General FAQ
Any provider (or potential future provider) of a general-purpose AI model can sign the code by completing the Signatory Form and sending it to EU-AIOFFICE-CODE-SIGNATURES@ec.europa.eu.
The form should be signed by a person with sufficient authority to bind the provider to the General-Purpose code of Practice (e.g. a senior executive).
Once the code is assessed as adequate by the AI Office and the AI Board, providers of general-purpose AI models may rely on the code to demonstrate compliance with Articles 53 and 55 of the AI Act. Any opt-out from chapters of the code of practice results in losing the benefits of facilitating the demonstration of compliance in that respect.
For providers of general-purpose AI models that adhere to the code, the Commission will focus its enforcement activities on monitoring their adherence to the code. Because such providers are transparent about the measures they implement to comply with the AI Act, they benefit from increased trust from the Commission and other stakeholders.
There is no deadline for signing the code. Providers may sign at any time. However, we ask existing providers to sign the code before August 1. For those signatories that agree, signatures will then be listed publicly online.
This way, the AI Office is aware of who intends to adhere to the code before the obligations of the AI Act start to apply on 2 August 2025. If a general-purpose AI model provider does not choose to adhere to the code, they need to demonstrate compliance through other means.
Providers that are neither in the process of developing a general-purpose AI model with systemic risk nor intend to do so, may optionally sign the Safety and Security chapter. In this case, they are expected to specify which of their models - those that do not pose systemic risk - will be subject to the measures outlined in the Safety and Security chapter.
The AI Office acknowledges that signatories may require some time to fully implement the measures in the code (for example, time required to implement the cybersecurity measures under Commitment 6 of the Safety and Security chapter), in light of the fact that the code was published only recently on July 10, 2025. If Signatories do not fully implement all commitments immediately after signing the code, the AI Office will not necessarily consider them to have broken their commitments under the code. Instead, in such cases, the AI Office will consider them to act in good faith and will be ready to collaborate to help ensure adherence to the code.
Providers that do not adhere to the code must demonstrate compliance via other adequate means and will have to report the measures they have implemented to the AI Office. Furthermore, such providers are expected to explain how the measures they implement ensure compliance with their obligations under the AI Act, for instance by carrying out a gap analysis that compares the measures they have implemented with the measures set out by the code.
Providers that don’t adhere to the code may also be subject to a larger number of requests for information and requests for access to conduct model evaluations throughout the entire model lifecycle because the AI Office will have less of an understanding of how they are ensuring compliance with their obligations under the AI Act and will typically need more detailed information, including about modifications made to general-purpose AI models throughout their entire lifecycle.
In line with the Article 56(8) AI Act, the AI Office shall, as appropriate, encourage and facilitate the review and adaptation of the code.
The AI Office may facilitate formal updates to the code in response to technological developments, changes in the risk landscape, or experience with the application of the AI Act rules. The AI Office will review the code at least every two years, and it may propose a streamlined process for reviews and updates as needed. The AI Office may also issue guidance to further clarify concepts relevant for the code as appropriate to ensure its contribution to the proper application of the obligations under the AI Act.
Any updates to the text of the GPAI Code of Practice will be shared with the signatories for their consideration, and signatories will be invited to sign the updated code.
Yes, a signatory may withdraw their signature to the Code at any time.
Related content
The Code of Practice helps industry comply with the AI Act legal obligations on safety, transparency and copyright of general-purpose AI models.