Source: Crowell & Moring LLP

Crowell & Moring LLP reports on the publication of the final version of the European Commission’s General-Purpose AI (GPAI) Code of Practice on 11 July 2025. The Code is designed as a voluntary tool to help providers of GPAI models comply with the transparency, copyright, and safety provisions of the EU AI Act, which becomes applicable on 2 August 2025. The Code is structured into three chapters: Transparency, Copyright, and Safety and Security, with the last chapter applying only to providers of GPAI models presenting systemic risk.

The Transparency chapter requires providers to maintain and update detailed documentation about their AI models, including technical details, use cases, and licensing, and to share this information with the AI Office, national authorities, and downstream users. The Code introduces a Model Documentation Form to facilitate this process.

The Copyright chapter guides providers on implementing copyright policies compliant with EU law, emphasizing lawful data use, respecting technological protection measures, and honoring rights reservations such as those expressed via robots.txt. Providers must also adopt technical safeguards to mitigate copyright infringement risks and designate points of contact for rights holders.

The Safety and Security chapter applies to high-risk GPAI models, requiring providers to establish frameworks for risk assessment, mitigation, incident reporting, and cybersecurity protections.

While the Code offers practical guidance, adherence is voluntary and does not guarantee legal certainty or conclusive evidence of compliance with the AI Act. The report highlights ongoing legal uncertainties, particularly regarding copyright law interplay, and notes that ultimate interpretation rests with the Court of Justice of the European Union.