External testing enters EU AI code debate for GPAI models

The European Commission's first draft Code of Conduct for GPAI providers would add detailed safety, security, reporting and copyright expectations. For GPAI models with systemic risk, the draft also points to independent expert testing before deployment, including by the AI Office and third parties.

External testing enters EU AI code debate for GPAI models

The European Commission's first draft Code of Conduct for providers of general-purpose AI systems, or GPAI, turns the EU AI Act's broad obligations into a more detailed operating model. The most consequential part is aimed at GPAI models with systemic risk, where the draft adds structured safety documentation, early reporting, and the possibility of outside testing before deployment.

The draft was prepared by independent experts and could become important beyond voluntary guidance. The Commission can approve the code across the EU and give it general validity, while the AI Act also leaves room for other Commission rules if the code is not finished in time or is considered unsuitable by the AI Office.

What the draft code asks from GPAI providers

The draft focuses on providers of general-purpose AI systems. Its strictest expectations apply to GPAI models with so-called systemic risk, including models trained with more than 10^25 FLOPs of computational power. The source notes that, as far as we know, this threshold was already broken by GPT-4.

Under the current draft, these models would need to be reported to the EU two weeks before training begins. That requirement appears in Sub-Measure 20.1 and makes the training phase itself part of the oversight process, not just the finished model.

The code also creates a documentation structure around two central documents. One is the Safety and Security Framework, or SSF. The other is the Safety and Security Report, or SSR. Together, they are meant to connect general risk management policy with model-specific evidence.

The SSF and SSR create a safety paper trail

The Safety and Security Framework is the broader governance layer. It sets out basic risk management guidelines and covers the methods a provider uses to identify and analyze systemic risks. It also includes safety measures, security measures, and assessment procedures for continuous review.

The source describes four main components in the SSF:

  • Risk identification and analysis, including detailed methods for identifying systemic risks.
  • Safety measures, including behavioral modifications of models and protective measures during deployment.
  • Security measures to protect model weights and assets, including access control.
  • Assessment procedures for continuous review of the measures.

The Safety and Security Report is more specific. It documents how the framework is applied to an individual model. It includes detailed risk analyses before and after protective measures are implemented, assessments of whether those measures work, cost-benefit analyses, scientific method descriptions, and internal or external test results.

The two documents are designed to feed into each other. The SSF gives providers the process for preparing SSRs. The SSRs then create model-level evidence that can inform later updates to the SSF. In practical terms, the draft tries to make safety work repeatable rather than one-off.

External testing is the biggest shift

The most notable proposal is external testing for GPAI models with systemic risk. The draft says signatories should ensure independent expert testing before deployment, including testing by the AI Office and appropriate third-party evaluators where AI Office guidance is available.

This matters because the AI Act itself does not yet provide for external audits in the same way. Preamble 114 says providers of GPAI models with systemic risk should conduct and document risk assessments, including adversarial testing, and says this can be done through internal or independent external testing when appropriate.

The draft code goes further by making outside assessment a more explicit expectation. It also raises unresolved questions. The source asks who would be capable of testing and evaluating the most complex AI models, and whether the AI Office has the necessary expertise. The draft does not answer that point yet.

There is also a technical sensitivity issue. Intensive testing of complex models may require deep insight into the systems being examined. Any third-party testing company would need enough expertise to evaluate leading frontier technology while keeping what it learns from those tests confidential.

How the code could become binding

The draft's importance depends partly on what the Commission does next. According to Preamble 117 of the AI Act, the EU Commission can declare the code of conduct binding across the EU through an implementing act. If that happened, the external testing provisions in the code could gain legal force.

The source frames that as an interpretation, but the practical implication is clear: what begins as a code of conduct may become more than guidance. External auditing could become mandatory through the code itself or through a separate Commission decision.

That would be a tightening compared with the original AI Act. At the same time, the preamble says providers can show compliance by "adequate alternative means" if they do not want to rely on the code. The source notes that the practical implementation of that option remains unclear.

Copyright rules are also part of the draft

The draft code does not only address model safety. It also includes copyright rules for GPAI providers. Providers must establish a policy for complying with copyright and respect rights holders who reserve their content from use in AI model training.

One technical mechanism named in the draft is robots.txt, the industry standard that lets website operators indicate what content may be indexed by crawlers. The draft also says search engine providers may not use robots.txt exclusions to make content less findable.

Providers would also need measures to exclude piracy websites from crawling activities. The source gives the EU Commission's "Counterfeit and Piracy Watch List" as an example basis for identifying those sites.

The process is not finished. The next step is discussion of the draft code with around 1,000 stakeholders in four thematic working groups. Based on that feedback, the independent experts are expected to further develop and specify the code.