The EU has a new set of AI regulations poised to take effect soon. While debate over them continues, Brussels has put out a handy guidebook to help companies make sense of what they can and cannot do.
The European Commission announced the publication of the General-Purpose AI Code of Practice on Wednesday with the goal of helping folks comply with the AI Act. Parties subject to the Act will be able to sign on to the Code to indicate that they’re in compliance, but it’s purely voluntary.
Broken into three parts, the Code has two brief chapters outlining responsibilities AI companies face regarding transparency and obeying copyright, as well as a much longer section on safety and security that the Commission noted is “relevant only to a limited number of providers of the most advanced models.”
The same goes for the AI Act in general. As we’ve noted in our prior coverage, it puts the greatest onus for compliance on the largest, most powerful frontier AI models, and those operating in the most critical sectors or whose operations have the greatest potential for harm.
The Code’s three chapters include all the things you’d expect from a typical AI regulation, like preventing the output of copyrighted content, requiring AI scraping bots to obey robots.txt, and mandating risk assessments.
Beyond those basic rules, the Code also calls for companies to fill out a documentation form that details all the intricacies of a model (including energy consumption data) and keep model documentation on file for a decade for each version. It even recommends that AI companies that “also provide an online search engine” refrain from downranking pages that refuse to be ingested by the company’s AI – and no, that’s not targeted at anyone in particular, why do you ask?
The Code’s publication doesn’t mean it’s official yet – that’ll require endorsement by the EU states and the Commission – but even then it won’t mean all that much. As the EC noted, there’s no push for companies to sign on if they don’t want to.
That said, the Code does reflect the AI Act as its written, so they’re more than just guidelines – companies ignore them at their peril.
This all assumes the AI Act’s general-purpose rules enter into application on 2 August as planned. A number of European companies have come out against the AI Act, calling for its delay and simplification to ensure continental AI firms would be able to compete with unnamed “AI behemoths,” some of whom have also called for a pause on enforcement.
The European arm of the Computer and Communications Industry Association (CCIA), a pro-tech trade association, expressed disappointment in the Code, saying it added further confusion to a set of rules that are badly in need of clarification.
As one example, the CCIA says, the Code imposes rules that aren’t requirements in the Act, while other requirements from the Act are missing. If it’s that obviously messy, why would any company want to sign on?
“Without meaningful improvements, signatories remain at a disadvantage compared to non-signatories, thereby undermining the Commission’s competitiveness and simplification agenda,” said Boniface de Champris, a senior policy manager at CCIA Europe.
Others are urging the EU not to bow to corporate pressure. A group of academics, watchdog groups, and privacy advocates signed an open letter to the Commission urging it not to delay enforcement, as doing so would call into question Europe’s dedication to its own principles of “putting consumer and fundamental rights at the center of all legislation.”
“We call upon the Commission to prioritise the full implementation and proper enforcement of the AI Act instead of re-opening or delaying its implementation,” the open letter pleaded.
Whichever way the Commission swings on AI Act enforcement, it’ll still take some time for punishments to be meted out: While the AI Act applies as of next month, the Commission won’t have enforcement power for some time. According to the EC, “new models” released on or after August 2, 2025, will have one year to get fully compliant, while older models get two years. A lot could change between now and then. ®