On 10 July 2025, the EU Commission published the final version of the General Purpose AI Code of Practice. Drafted by Commission-appointed experts, the Code faced delays and significant criticism, with some stakeholders arguing that the rules exceeded the scope of the AI Act and could stifle innovation. This final version aims to address these criticisms.
As a reminder, under Article 2 of the AI Act, the law and by extension, these Code of Practice guidelines applies to providers regardless of whether they are established within the EU or in a third country, as long as the output produced by the AI system is used in the EU.
The Code aims to assist industry compliance with the AI Act's rules on general-purpose AI, which will come into effect on 2 August 2025. It consists of three chapters: Transparency and Copyright, which address all providers of general-purpose AI models, and Safety and Security, relevant only to a limited number of providers of the most advanced models.
Transparency
The transparency chapter which aims to enhance transparency and foster trust and accountability, covers three key measures which are designed to ensure compliance with Article 53(1), points (a) and (b), and the corresponding Annexes XI and XII of the AI Act:
Drawing up and keeping up-to-date model documentation
Providing relevant information
Ensuring quality, integrity, and security of information
Drawing up and keeping up-to-date model documentation
The first measure is facilitated through the provision of a Model Documentation Form present in the chapter. The form aims to provide clarity to signatories by clarifying when information is intended for the EU AI Office, the national competent authority, or downstream providers.
Providing relevant information
Signatories, should they be asked to through the AI Office, must provide specific information quickly and up to date. Companies must also share important information with other businesses that use their AI models. They should respond to these requests within 14 days so as to ensure that downstream providers can comply with their obligations under the AI Act. Additionally, companies are encouraged to share some of this information publicly to be transparent. Some information might also need to be summarised and made public as part of the model's training content.
Ensuring quality, integrity, and security of information
Signatories should ensure their documented information is controlled for quality and integrity, and retained as evidence of compliance with their obligations under the AI Act.
Copyright
This chapter aims to serve as a guiding document for demonstrating compliance with the obligations provided for in Articles 53 and 55 AI Act. To do so it outlines five key measures to be followed:
Draw up, keep up-to-date and implement a copyright policy
Reproduce and extract only lawfully accessible copyright-protected content when crawling the World Wide Web
Identify and comply with rights reservations when crawling the World Wide Web
Mitigate the risk of copyright-infringing outputs
Designate a point of contact and enable the lodging of complaints
Draw up, keep up-to-date and implement a copyright policy
Companies must create, update, and follow a policy to obey EU copyright laws for all general-purpose AI models they sell in the EU. They need to write this policy in one document and assign people within their organisation to make sure the policy is followed. Companies are encouraged to share a summary of their copyright policy publicly and keep it up to date.
Reproduce and extract only lawfully accessible copyright-protected content
Companies who either directly use web crawler(or have others use them on their behalf) should make sure not to bypass any technological measures that prevent unauthorised access to protected works, such as paywalls. Additionally they should Avoid crawling websites known for repeatedly infringing copyright on a commercial scale, using a dynamic list of such sites provided by EU authorities.
Identify and comply with rights reservations when crawling the World Wide Web
Companies must ensure their web crawlers respect copyright rules by following the Robot Exclusion Protocol (robots.txt) and complying with other machine-readable rights reservations. They should actively support the development of these standards and keep content owners informed about their practices. Additionally, companies that provide online search engines should ensure that compliance with rights reservations does not negatively impact the indexing of content.
Mitigate the risk of copyright-infringing outputs
Companies should commit to implementing technical safeguards that prevent their models from generating outputs that infringe on copyrighted training content. Additionally, they should also prohibit copyright-infringing uses of their models in their usage policies, terms and conditions, or other relevant documents. When it comes to open-source models, signatories will need alert users about the prohibition of copyright-infringing uses in the model's documentation.
Designate a point of contact and enable the lodging of complaints
Companies will need to provide a contact point for copyright holders and set up a system for submitting complaints about non-compliance. They will address “sufficiently precise and adequately substantiated complaints” promptly and informally, unless they are unfounded or repetitive. This will not affect legal copyright enforcement measures.
Safety and Security
This chapter, which is more detailed than the others aims to ensure that signatories assess and mitigate systemic risks by providing ten commitments to be followed (further detailed by specific measures):
Adopting a state-of-the-art Safety and Security Framework
Identifying systemic risks stemming from the model
Analysing each identified systemic risk
Specifying systemic risk acceptance criteria and determining whether the systemic risks stemming from the model are acceptable
Implementing appropriate safety mitigations along the entire model lifecycle
Implementing an adequate level of cybersecurity protection
Reporting to the AI Office information about the model and its systemic risk assessment and mitigation processes (through a Safety and Security Model Report)
Defining clear responsibilities for managing the systemic risks while promoting a “healthy risk culture”
Implementing appropriate processes and measures for keeping track of, documenting, and reporting to the AI Office
Documenting the implementation of the Safety and Security Chapter
The chapter also provides signatories with a wide range of definitions to ensure coherent interpretation and implementation of each measure.
Next steps
The code now needs to be endorsed by EU Member States and the EU Commission. Once this is done, providers of general-purpose AI models who voluntarily sign the Code will be able to demonstrate compliance with the relevant AI Act obligations by adhering to the Code. Signatories to the Code should benefit from a “reduced administrative burden” and increased legal certainty.
The Code will be complemented by Commission guidelines on general-purpose AI to be published ahead of the entry into force of the general-purpose AI obligations (2 August). The guidelines will clarify who is in and out of scope of the AI Act's general-purpose AI rules.
techUK will continue to analyse the Code of Practice and assess how to best support members.
Theophile Maiziere
Policy Manager - EU, techUK
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.
techUK International Policy and Trade Programme activities
techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.
techUK Report - Enabling Growth and Resilience: the UK Tech Sector in an Uncertain World
New techUK report outlines key policy recommendations to boost the UK’s growth through the tech sector amid global challenges, emphasising resilience, trade leadership, and strategic investment.
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Sabina Ciofu is Associate Director – International, running the International Policy and Trade Programme at techUK.
Based in Brussels, she leads our EU policy and engagement. She is also our lead on international trade policy, with a focus on digital trade chapter in FTAs, regulatory cooperation as well as broader engagement with the G7, G20, WTO and OECD.
As a transatlanticist at heart, Sabina is a GMF Marshall Memorial fellow and issue-lead on the EU-US Trade and Technology Council, within DigitalEurope.
Previously, she worked as Policy Advisor to a Member of the European Parliament for almost a decade, where she specialised in tech regulation, international trade and EU-US relations.
Sabina loves building communities and bringing people together. She is the founder of the Gentlewomen’s Club and co-organiser of the Young Professionals in Digital Policy. Previously, as a member of the World Economic Forum’s Global Shapers Community, she led several youth civic engagement and gender equality projects.
She sits on the Advisory Board of the University College London European Institute, Café Transatlantique, a network of women in transatlantic technology policy and The Nine, Brussels’ first members-only club designed for women.
Sabina holds an MA in War Studies from King’s College London and a BA in Classics from the University of Cambridge.
Policy Manager for International Policy and Trade, techUK
Daniel Clarke
Policy Manager for International Policy and Trade, techUK
Dan joined techUK as a Policy Manager for International Policy and Trade in March 2023.
Before techUK, Dan worked for data and consulting company GlobalData as an analyst of tech and geopolitics. He has also worked in public affairs, political polling, and has written freelance for the New Statesman and Investment Monitor.
Dan has a degree in MSc International Public Policy from University College London, and a BA Geography degree from the University of Sussex.
Outside of work, Dan is a big fan of football, cooking, going to see live music, and reading about international affairs.
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.
Lewis' programmes cover a range of policy areas within Market Access (international trade regulation, sanctions and export controls, technical standards and product compliance, supply chains) and Consumer Tech (media and broadcast policy, consumer electronics, and connected home technology).
Prior to joining techUK, Lewis worked in government affairs and policy roles for international trade associations in Southeast Asia including the American Malaysian Chamber of Commerce and the European Chamber of Commerce in Cambodia.
He holds an undergraduate degree in Social and Political Sciences from the University of Cambridge and an MSc in Public Policy & Management from SOAS University of London.
Tess joined techUK as an Policy and Public Affairs Team Assistant in November of 2024. In this role, she supports areas such as administration, member communications and media content.
Before joining the Team, she gained experience working as an Intern in both campaign support for MPs and Councilors during the 2024 Local and General Election, and working for the Casimir Pulaski Foundation on defence and international secuirty. She has worked for multiple charities, on issues such as the climate crisis, educational inequality and Violence Against Women and Girls (VAWG). In 2023, Tess obtained her Bachelors of Arts in Politics and International Relations from the University of Nottingham.
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.