function in the context of Art. 50 AI Act, which governs transparency obligations for Providers and deployers of certain AI systems. In this specific case, the CoP shall facilitate the detection and labelling of artificially generated or manipulated content. Yet, Art. 50 AI Act goes beyond GPAI and therefore may not be covered by the CoP for GPAI.
Main Contents of the CoP for GPAI
The CoP for GPAI consists of three chapters, i.e.,
- Transparency
- Copyright
- Safety and Security
According to the Press Release of the European Commission, the last chapter will be “relevant only to a limited number of providers of the most advanced models.”
The latest versions of each chapter may be retrieved via the website of the European Commission. To facilitate your read, you may also refer to the Related Files section below and retrieve the versions as retrieved by July 23rd, 2025 (i.e., the version published by July 10th, 2025).
Micro, Small and Medium Sized Enterprises (SME), Small Mid-Cap Enterprises (SMC), Startups
The CoP for GPAI acknowledges the necessity to adapt its requirements for SME, SMC and Startups. While the CoP does not follow a one-size-fits all approach in every detail, this shall not be misunderstood with broad exemptions of the underlying requirements.
The introductory statement of the Safety and Security Chapter reads as follows "SMEs and SMCs may be exempted
from some reporting commitments (Article 56(5) AI Act). Signatories that are SMEs or SMCs and are exempted from reporting commitments recognise that they may nonetheless voluntarily adhere to them." Taking this reservation literally, the obligations to implement effective measures may apply regardless of size. Only the administrative burdens, i.e., obligations on reporting, were limited for SME and SMC.
The introductory statement of the Copyright chapter states “The commitments in this Chapter that require proportionate measures should be commensurate and proportionate to the size of providers, taking due account of the interests of SMEs, including startups.” Again, the underlying obligations apply regardless of size. Yet the individual design may take due account of the size and interests of SME.
Methodology and Structure of the CoP for GPAI
Each chapter comprises of a preamble, where the signatories will recognize respectively acknowledge key elements of the AI Act and interplay of various provisions and roles.
Additionally, each chapter defines rules. The related section is divided in Commitments and Measures. Commitments appear equivalent to Objectives in conformity assessment programmes (CAP), establishing the high-level obligation and purpose. Measures relate to a specific Commitment, further operationalizing the high-level obligations. In this sense, Measures appear equivalent to criteria in CAP.
While the structure appears close to conformity assessment programmes, the actual language partially appears less stringent. The CoP lacks a clear definition on which phrasing will establish obligations and which phrasing will result in optional / voluntary elements. E.g., the CoP uses phrasings such as “shall”, “will do” and “commit to”. Most probably all of those will determine obligations equally. Without a clarifying statement some degree of uncertainty remains. Likewise some Measures only “encourage” Providers. If a Measure would consistently form obligations, encouragements were not suited within a Measure.
Readiness of the CoP for GPAI
The Press Release by and websites of the European Commission read as if the CoP for GPAI is finalised and fit for purpose. It is “designed to help industry comply with the AI Act’s obligations for providers of general-purpose AI models.”, see EC website about CoP on GPAI. It is also stated that adherence to the Code by Providers “[…] will reduce their administrative burden and give them more legal certainty than if they proved compliance through other methods.”
This shall not be read without the statements within each chapter of the CoP for GPAI. Each chapter integrates an “Objective” section, stating the objective of the CoP is to "[…] serve as a guiding document for demonstrating compliance with the obligations provided for in Articles 53 and 55 AI Act, while recognising that adherence to the Code does not constitute conclusive evidence of compliance with these obligations under the AI Act." In other words, where the AI Act considers a CoP ready once it may act as a tool to proof compliance, yet being similar to a conformity assessment programme, the CoP itself limits its effect to be a guidance document without effectively proving compliance.
Eventually, one shall read each chapter and related provisions carefully to what extent such provisions may act as a legally relevant proof of compliance. In best case, adherence to the CoP for GPAI may act as “alternative adequate means of compliance”.
Next steps / legal status
As of today, the CoP for GPAI has no legal effect. The CoP for GPAI still requires endorsement of the Member States, as stated by the European Commission. “Once the Code is endorsed by the Member States and the Commission, providers of general-purpose AI models who voluntarily sign the Code will be able to demonstrate compliance with the relevant AI Act obligations by adhering to the Code.”, see website regarding the CoP for GPAI and related Press Release. Apparently, endorsement by the Member States relates to the positive assessment of the AI Board, Art. 56.6 AI Act.
This status aligns with the Signature Form provided by the AI Office in order to adhere to the CoP for GPAI. It states that the “[…] Signatory agrees that this Signature Form will only become binding once the GPAI Code of Practice is assessed as adequate by the European AI Office and the European Artificial Intelligence Board pursuant to Article 56(6) AI Act, and at the earliest with the entry into application of Chapter V of the AI Act on 2 August 2025.”
The European Commission and the AI Office consider the positive assessment by the AI Office and the AI Board sufficient. E.g., the Press Release of the AI Office inviting Providers to sign-up to the CoP for GPAI states “Providers who sign the Code will enjoy streamlined compliance with the obligations for general-purpose AI models in the AI Act. For signatories, the Commission will focus its enforcement on monitoring their adherence to the code, which offers greater predictability and reduced administrative burden.”
Neither the website regarding the CoP for GPAI nor the Press Release mentions any additional requirements, such as an “approval” by the European Commission by means of an implementing act. Pursuant Art. 56.6 AI Act the European Commission may approve a CoP, resulting in general validity within the Union, by means of an implementing act. Interestingly, Art. 53.4 AI Act and Art. 55.2 AI Act both can be interpreted that only approved CoP will be an adequate means of compliance. “Providers of general-purpose AI models […] who do not adhere to an approved code of practice or […] shall demonstrate alternative adequate means of compliance for assessment by the Commission.” (highlights by the author)
Signing the CoP / Adhering to the CoP
The AI Office has published the process on who to adhere to the CoP for GPAI. As stated in the Press Release by the AI Office, Signatories will be publicly listed on 1 August 2025. The adherence applies to the CoP for GPAI in its version of July 10th, 2025.
The European Commission announced additional guidelines clarifying on the eligibility to sign up to the CoP for GPAI, more precisely, on the applicability of related provisions and obligations addressed by the CoP. “The Code will be complemented by Commission guidelines on general-purpose AI to be published ahead of the entry into force of the general-purpose AI obligations. The guidelines will clarify who is in and out of scope of the AI Act's general-purpose AI rules.”
In order to adhere to the CoP for GPAI Providers need to sign a distinct form and sent it to the AI Office. Providers may still withdraw their adherence at any time, latest within seven (7) days after the publication of the adequacy assessments under Article 56.6 AI Act. The date of such publication is apparently considered the date when the CoP on GPAI becomes effective,
The lastest version of the Signature Form may be retrieved via the website of the AI Office. To facilitate your read, you may also refer to the Related Files section below and retrieve the version as retrieved by July 23rd, 2025 (i.e., the version published by July 17th, 2025).