Third Draft of the General-Purpose AI Code of Practice: Key Updates and Implications for Generative AI Stakeholders

The third draft of General-Purpose AI Code of Practice has been released, introducing significant refinements to enhance AI governance and compliance. Below, I outline the main changes and the potential impact for businesses.

Notable Updates of the Third Draft General Purpose AI Code of Practice

Here are the main changes
1. Streamlined Structure: The Code now presents a concise set of high-level commitments, each accompanied by detailed implementation measures, ensuring clarity and practicality.
2. Transparency & Copyright Commitments: All providers of general-purpose AI models are subject to two primary commitments:

• Transparency: A user-friendly Model Documentation Form has been introduced to facilitate comprehensive and accessible model information. Notably, certain open-source model providers may be exempt from specific transparency obligations, aligning with the AI Act.
• Copyright: The Code delineates clear measures to uphold copyright standards, ensuring that AI models respect intellectual property rights.

3. Safety & Security Measures: Providers of advanced AI models identified as posing systemic risks are now subject to sixteen additional commitments. These encompass:

• Systemic Risk Assessment: Mandatory evaluations to identify and mitigate potential widespread impacts.
• Incident Reporting: Structured protocols for reporting and addressing adverse events.
• Cybersecurity Obligations: Enhanced measures to protect AI systems from malicious threats.

Implications for Providers and Deployers of Generative AI Systems

Here are the main impacts deriving from the new version of the Third Draft General Purpose AI Code of Practice:

• Enhanced Compliance Requirements: Providers must adhere to detailed transparency and copyright obligations, necessitating robust documentation and data management practices.
• Risk Management: Deployers of high-capability generative AI systems must implement comprehensive risk assessment and mitigation strategies to align with the new safety and security commitments.
• Adaptation to Evolving Standards: The Code emphasizes flexibility to accommodate technological advancements, urging stakeholders to stay informed and agile in their compliance efforts.

What next steps and open questions?

Stakeholders are invited to provide feedback by March 30, 2025 and the final version of the Code is anticipated in May 2025. In this context, the potential open questions are the following in my view

1. Will the Code of Practice become a guide to interpret the provisions of the AI Act?
2. Will the Code of Practice become a more flexible and adjustable guide to adapt to quick technological developments?
3. Will courts and regulators look at the Code of Practice in the enforcement of the AI Act?
4. Are de facto businesses obliged to comply with the Code of Practice?

On the topic, you can read the articles available HERE.