The European AI Office published the final Code of Practice for providers of General-Purpose AI (GPAI) models on July 10, 2025, following four drafting rounds involving over 1,000 stakeholders. The Code is a voluntary instrument designed to help GPAI providers demonstrate compliance with their obligations under Articles 53–56 of the EU AI Act, which became applicable on August 2, 2025. Obligations include providing technical documentation and instructions for use, complying with copyright law, and publishing summaries of training data. Providers of GPAI models posing systemic risk face additional requirements: model evaluations, adversarial testing, incident reporting, and cybersecurity protections. The EU AI Office gains full enforcement powers, including the authority to recall models and impose fines, from August 2, 2026.
Who it affects: All providers of general-purpose AI models placed on the EU market — whether or not headquartered in the EU — must comply with GPAI obligations under the AI Act. The Code of Practice applies most directly to large-scale model developers and deployers. For companies adopting GPAI systems internally, Article 4’s AI literacy obligation runs in parallel: all employees working with or subject to AI must have sufficient AI literacy by August 2, 2026.
What is notably missing: The Code of Practice does not address user-facing AI literacy or the broader workforce training obligations in Article 4. It focuses on model providers, not on the workers and citizens who are subject to AI systems. Voluntary compliance does not guarantee that smaller or non-EU-headquartered providers adhere consistently. The systemic-risk threshold (10²⁵ FLOPs training compute) may not capture all high-risk models, as compute thresholds are a limited proxy for real-world impact.