The EU AI Act is by far the world’s most comprehensive legal framework on AI. Its rules on general-purpose AI (GPAI) models began to enter into application this month.
The Act is complex and carries strict obligations for companies providing AI systems used in the EU, like OpenAI and DeepMind. To help these companies comply with legal obligations, the Act mandated the development of a Code of Practice on GPAI.
The Code is a guiding document: a set of non-legally binding guidelines designed to help companies demonstrate compliance on areas like transparency, copyright and safety. Crucially, providers of GPAI models that choose not to sign the Code are still bound by the AI Act’s obligations, but are free to report on how they are complying with the law in a different way.
After a nearly yearlong multi-stakeholder process coordinated by leading global AI scientists and researchers, the Code was finally published in early July. Its drafting process sparked much drama and criticism. Despite this, the Code could play a vital role in shaping and informing effective global governance for AI, particularly GPAI with systemic risk.
Loud voices, old arguments
The development of the EU AI Act was dogged by disputes and disagreements. The accompanying Code’s drafting process was also controversial, reigniting long-standing EU debates about transparency and copyright, while aggravating newer issues about the influence of tech companies.
Some arguments relate to the process by which the Code was developed. Some parts of civil society accused the Code’s architects and EU AI Office of giving privileged access and influence to US-based tech companies. Others applauded the inclusivity of the process but claimed the speed of drafting and the technical knowledge required to follow it were barriers to entry.
The Code’s content itself also caused disagreement. Transparency, for example, has been a central issue. Civil society groups and academics called for the Code to push for greater transparency on how AI models work technically but also how this is communicated to the public. Others claimed the draft Code watered down protections for the fundamental rights of system users.
While there are some divisions within EU industry, the general message has been clear: the EU AI Act and its Code go too far. In early July, the CEOs of Europe’s leading companies called for a two-year ‘clock-stop’ on their implementation, citing concerns about the Act’s complexity and its negative impact on Europe’s economic competitiveness.
Non-EU companies, too, have expressed a range of concerns about the EU’s AI rules. Google head Kent Walker committed to signing the Code, but said that it risks ‘slowing down Europe’s development and deployment of AI’. Other major companies such as Anthropic and OpenAI have signed. But at the time of writing, Meta has not. Its Chief Global Affairs Officer Joel Kaplan recently said the Code’s ‘over-reach will throttle the development and deployment of frontier AI models in Europe’.
Some of these criticisms have been shared by influential policymakers. Last year’s landmark EU report by Mario Draghi said ‘onerous’ regulatory barriers to innovation in the tech sector, including the AI Act, were hampering EU competitiveness. Draghi and other influential policymakers are advocating for regulatory simplification – not only in AI – as a means of improving Europe’s competitiveness.
Debates about promoting competitiveness are tied to conversations about improving Europe’s sovereignty over its tech infrastructure and viable alternatives to US and Chinese AI. That has come into stark focus in recent months, as countries like the UK resist a rush to regulate AI and the Trump administration’s new Action Plan commits to removing regulatory barriers.
Indeed, the current US administration is a staunch opponent of Brussels’ approach. Vice President JD Vance sharply criticized EU AI regulation at a Paris AI Summit in February saying ‘we need an international regulatory regime that fosters AI technology rather than strangles it’. The recent EU–US trade deal appears to have introduced more uncertainty, with the US Commerce Secretary not ruling out further talks on the EU’s ‘attack on our tech companies.’
A global playbook from Brussels?
The Code has ruffled feathers and arrives at a time when governments are moving away from hard regulation towards more flexible frameworks.
Despite its controversies, the Code will likely have a global impact. Elements of EU regulations and guidance are often emulated globally – although the extent to which this is likely to be the case in AI is hotly debated.
The Code has achieved two main things. First, it has clarified obligations under the world’s most comprehensive piece of AI legislation.
Second, in doing so, the Code’s architects have supplied future decision-makers with a playbook for democratically making decisions about AI. Its transparent, inclusive process has produced much the world can learn from in terms of cautionary tales and best practice.
Tech governance is constantly evolving and the Code will have future iterations, too. This presents an opportunity for Brussels to build credibility and legitimacy, leverage strategic linkages to frontier research and link up other governance efforts around the world.
Brussels – specifically its AI Office, but also the EU’s national regulators working on AI – should now take concrete steps to establish itself as a centre of excellence for making AI governance democratic, future-proof and accountable.