As August begins, the European Union’s pioneering AI Act is poised to enact significant rules concerning general-purpose artificial intelligence, setting a new global benchmark for tech compliance. To facilitate industry adherence, the EU has meticulously developed the General-Purpose Artificial Intelligence (GPAI) Code of Practice, a pivotal framework designed to guide companies through the intricate landscape of new AI regulation. This critical legislation, alongside its supporting code, signals a profound shift in digital governance, compelling businesses worldwide to re-evaluate their operational strategies and ethical considerations.

The GPAI Code introduces stringent guidelines covering crucial aspects such as copyright protection and transparency, addressing long-standing concerns within the generative AI domain. Moreover, certain advanced AI models, identified as posing “systemic risk,” are subject to additional voluntary obligations that emphasize safety and security measures. This tiered approach ensures that while all AI development is considered, those with the broadest potential impact face heightened scrutiny and accountability, aiming to foster responsible innovation.

Signatories to the GPAI Code are tasked with continuous assessment and mitigation of systemic risks inherent in their AI models, alongside implementing appropriate risk management protocols throughout the entire model lifecycle. Furthermore, a core tenet of this EU law is the mandate for prompt reporting of any serious incidents to the European authorities. This proactive and transparent framework is designed to build public trust and ensure that AI deployment aligns with societal values and legal standards.

While providers of generative AI models bear direct responsibility for meeting these new rules, the impact extends far beyond them. Any company utilizing generative AI models and systems—whether procured directly from providers or embedded within other technologies—will inevitably feel the repercussions of these requirements across their value chains and third-party risk management practices. This broad scope ensures that the principles of robust AI regulation permeate the entire business ecosystem, demanding comprehensive tech compliance from all stakeholders.

Despite the EU’s efforts to expand accountability and enforcement around general-purpose AI models, the GPAI Code has not been universally embraced. A coalition of over 40 signatories, including prominent news publications, artist collectives, and film producers, has vocally expressed dissatisfaction, contending that the Code “does not deliver on the promise of the EU AI Act itself.” They view it as a significant “missed opportunity to provide meaningful protection of intellectual property” within the burgeoning field of AI.

This widespread concern among copyright holders underscores a critical tension between fostering innovation and safeguarding creative works in the age of generative AI. The coalition asserts that the Code fails to strike a fair and workable balance, labeling it a “betrayal of the EU AI Act’s objectives.” Such strong dissenting voices highlight the complex challenges involved in crafting comprehensive digital governance frameworks that satisfy all parties.

Conversely, many international observers and experts laud the EU’s AI regulations as arguably the most robust globally, anticipating their profound influence on risk management and governance practices for a multitude of global companies. This perspective underscores the European Union’s leadership in setting a precedent for ethical and responsible AI development, potentially shaping future AI regulation across continents.

The stakes for non-compliance under this landmark Act are remarkably high, with potential penalties soaring up to 7 percent of a company’s global turnover. This severe financial repercussion underscores the urgent necessity for businesses to prioritize tech compliance and digital governance within their strategic frameworks. As Forrester analyst Enza Iannopollo starkly warns, “Companies, make no mistake, there will be action in the next few months,” signaling a critical period for businesses to adapt and ensure full adherence to the new EU law.