The European Union approved a voluntary Code of Practice for General-Purpose AI (GPAI). It offers model providers a documented path to show compliance with transparency, copyright, and safety expectations under the European Union Artificial Intelligence Act (EU AI Act). Signing reduces administrative burden and signals readiness to auditors.
Why this matters
The Code operationalises Articles 53 and 55 by providing concrete model documentation and safety expectations. It is not law, but regulators intend it as an on-ramp to compliance for GPAI providers and a reference for deployers evaluating suppliers.
Impact on obligations
Provider
Complete the Code's model documentation form, document training data governance, safety evaluations, and copyright measures aligned to EU AI Act obligations for General-Purpose AI.
Deployer
Use provider adherence as a due-diligence signal; require documentation packages in tenders.
Importer
Prefer signatories and require equivalent documentation in contracts.
What to evidence
- Model documentation form
- Evaluation reports
- Transparency log entries
- Decision records linking to a Signed Tree Head (STH)
- Optional Time-Stamp Authority (TSA) receipts
Key artefacts explained:
- DSSE: Dead Simple Signing Envelope — portable signature format
- STH: Signed Tree Head — tamper-evident checkpoint in transparency log
- TSA: Time-Stamp Authority — independent timestamp receipt
- WORM: Write Once Read Many — immutable storage for audit trails