The EU AI Code of Practice Needs a Makeover

In November, the European Commission published its first draft of its General-Purpose AI Code of Practice, which is meant to serve as guidelines for general-purpose artificial intelligence (GPAI) model developers to comply with the EU AI Act. While well-intentioned, the current draft has been developed quickly, without meaningful engagement with model developers, and raises significant concerns that require thoughtful refinement to align with the dynamic nature of AI innovation.

TechNet has long championed policies that balance technological advancement with public trust and safety. In its current form, the EU AI Code of Practice fails on both fronts. The draft Code is simultaneously vague and stringent and regulatory overreach - disrupting global AI innovation, placing sensitive IP and business information at risk, disproportionately burdening U.S. companies, and ultimately weakening the technology sector in Europe.

The Code, while aiming to mitigate risks, would inadvertently stifle the very innovation and public trust that its authors seek to encourage. Instead, the EU must aim for a framework that ensures accountability while fostering an ecosystem that enables AI innovation to flourish.

To refine the EU's approach and strike the right balance, we recommend the following steps:

• Ensure clarity and workability in compliance requirements. Organizations need clear, actionable guidelines that are technically feasible in the current stage of tech development while remaining adaptable to the rapidly evolving nature of AI technology.

• Avoid imposing unique European requirements. Align the Code of Practice with international standards, such as the G7 Code of Conduct on AI, to foster consistency and reduce regulatory fragmentation across borders.

• Streamline requirements to avoid burdening innovators. The EU already imposes large regulatory burdens on technology development and adoption. The Code should not add to those burdens and go beyond the AI Act; it should respect, not rewrite, existing obligations in the AI Act, the Copyright Directive, and other EU law.

• Focus on the capabilities of the models, not the size of the providers of the model, to avoid unintended consequences for the safety of EU citizens or discriminatory application.

• Ensure security, confidentiality, and protection of IP and trade secrets. Sharing of information should remain on a need-to-know basis, e.g., in most instances, the AI Office and downstream providers. Any requirement for public disclosure of information should be fully aligned with the legal requirements outlined in the AI Act.

Policymakers, industry leaders, and civil society must work together to address shared challenges, develop practical guidelines, and leverage AI's transformative capabilities responsibly. When crafting policies, regulatory bodies must consider the diversity of AI applications and the nuances of different sectors. The European Commission should work to refine its GPAI Code of Practice to set a precedent that ensures safety and trust without hamstringing innovation.