Code of Practice for General-Purpose AI (GPAI)

What is this document?

The General-Purpose AI Code of Practice is a voluntary document published on 10 July 2025 by the European Commission. It was prepared by independent experts in a multi-stakeholder process and is intended to help industry comply with the EU AI Act obligations for providers of general-purpose AI (GPAI) models.

The European Commission and the AI Board confirmed that the Code is an adequate voluntary instrument through which GPAI model providers can demonstrate compliance with the AI Act.

Key points

Structure of the Code

The Code consists of three separately drafted chapters:

1. Transparency — Transparency obligations for all GPAI model providers under Article 53 of the AI Act. Includes requirements for technical documentation, information for downstream providers, and a summary of training content used.

2. Copyright — Policies relating to compliance with EU copyright law, including respect for rights reservation (opt-out) by copyright holders and transparency about training data.

3. Safety — Relevant only for a small number of providers of the most advanced models subject to obligations for GPAI models with systemic risk under Article 55 of the AI Act. Covers assessment and mitigation of systemic risks, monitoring, documenting, and reporting serious incidents.

Legal status

The Code is a voluntary document — it is not legally binding. However, providers who voluntarily sign and adhere to its provisions can demonstrate compliance with the AI Act with less administrative burden and greater legal certainty than by demonstrating compliance through other methods.

Importance for the transitional period

The Code is a key instrument for ensuring compliance during the transitional period between the entry into force of obligations for GPAI model providers (August 2025) and the adoption of harmonised standards (August 2027 or later).

How does this apply to organisations?

For GPAI model providers (all)

All organisations providing general-purpose AI models must, under Article 53:

• Prepare and maintain technical documentation of the model and the training process
• Provide information and documentation to downstream providers integrating the model into their own systems
• Establish a policy for compliance with EU copyright law
• Publish a sufficiently detailed summary of training content used to train the model

For providers of GPAI models with systemic risk

Additional obligations under Article 55 include:

• Conducting model evaluations according to standardised protocols
• Assessing and mitigating potential systemic risks
• Monitoring, documenting, and reporting serious incidents
• Ensuring an appropriate level of cybersecurity for the model

Practical steps for organisations

1. Determine whether you provide a GPAI model within the meaning of the AI Act
2. Assess whether your model poses systemic risk (criterion: cumulative compute used for training > 10^25 FLOPS, or Commission decision)
3. Sign the Code of Practice as voluntary evidence of compliance
4. Implement measures from the relevant chapters of the Code
5. Prepare for future harmonised standards that will replace the Code

Relevant articles of the EU AI Act

Article	Topic
Art. 3(63)	Definition of general-purpose AI model
Art. 51	Classification of GPAI models with systemic risk
Art. 53	Obligations for GPAI model providers
Art. 55	Obligations for providers of GPAI models with systemic risk
Art. 56	Codes of practice
Annex XI	Technical documentation for GPAI models
Annex XII	Transparency information for GPAI models with systemic risk

Source document

The Code of Practice for General-Purpose AI is available at: The General-Purpose AI Code of Practice

The final version of the Code is also available on the official website: EU AI Act: General-Purpose AI Code of Practice — Final Version