Following the release of the final version of the EU code of practice for providers of general-purpose AI (GPAI) models by the European Commission's AI Office, CCIA Europe has expressed concerns. The code aims to support compliance with AI Act requirements effective from August 2.
CCIA Europe's Senior Policy Manager, Boniface de Champris, stated: "After months of major delays and missed deadlines, today’s final code of practice for general-purpose AI (GPAI) models still imposes a disproportionate burden on AI providers. That is concerning, given that this code was meant to clarify how to comply with the EU’s AI Act – a regulatory framework rushed through political negotiations and badly in need of clear guidance."
De Champris further commented: "Without meaningful improvements, signatories remain at a disadvantage compared to non-signatories, thereby undermining the Commission’s competitiveness and simplification agenda."
The safety and security measures within the code have been streamlined but are described as overly prescriptive. De Champris highlighted: "While the code’s safety and security measures have been streamlined for greater clarity, they remain overly prescriptive and disproportionate – for example, with respect to external evaluations. Furthermore, key measures in the final code still go beyond the AI Act’s agreed scope and objectives, subjecting potential signatories to burdensome requirements."
Concerns were also raised about copyright issues: "In particular, the copyright section has worsened, with new disproportionate measures outside the Act’s remit. These include complaint-handling mechanisms, specific requirements for search engines, and vague processes for developing new opt-out mechanisms – all of which create additional legal uncertainty."
De Champris concluded by addressing missing elements in guidance: "Looking at the broader package of guidance the AI Act urgently needs, it is troubling that key parts of the GPAI framework – like the AI Office guidelines on rule application, which were supposed to accompany the final code – are still missing to this day. With so little time left, companies are left in the dark, and it’s clear more time is needed to finalize the overall framework and give companies a fair compliance window."