EU AI Act: Latest draft Code for AI model makers tiptoes towards gentler guidance for Big AI

 

Ahead of the May deadline to finalize guidance for providers of general-purpose AI (GPAI) models under the EU AI Act, a third draft of the Code of Practice was published on Tuesday. This latest draft is expected to be the final version after a year of development.

A dedicated website has also been launched to improve the Code's accessibility. Stakeholders are encouraged to submit written feedback on the latest draft by March 30, 2025.

The EU AI Act establishes a risk-based framework with specific obligations for the most powerful AI model providers, focusing on areas like transparency, copyright, and risk mitigation. The Code of Practice aims to help GPAI model developers understand and comply with these legal requirements, mitigating the risk of penalties for noncompliance. Violations of GPAI-related obligations under the AI Act could result in fines of up to 3% of global annual revenue.

Streamlined Structure The latest draft of the Code features a "more streamlined structure with refined commitments and measures" in response to feedback on the second draft released in December. Further input from working groups and workshops will contribute to the development of the final guidance, with experts seeking to enhance "clarity and coherence" in the adopted version.

The document is organized into several sections, including commitments for GPAIs, detailed guidance on transparency and copyright, and safety and security measures for the most powerful models with systemic risk (GPAISR).

The transparency section outlines a model documentation form that GPAI developers may need to complete. This form aims to ensure downstream users of GPAI technology have access to key information for their own compliance. The copyright section remains a point of contention, particularly for large AI companies.

The draft uses language such as "best efforts," "reasonable measures," and "appropriate measures" when addressing commitments like respecting rights during data collection for training or mitigating the risk of producing copyright-infringing outputs. This flexible phrasing could allow AI companies significant leeway in their compliance approaches.

Notably, language from previous drafts requiring GPAIs to provide a "single point of contact" for rightsholders to file complaints has been softened. The current text only states that "signatories will designate a point of contact" and provide accessible information about it. Furthermore, GPAI providers may refuse to act on copyright complaints deemed "manifestly unfounded or excessive," raising concerns that automated detection efforts by rightsholders could be ignored.

Regarding safety and security, the EU AI Act already limits systemic risk mitigation requirements to the most powerful models (those trained with over 10^25 FLOPs). This draft further narrows previously recommended measures in response to feedback.

US Pressure The latest draft does not mention mounting pressure from the United States to relax AI regulations. At the Paris AI Action summit, U.S. Vice President JD Vance criticized European AI regulations, arguing that overregulation could stifle innovation. This aligns with broader efforts by the Trump administration to promote an "AI opportunity" agenda over strict regulation.

In response to such pressure, the EU has already scrapped the AI Liability Directive and announced an "omnibus" package of regulatory reforms aimed at reducing bureaucracy. However, with the AI Act still being implemented, further changes to dilute its requirements may emerge.

At the Mobile World Congress in Barcelona, French GPAI developer Mistral voiced concerns about meeting some regulatory demands. Founder Arthur Mensh indicated the company is collaborating with regulators to resolve these challenges.

While the GPAI Code is being developed by independent experts, the European Commission's AI Office is simultaneously preparing additional "clarifying" guidance. This guidance will define GPAI responsibilities and could offer a means for EU lawmakers to address U.S. lobbying efforts.

Further updates from the AI Office, which the Commission says will "clarify ... the scope of the rules," are expected in the near future.