The European Union has officially solidified its new AI Code of Practice. Released on July 24, 2025, this voluntary yet highly encouraged Code offers a clear pathway for businesses to prepare for the enforcement of the comprehensive EU AI Act, which is set to begin on August 2, 2025. This move aims to provide clarity and flexibility for companies, allowing them to proactively align with new AI regulations without waiting for full legal enforcement.
So, if you're involved in building or utilizing general-purpose AI models, this Code is your essential roadmap. Let's break down what it covers, who it applies to, why it's important now, and the steps companies should take for compliance.
What the AI Code of Practice Covers
The final iteration of the AI Code zeroes in on three fundamental pillars: transparency, copyright, and safety.
- Transparency and Disclosure: The Code introduces a standardized documentation format for AI models. This means developers are required to provide clear and comprehensive information regarding their models' operational mechanisms, the data used for training, and their behavior across diverse contexts. This transparency empowers users and regulators to gain a deep understanding of how AI-driven decisions are made.
- Copyright and Data Use: A crucial element of the Code addresses copyright compliance. AI developers must strictly adhere to EU copyright law, which includes recognizing and respecting digital markers that indicate content should not be used for training purposes. Companies are expected to implement tools and practices to filter out copyrighted material from their training datasets.
- Safety and Risk Controls: For AI models that pose systemic risks—meaning they have the potential to cause harm to users or the broader public—the Code mandates additional measures. These include conducting thorough risk assessments, diligently reporting any incidents, and establishing robust cybersecurity practices.
Who Should Follow the Code and Why it Matters Now
While adherence to the Code is voluntary, companies that choose to sign up stand to gain significant benefits. Signing demonstrates good faith, provides legal clarity, and can effectively mitigate the risk of penalties once the AI Act's enforcement begins. Crucially, it also grants companies a valuable one-year grace period before full enforcement kicks in.
What Happens if You Don't Sign
Choosing not to sign the Code means a company must still demonstrate compliance with the AI Act through alternative means. This often entails additional audits, more extensive documentation, and increased legal review. Furthermore, non-signatories will not benefit from the one-year grace period and will face heightened scrutiny from regulators. Conversely, companies that do sign gain early access to guidance and tools, providing a strong incentive for participation.
Final Guidelines Still to Come
Even with the AI Code finalized, some aspects are still being ironed out. The European Commission is expected to release a detailed list soon, outlining which chapters of the Code companies must adhere to based on their specific business models. An official endorsement from EU Member States is also anticipated, which will further amplify the Code's influence on both developers and policymakers.
AuditOne: Your Partner in AI Compliance
At AuditOne, we specialize in helping companies navigate the complexities of AI regulation. Our expert team provides comprehensive auditing services for your AI systems, ensuring full compliance with the new EU AI Code of Practice and the upcoming EU AI Act. By partnering with us, you can proactively identify and mitigate risks, streamline your documentation processes, and ultimately avoid potential penalties.