Key facts
- The Code of Practice is voluntary, developed with multi-stakeholder input.
- It covers transparency, copyright, and (for the most capable models) safety and security.
- Adherence is a recognised way to demonstrate GPAI compliance, but not the only way.
- Providers who don't adhere must demonstrate compliance through other means.
- Primarily relevant to organisations developing or providing general-purpose AI models, not most deployers.
What the Code covers
The GPAI Code of Practice addresses three main areas: transparency (documentation providers must make available), copyright (respecting rights holders' interests in training data and outputs), and, for models presenting systemic risk, additional safety and security commitments.
Who it applies to
The Code is primarily relevant to organisations that develop or provide general-purpose AI models — not to the much larger population of organisations that simply deploy AI tools built on top of such models. Most SMEs using AI tools are deployers, not GPAI providers, and are not the primary audience for this Code.
Why adherence matters for providers
Signing up to the Code gives GPAI providers a recognised, pre-agreed way to demonstrate compliance with relevant EU AI Act obligations. Providers who choose not to adhere are not automatically non-compliant, but they carry the burden of demonstrating compliance through alternative means, which may be more resource-intensive.
Practical relevance for most businesses
If your organisation deploys AI tools built by others rather than developing general-purpose AI models yourselves, this Code is background context rather than a direct compliance obligation — your focus should be on deployer obligations instead.
Frequently asked questions
What is the GPAI Code of Practice?
A voluntary tool to help general-purpose AI model providers demonstrate compliance with EU AI Act transparency, copyright and safety obligations.
Is the GPAI Code of Practice mandatory?
No — it is voluntary, though adherence is a recognised way to demonstrate compliance.
Who does the GPAI Code of Practice apply to?
Primarily organisations that develop or provide general-purpose AI models, not most organisations that simply deploy AI tools.
What happens if a GPAI provider doesn't adhere to the Code?
They must demonstrate compliance with relevant obligations through other means.
Does this Code affect most businesses using AI tools?
Not directly — most businesses are deployers rather than GPAI providers, and should focus on deployer obligations instead.
Related pages
Sources
Last updated 19 June 2026.