European Union: European Commission and AI Board determined General-Purpose Artificial Intelligence Code of Practice including testing requirement as adequate voluntary tool to demonstrate compliance with AI Act

On 1 August 2025, the European Commission and AI Board determined the General-Purpose Artificial Intelligence Code of Practice (GPAI Code) as an adequate voluntary tool to demonstrate compliance with the Regulation laying down harmonised rules on artificial intelligence (AI Act). The European Commission confirmed that the Code establishes twelve commitments across three chapters, transparency, copyright, and safety and security, addressing, inter alia, documentation and reporting obligations under Annex XI, Sections 1 and 2, serious incident reporting under Article 55(1)(c), and cybersecurity mitigations pursuant to Article 55(1)(d). Under the safety and security chapter, providers of GPAI models with systemic risk must conduct testing and evaluation procedures aligned with Articles 55(1) and 56(5) of the AI Act, which outlines specific obligations for providers of general-purpose AI models with systemic risk. The Code highlights evaluations, including red-teaming, adversarial testing, and simulations, to assess systemic risks. It also requires evaluations to be reproducible and transparent, and inform risk acceptability decisions. The European Commission concluded that the Code meets the adequacy requirements under Article 56(6) of the AI Act and contributes to its proper application, while noting that the European Artificial Intelligence Board (EAIB) would issue a separate assessment and that the Code remains subject to future monitoring, evaluation, and potential adaptation.