On 14 November 2024, the First Draft of the General-Purpose AI Code of Practice was published by independent experts under the guidance of the European AI Office. This marks a crucial step in the implementation of the EU AI ActThe EU Artificial Intelligence Act was approved by the EU Council on 21 March 2024. A world-first comprehensive AI law, intended to harmonise rules for the development, deployment, and use of artificial intelligence systems across the EU. – the pan-EU law that was passed earlier this year.
The Code is intended as a compliance tool for General-Purpose AI model providers and aims to provide clear guidelines for developers of GPAI models and ensure they follow the principles of transparency, copyright compliance, and management of systemic risk. The Code of Practice aims to lay out practical steps to compliance with a minimum specification of governance documentation and necessary compliance activities with clears and defined KPIs.
Read our EU AI Act blog series for more detailed information about the new law
General–Purpose AI (GPAI) refers to highly versatile AI systems that can perform a wide range of tasks across multiple domains. Examples include OpenAI’s GPT models, which can processA series of actions or steps taken in order to achieve a particular end. and generate human-like text, answer questions, translate languages, and assist in customer services. These systems have immense potential, but their broad applicability makes them harder to control and predict, which brings significant regulatory challenges.
The drafting process of the Code is ongoing and currently involves almost 1,000 stakeholders including AI model providers, EU Member State representatives, and experts from industry, civil society and academia. This is to ensure the Code has input from a wide range of perspectives, with the aim to develop a detailed and transparent guide that helps AI providers meet their legal obligations and build safer AI systems.
Participation in the consultation process of the draft Code is encouraged, and interested parties have the opportunity to provide feedback through working groups and written submissions until 28 November 2024, 12:00 CET.
David Smith, DPO and AI Sector Lead at The DPO Centre said:
‘The release of the first draft of General-Purpose AI Code of Practice is a real milestone in the implementation of the EU AI Act. The Code will serve as a compliance tool for developers and recognises the unique responsibilities of General-Purpose AI model providers, especially where their models will be used for a wide range of ‘downstream’ systems across different industries and applications.
‘From a data protection perspective, it is crucial to understand how the Code addresses accountabilityPerhaps the most important GDPR principle, which requires controllers to take responsibility for complying with the GDPR and, document their compliance., transparency, and documentation. And while the focus is on the responsibilities of GPAI providers, downstream Deployers of AI systems that rely on these models should also take note. The Code sets out the standards that Deployers should expect from responsible providers and defines the criteria for systems that are acceptable for deployment in the EU. Deployers have responsibilities for conducting due diligence processes and managing risks when fine-tuning and implementing GPAI models within their own organisations and services.’