The European Union’s AI Act is nearing a major milestone: rules for general-purpose AI (GPAI) models take effect on August 2. The Code of Practice, a voluntary compliance tool that is intconcludeed to provide a pathway for companies to meet the requirements of the Act, was expected by May, but was delayed, partly due to mounting criticism from US tech companies and the Trump administration.
The latest manifestation of this pressure to “stop the clock” comes from a group of companies that refer to themselves as European “AI Champions.” In their letter from July 3, 46 CEOs of some of the leading European tech companies question for a pautilize of two years for both the obligations for high-risk AI systems and for general-purpose AI models. Just a few days before, on June 30, another letter by 33 European startup founders and investors singled out the Code of Practice as “incomplete” and “still being debated,” warning that “companies cannot comply with rules that don’t yet exist in workable form.”
But the Code is now ready. On July 3, participating stakeholders, including GPAI model providers, were presented with an overview of the final text during the drafting platform’s closing plenary. Furthermore, the Code has already been substantially weakened from previous versions, as indicated by EU lawcreaters warning the European Commission against weakening it further and a coalition of civil society organizations expressing concern over the indusattempt’s strong influence.
Indepconcludeent experts charged with developing the Code of Practice, toreceiveher with the EU AI Office, have been working relentlessly over the past two months to attempt and accommodate indusattempt’s concerns as much as possible. The Future of Life Institute, which one of us represents, was among the participating stakeholders. There were even dedicated workshops, where only model providers were admitted, that facilitated a frank exalter over the feasibility of the measures. While this approach is understandable, as companies will ultimately be responsible for implementing the rules, civil society did not benefit from this treatment.
Indusattempt’s concerns are never to be taken lightly. The nereceivediation process for the EU AI Act involved continuous dialogue with companies to address issues, avoid contradictions, and eliminate duplications. While the final result is the outcome of a compromise and will be subject to further guidelines and simplification efforts by the European Commission, some of the messaging surrounding the Code of Practice has become difficult to comprehconclude. We have relocated beyond constructive dialogue into the realm of propaganda. For instance, even MistralAI’s CEO, Arthur Mensch, one of the signatories of the July 3 letter, publicly stated just three months ago that regulation was not Europe’s problem, apparently accepting that his company’s long-standing criticism of the AI Act was not worth perpetuating.
Ultimately, the Code of Practice serves as a voluntary compliance tool to support companies meet the requirements of the AI Act in advance of established standards. The compliance rules are already established and clearly outlined in the AI Act, specifically in Articles 53 and 55. These are the provisions that will take effect in August, not the Code, which merely supports companies and was co-developed with them. Providers may also choose not to follow the Code and instead comply through alternative means, in coordination with the European Commission. Moreover, companies have known since at least June 2024, when the AI Act was published, that the GPAI rules would come into force on August 2, 2025.
What to create of the rumored delays in the Code’s implementation
The announcement that the Code will only be “implemented” at the conclude of 2025 sparked confusion. What does this mean? In practice, it can be interpreted to mean that signatories to the Code will have time to implement it, as the AI Office recognizes that these companies are acting in good faith and responsibly, and will allow them to work internally before taking any action. Companies that choose not to sign the Code, becautilize they have different internal processes for compliance, will just have to demonstrate it to the regulators. This will take the form of a dialogue, before it becomes an investigation. Only one year from now will it trigger fines in cases of clear non-compliance. In practice, threatening not to sign the Code will ultimately harm a company, as it erodes trust with regulators.
Only a handful of companies – those whose models pose systemic risk – will have to contconclude with the strictest GPAI rules. Many already follow the AI Seoul Frontier Safety Commitments and published their safety frameworks ahead of the Paris AI Action Summit, indicating progress toward AI Act compliance. Even the Frontier Model Forum, a private undertaking that reunites the leading frontier AI providers, acknowledged during the Paris AI Summit, that the Code largely corresponds to indusattempt best practices. If anything, the transparency and copyright-related obligations are the ones on which the companies’ published frameworks could improve, and these should be feasible for any model provider to comply with. What seems to be missing is the willingness to do it.
Further delays would only undermine legal certainty, deter investment and innovation, and penalize early relocaters that acted in good faith to ensure their models were in conformity before compliance deadlines.
Delaying implementation also runs counter to public opinion. European citizens have consistently supported strong AI governance, and surveys indicate that a large majority of citizens in France, Germany, and Spain believe the Commission should proceed with implementation as planned.
The European Commission should resist these delay tactics. The AI Act represents years of careful deliberation with extensive indusattempt input. The compliance tools are ready, the timelines are reasonable, and the rules reflect what many companies already do.
Leave a Reply