AI Act: Code of Conduct for GPAI Models

After three drafts and several meetings, the four working groups have submitted the final version of the Code of Conduct for General Purpose AI (GPAI) models, such as those behind ChatGPT, Gemini, and Claude, to the European Commission. These are essentially guidelines for complying with the provisions of the AI ​​Act, effective August 2. The Computer & Communications Industry Association (CCIA) immediately criticized the text.

The code of conduct is not mandatory , but serves to illustrate how Articles 53 and 55 of the AI ​​Act relating to GPAI models (standard and with system risks) must be complied with. Companies that choose to adhere to the code undertake to follow the instructions set out in the three chapters .

The first chapter concerns transparency . AI providers must provide full information about their models when they are released to the market and when they are updated. This is done via a form divided into various sections. For example, the company must specify the model name, release date, architecture, size, input/output types, distribution and licensing methods, usage type, and training process specifications.

The second chapter concerns copyright . The signatories undertake to comply with European copyright law. For example, they must not use website content without authorization or train models with pirated material. They must also implement measures to prevent the generation of output that violates copyright.

The third chapter addresses the security of AI models with systemic risks. Providers are committed to detecting and mitigating risks, such as the use of models to carry out cyberattacks or develop weapons. Security incidents must be reported and corrective measures taken within specified deadlines (for example, two days for damage to critical infrastructure and five days for data breaches).

Several European companies had requested a delay in the implementation of the AI ​​Act for GPAI models, but the European Commission confirmed the August 2 deadline. According to the Chamber of Commerce, the code of conduct will benefit providers who do not sign and introduces measures that go beyond the scope of the AI ​​Act.