Code of Practice for General-Purpose AI Models Adopted: What You Need to Know Now

While the Code is voluntary, it carries significant regulatory weight. It is intended to guide providers in implementing the AI Act’s requirements in areas such as transparency, systemic risk management, intellectual property (IP), and organizational accountability.

Purpose of the Code

• To operationalize the AI Act through practical guidance;
• To serve as a voluntary accountability framework for demonstrating good-faith compliance;
• To promote public trust, transparency, and effective oversight mechanisms.

Although not legally binding, adherence to the Code may be taken into account by regulators, courts, and commercial partners when assessing compliance with the AI Act.

Core Principles of the Code

Transparency

• Clearly articulate a model’s capabilities, limitations, and permissible and prohibited use cases;
• Publish a detailed summary of training data, including sources, content types, and information about licensing and copyright;
• Describe measures taken to mitigate bias and other known risks.

Systemic Risk Management

• Conduct regular risk assessments;
• Implement safeguards against misuse, including disinformation, systemic bias, or interference with democratic processes;
• Maintain internal documentation of risk identification, mitigation, and incident response.

Governance and Accountability

• Appoint internal personnel responsible for ensuring compliance with the AI Act and the Code;
• Maintain records of relevant policies, procedures, and oversight practices;
• Facilitate engagement with stakeholders and rightsholders.

Copyright Chapter – Key Commitments

A dedicated chapter of the Code sets out how providers can demonstrate alignment with Article 53(1)(c) of the AI Act, which requires the establishment of a policy to comply with EU copyright and related rights law. Key commitments include:

Copyright Policy

• Develop, implement, and maintain an internal copyright compliance policy;
• Assign responsibility within the organization;
• Publicly summarize the policy where possible.

Use of Lawfully Accessible Content

• Refrain from reproducing or extracting content protected by technological protection measures (e.g., behind paywalls);
• Avoid scraping content from websites that have been officially recognized as repeatedly infringing copyright on a commercial scale.

Respecting TDM Reservations

• Adhere to the instructions in robots.txt and similar mechanisms. Robots.txt is a standard file found on many websites that communicates which areas may or may not be crawled by automated systems such as search engines or data crawlers. The Code obliges providers to use crawlers that respect these instructions, thereby avoiding the collection of content whose use has been expressly reserved.
• Detect and honor other machine-readable signals indicating a reservation of rights under Article 4(3) of Directive (EU) 2019/790;
• Participate in the development of harmonized machine-readable standards to express TDM opt-outs.

Mitigating Infringing Outputs

• Apply technical measures to prevent models from generating outputs that unlawfully reproduce copyrighted training data;
• Include usage restrictions in license terms, acceptable use policies, or accompanying documentation—even for open-source models.

Handling Rightsholder Complaints

• Designate a clear point of contact for rightsholders;
• Provide an accessible online mechanism for submitting and resolving copyright-related complaints in a timely and fair manner.

Implications for Israeli and Global Companies

Companies operating in the AI space—particularly those developing or offering GPAI-based services in the EU—should expect to implement the Code’s principles in practice, even if not formally bound to do so.

Legal and Commercial Risks:

• Exposure to claims over unlawful use of copyrighted content in training or outputs;
• Contractual demands from EU clients to adopt the Code as a condition of doing business;
• Reputational harm stemming from lack of transparency or ineffective copyright safeguards.

Recommended Next Steps

1. Map and assess all data sources used for training your models, including licensing status and rights;
2. Draft and publish an internal copyright policy aligned with EU standards;
3. Review and update relevant contracts, terms of service, and user documentation;
4. Consider voluntary adoption of the Code as a strategic compliance and trust-building measure;
5. Establish infrastructure for managing communications with rightsholders and responding to complaints.

Conclusion

The Code of Practice for General-Purpose AI Models offers a comprehensive framework for implementing the EU AI Act. Early and consistent alignment with the Code can significantly reduce legal exposure, reinforce market credibility, and demonstrate a proactive commitment to responsible AI governance.