EU AI Act: Latest draft Code for AI model makers tiptoes towards gentler guidance for Big AI

 

Ahead of the May deadline to finalize guidance for providers of general-purpose AI (GPAI) models under the EU AI Act, a third draft of the Code of Practice was published on Tuesday. This latest draft is expected to be the final version after a year of development.

A dedicated website has also been launched to improve the Code's accessibility. Stakeholders are encouraged to submit written feedback on the latest draft by March 30, 2025.

The EU AI Act establishes a risk-based framework with specific obligations for the most powerful AI model providers, focusing on areas like transparency, copyright, and risk mitigation. The Code of Practice aims to help GPAI model developers understand and comply with these legal requirements, mitigating the risk of penalties for noncompliance. Violations of GPAI-related obligations under the AI Act could result in fines of up to 3% of global annual revenue.

Streamlined Structure The latest draft of the Code features a "more streamlined structure with refined commitments and measures" in response to feedback on the second draft released in December. Further input from working groups and workshops will contribute to the development of the final guidance, with experts seeking to enhance "clarity and coherence" in the adopted version.

The document is organized into several sections, including commitments for GPAIs, detailed guidance on transparency and copyright, and safety and security measures for the most powerful models with systemic risk (GPAISR).

The transparency section outlines a model documentation form that GPAI developers may need to complete. This form aims to ensure downstream users of GPAI technology have access to key information for their own compliance. The copyright section remains a point of contention, particularly for large AI companies.

The draft uses language such as "best efforts," "reasonable measures," and "appropriate measures" when addressing commitments like respecting rights during data collection for training or mitigating the risk of producing copyright-infringing outputs. This flexible phrasing could allow AI companies significant leeway in their compliance approaches.

Notably, language from previous drafts requiring GPAIs to provide a "single point of contact" for rightsholders to file complaints has been softened. The current text only states that "signatories will designate a point of contact" and provide accessible information about it. Furthermore, GPAI providers may refuse to act on copyright complaints deemed "manifestly unfounded or excessive," raising concerns that automated detection efforts by rightsholders could be ignored.

Regarding safety and security, the EU AI Act already limits systemic risk mitigation requirements to the most powerful models (those trained with over 10^25 FLOPs). This draft further narrows previously recommended measures in response to feedback.

US Pressure The latest draft does not mention mounting pressure from the United States to relax AI regulations. At the Paris AI Action summit, U.S. Vice President JD Vance criticized European AI regulations, arguing that overregulation could stifle innovation. This aligns with broader efforts by the Trump administration to promote an "AI opportunity" agenda over strict regulation.

In response to such pressure, the EU has already scrapped the AI Liability Directive and announced an "omnibus" package of regulatory reforms aimed at reducing bureaucracy. However, with the AI Act still being implemented, further changes to dilute its requirements may emerge.

At the Mobile World Congress in Barcelona, French GPAI developer Mistral voiced concerns about meeting some regulatory demands. Founder Arthur Mensh indicated the company is collaborating with regulators to resolve these challenges.

While the GPAI Code is being developed by independent experts, the European Commission's AI Office is simultaneously preparing additional "clarifying" guidance. This guidance will define GPAI responsibilities and could offer a means for EU lawmakers to address U.S. lobbying efforts.

Further updates from the AI Office, which the Commission says will "clarify ... the scope of the rules," are expected in the near future.

Learn what VCs want to see from founders at TechCrunch Sessions: AI

 AI has dominated the funding landscape in recent years, with investments in the sector surging 62% to $110 billion in 2024 alone, even as overall startup funding declined by 12%.

It might be tempting for startups to slap "AI" onto their names to attract investors. However, as the initial excitement around foundation models shifts toward real-world applications, AI agents, and long-term profitability, investors are prioritizing companies that can turn technical innovation into sustained business traction.

At TechCrunch Sessions: AI on June 5, 2025, in Zellerbach Hall at UC Berkeley, top venture capitalists Zeya Yang (IVP), Jill Chase (CapitalG), and Kanu Gulati (Khosla Ventures) will share insights on what they look for at every investment stage—from seed rounds to Series C. With extensive investment histories and hands-on expertise, they’re ready to break down how to stand out in the competitive AI landscape.

Meet the Speakers

Zeya Yang has backed major successes like Grammarly and Figma, and he specializes in helping founders refine product-market fit and drive growth.

Jill Chase leads CapitalG's investments in Magic, /dev/agents, Motif, and Abridge, focusing on emerging AI and ML use cases, data infrastructure, and enterprise technology.

Kanu Gulati has invested in AI leaders like PolyAI, Kognitos, and Moonhub. With over a decade of experience as a research scientist at Intel and Cadence and as a founding engineer at Heavy.ai, Spyglass, and Nascentric, she brings deep technical and operational expertise.

Don’t Miss TechCrunch Sessions: AI

Join the conversation and get a front-row seat to the future of AI. Secure your tickets now for TechCrunch Sessions: AI on June 5, 2025, in Zellerbach Hall at UC Berkeley. Take advantage of Early Bird deals to save up to $210!

DeepSeek: Everything you need to know about the AI chatbot app

 

DeepSeek's Meteoric Rise

Chinese AI lab DeepSeek has surged into the global spotlight, propelled by the rapid success of its chatbot app, which recently topped the charts on both the Apple App Store and Google Play. With AI models trained using compute-efficient techniques, DeepSeek has sparked concerns among Wall Street analysts and technologists about the U.S.'s ability to maintain its lead in the AI race and the future demand for AI chips.

The Origins of DeepSeek

DeepSeek traces its roots to High-Flyer Capital Management, a Chinese quantitative hedge fund leveraging AI for trading decisions. High-Flyer was co-founded by AI enthusiast Liang Wenfeng, who started experimenting with trading during his time at Zhejiang University. In 2019, he officially launched the hedge fund with a focus on developing and implementing AI algorithms.

By 2023, High-Flyer established DeepSeek as a separate AI research lab. With initial funding from High-Flyer, DeepSeek eventually spun off into an independent company while maintaining a focus on building advanced AI systems. Despite U.S. export bans on advanced hardware, DeepSeek has continued its development using Nvidia H800 chips—a less powerful alternative to the H100 available to U.S. companies.

DeepSeek's Powerful AI Models

In November 2023, DeepSeek introduced its first suite of models: DeepSeek Coder, DeepSeek LLM, and DeepSeek Chat. However, it was the release of the DeepSeek-V2 model family the following spring that cemented the company's reputation. This advanced, general-purpose system demonstrated exceptional performance across industry benchmarks while maintaining lower operational costs than comparable models. This competitive edge pressured domestic rivals like ByteDance and Alibaba to reduce model usage prices and offer some models for free.

DeepSeek's momentum continued with the launch of DeepSeek-V3 in December 2024. Internal benchmarks indicated that DeepSeek V3 outperformed both open models like Meta's Llama and proprietary models like OpenAI's GPT-4o.

The company also made waves with the release of its R1 "reasoning" model in January 2025. DeepSeek claims that R1 rivals OpenAI's o1 model on key benchmarks. R1's ability to self-check its responses enhances reliability in areas such as science, physics, and mathematics. However, reasoning models typically require more processing time to arrive at solutions.

Despite these technical achievements, DeepSeek's models are subject to censorship by Chinese regulators, ensuring their responses align with "core socialist values." For instance, DeepSeek's chatbot will not address sensitive topics like Tiananmen Square or Taiwan's independence.

A Disruptive Business Model

DeepSeek's business strategy remains ambiguous. The company offers products and services at significantly lower costs than competitors and provides some tools for free. DeepSeek attributes its price advantage to efficiency breakthroughs, although some experts question the validity of these claims.

Developers have embraced DeepSeek's models, which are available under permissive licenses for commercial use. On Hugging Face, a popular AI platform, developers have produced over 500 derivative models of R1, accumulating 2.5 million downloads.

DeepSeek's rapid ascent has unsettled the AI landscape. Its influence contributed to an 18% drop in Nvidia's stock price in January and prompted public comments from OpenAI CEO Sam Altman. Microsoft has since integrated DeepSeek models into its Azure AI Foundry platform, while Meta CEO Mark Zuckerberg emphasized ongoing AI infrastructure investments in response to DeepSeek's competitive pressure.

Despite praise from Nvidia CEO Jensen Huang for DeepSeek's innovation, concerns about national security have led to bans on DeepSeek's technology in certain regions. South Korea and New York state, for example, have prohibited its use on government devices.

The Road Ahead for DeepSeek

DeepSeek's future remains uncertain amid growing scrutiny from the U.S. government. While continued advancements in AI models are expected, geopolitical tensions and regulatory barriers could shape the company's trajectory in the coming years.

Analysis Forecasts More Vulnerabilities In 2025

 

Record Number of Vulnerabilities Expected in 2025, Urging a Shift to Proactive Security

A recent analysis predicts that the number of reported vulnerabilities will reach unprecedented levels in 2025, reflecting the ongoing rise in cybersecurity threats and an increase in vulnerability disclosures.

Analysis by FIRST

The Forum of Incident Response and Security Teams (FIRST), a global organization dedicated to coordinating cybersecurity responses, published the analysis. Their forecast estimates nearly 50,000 vulnerabilities will be reported in 2025—an 11% increase from 2024 and a staggering 470% rise compared to 2023. The report emphasizes the urgent need for organizations to move beyond reactive security measures and adopt a proactive, risk-based approach. This includes prioritizing vulnerabilities based on their threat level, streamlining patching efforts, and preparing for waves of disclosures instead of reacting after incidents occur.

Factors Driving the Increase in Vulnerabilities

Three key trends are contributing to the rapid growth in reported vulnerabilities:

1. AI-Driven Discovery and Open-Source Expansion Advances in artificial intelligence and automated tools are accelerating vulnerability detection. These technologies enable researchers to analyze vast amounts of code and uncover flaws that might otherwise remain hidden. As a result, the number of Common Vulnerabilities and Exposures (CVEs) continues to rise.

2. Cyber Warfare and State-Sponsored Attacks The growing prevalence of state-sponsored cyber attacks is leading to the discovery of new vulnerabilities. These advanced, persistent threats are exposing weaknesses in both public and private sector systems.

3. Shifts in the CVE ecosystem security companies like Patchstack, which focuses on WordPress vulnerabilities, are contributing to the surge in reported flaws. Patchstack offers vulnerability detection and virtual patching services, enhancing security but also increasing the number of disclosed vulnerabilities.

Eireann Leverett, the FIRST liaison and lead member of the Vulnerability Forecasting Team, emphasized the accelerating pace of vulnerability disclosures and the necessity for organizations to adopt proactive risk management practices.

Looking Ahead to 2026 and Beyond

The forecast projects over 51,000 vulnerabilities will be disclosed in 2026, reinforcing the notion that cybersecurity risks will continue to escalate. This trend highlights the need for a forward-thinking security strategy that focuses on identifying and mitigating threats before they are exploited.

For users of platforms like WordPress, adopting proactive security measures is crucial. Solutions from companies such as Patchstack, Wordfence, and Sucuri offer various approaches to strengthening defenses against emerging threats.

Key Takeaways:

• Vulnerabilities are on the rise: FIRST predicts up to 50,000 CVEs in 2025, reflecting an 11% increase from 2024 and a 470% increase from 2023.
• AI and open-source adoption are driving higher vulnerability disclosures.
• State-sponsored cyber activity is uncovering more security weaknesses.
• A proactive security strategy is essential to manage and mitigate future risks.

Read the full 2025 vulnerability forecast for a comprehensive analysis and recommendations.

TechCrunch Disrupt 2025: Lowest prices of the year end in 7 days

 Time is Running Out – Save Big on TechCrunch Disrupt 2025 Tickets!

You read that right! The best deals on TechCrunch Disrupt 2025 tickets are ending soon — just 7 days left to save. Secure your spot and enjoy savings of up to $1,130 on individual passes and up to 30% on group tickets. Don’t miss out — these exclusive offers disappear on February 28 at 11:59 p.m. PT.

Celebrate 20 Years of Innovation at TechCrunch Disrupt

Join us from October 27-29 at Moscone West in San Francisco as we mark two decades of groundbreaking tech and entrepreneurship. Connect with over 10,000 tech leaders, engage in 250+ sessions, and hear from 200+ industry experts. Plus, witness the iconic Startup Battlefield 200 and explore the latest in AI innovation.

Register now to lock in the biggest ticket savings of 2025!

What Awaits You at Disrupt 2025?

✨ AI Deep Dives: Explore cutting-edge AI advancements across industries like healthcare, transportation, SaaS, policy, defense, hardware, and more.

🔍 Expert Insights: Learn from 200+ leaders on business scaling, leadership, and emerging fields such as space tech, fintech, IPOs, and SaaS to accelerate your growth.

🔄 Interactive Sessions: Engage in live Q&As and dive deeper with expert-led roundtables and breakout discussions.

🌟 Startup Pitch Battle: Watch innovative startups compete in the renowned Startup Battlefield 200 for a $100,000 equity-free prize and the coveted Disrupt Cup. Learn from world-class VC judges and discover the next big thing—past winners include Dropbox, Fitbit, Trello, and Cloudflare.

Think your startup has what it takes? Or know one that should compete? Add them to the Startup Battlefield waitlist to be the first to know when applications open.

🤝 Build Powerful Connections: Network with investors, mentors, and tech leaders shaping the future. Whether you're seeking funding, partnerships, or mentorship, Disrupt is the place to make it happen.

Secure Your Spot Before Prices Rise!

Don’t miss your chance to attend TechCrunch Disrupt 2025 at the lowest prices of the year. Save big before these exclusive discounts end on February 28 at 11:59 p.m. PT.

20 Years of Tech Innovation

For two decades, TechCrunch Disrupt has been the premier destination for visionary founders, industry leaders, and top investors driving the future of tech. It’s where groundbreaking ideas are born and industry connections are made.

Past Disrupt speakers include:

• Alex Pall & Drew Taggart (The Chainsmokers), Co-founders, MANTIS Venture Capital
• Ashton Kutcher, Co-founder, Sound Ventures
• Assaf Rappaport, Co-founder & CEO, Wiz
• Bridgit Mendler, CEO, Northwood Space
• Colin Kaepernick, Founder & CEO, Lumi
• Denise Dresser, CEO, Slack
• Erin & Sara Foster, Co-founders, Oversubscribed Ventures
• Mary Barra, CEO, General Motors
• Matt Mullenweg, Co-founder, WordPress; CEO, Automattic
• Peter Beck, Founder & CEO, Rocket Lab
• Serena Williams, Managing Partner, Serena Ventures
• Shaquille O’Neal, Entrepreneur & Philanthropist
• Vinod Khosla, Founder, Khosla Ventures
• RJ Scaringe, CEO, Rivian

Don't Miss Out—Register Today!

Save up to $1,130 on your TechCrunch Disrupt 2025 ticket before February 28 at 11:59 p.m. PT. Lock in the best rates now and join us for this milestone event!

Interested in sponsoring or exhibiting?