GPAI Code of Practice: Voluntary Guidelines for AI Act

What is the Code of Practice for GPAI models? How does it affect large language model providers and organizations using AI?

The AI Act introduces specific requirements for General Purpose AI (GPAI) models, such as GPT-4, Claude, or Gemini. The European Commission is developing a GPAI Code of Practice to help providers demonstrate compliance with the regulation.

What are GPAI models according to the AI Act?

GPAI models are AI models trained on large datasets, capable of performing a wide range of tasks. These include large language models (LLMs) like GPT-4, Claude, Gemini, Llama. The AI Act divides them into "standard" GPAI and GPAI "with systemic risk" (models trained with computing power above 10^25 FLOP). Models with systemic risk are subject to stricter requirements.

What obligations does the AI Act impose on GPAI providers?

GPAI model providers must: create technical documentation, provide information for downstream providers (who build on the model), implement copyright policy, publish training data summary. For models with systemic risk additionally: conduct model evaluations, perform adversarial testing, report incidents, ensure adequate cybersecurity.

What does the GPAI Code of Practice contain?

The Code of Practice is a voluntary document developed in cooperation with industry that specifies AI Act requirements. It covers: technical documentation standards, risk assessment methodologies, security testing guidelines, transparency practices. Following the Code creates a presumption of AI Act compliance, making it easier for providers to demonstrate requirement fulfillment.

How does the GPAI Code affect organizations using AI?

Organizations using GPAI models (e.g., via OpenAI API) should: verify the model providers AI Act compliance, understand model limitations and risks from provider documentation, implement own measures for high-risk use cases. The Code of Practice helps assess whether the model provider meets industry standards.

Wizards.io tools support responsible AI use. **Nocturno** anonymizes data before use in GPAI models, reducing privacy-related risks. **Revelio** identifies personal data in datasets intended for AI processing, enabling informed decisions about their use.

The GPAI Code of Practice is an important element of the AI Act ecosystem, helping general purpose AI model providers and users navigate regulatory requirements. Organizations should monitor its development and incorporate it into their AI strategy.