The European Commission has received the final code of conduct for general-purpose AI models, giving AI providers a clearer route toward the EU AI Regulation rollout in August 2025. The code is voluntary, but it is designed to help companies show that they are meeting upcoming legal requirements.
At the center of the transparency chapter is a Model Documentation Form. It asks providers to explain key details about their models in a structured way, from architecture and training methods to data sources and energy consumption.
A voluntary code with legal weight
The code was developed by 13 independent experts and reflects feedback from more than 1,000 stakeholders. That group included model developers, small and medium-sized businesses, academics, AI safety specialists, rights holders, and civil society organizations.
Its purpose is practical. The EU AI Act includes broad requirements for general-purpose AI models, and the code is intended to translate some of those more abstract obligations into recommendations providers can actually follow.
The code is split into three main chapters: transparency, copyright, and safety and security. The first two apply to all general-purpose AI providers. The safety and security section is aimed at developers working on the most advanced models.
What the Model Documentation Form asks for
The transparency chapter introduces the Model Documentation Form as a standard way for vendors to describe how their systems are built and operated. Providers are expected to supply information about model architecture, design, training methods, data sources, and energy consumption.
This matters because general-purpose AI models are often used by other companies, services, and products downstream. The documentation must be available to both downstream providers and the EU AI Office on request.
In plain terms, the form creates a shared record of what a provider says about its model. It does not only focus on the visible product. It also reaches into the technical and operational choices behind the model, including how it was trained and what resources it consumes.
Copyright rules move into operational practice
The copyright chapter lays out practical steps for following EU copyright law. Providers must honor the Robot Exclusion Protocol, known as robots.txt, when crawling the web. They must also respect rights reservations.
The code also calls for technical safeguards to prevent models from generating copyright-infringing content. The source article identifies this as a particular challenge for image generators like Midjourney.
Providers also need to create a point of contact for rights holders and set up a complaints process. That means copyright compliance is not treated only as a training-data issue. It also becomes an ongoing operational responsibility after a model is deployed.
Safety and security focus on systemic risks
The safety and security chapter runs 40 pages and focuses on managing systemic risks. It expects providers to create a Safety and Security Framework, continuously assess risks, and put security measures in place.
The chapter also requires serious incidents to be reported to the EU AI Office within set deadlines. It includes specific requirements for cybersecurity and model theft prevention.
That structure signals a broader expectation: providers of the most advanced models need repeatable processes, not one-time reviews. The code frames safety and security as a continuing obligation that includes risk assessment, incident reporting, and protection against theft.
Why signing the code may reduce friction
Providers that sign the code can use it to show compliance with the EU AI Regulation. According to the source, that means less paperwork and greater legal certainty than providers may have if they choose other ways to comply.
The code still has further steps ahead. Official Commission guidelines will clarify who is covered by the rules, and those guidelines will be published before the obligations take effect. Once the code is endorsed by EU Member States and the Commission, providers can sign on and use it to demonstrate compliance.
The timing is important. The EU AI Act became law in February. Additional rules for large AI models will take effect in August. The Commission's AI Office will be able to enforce these rules a year later for new models and two years later for existing ones.
For AI companies, the message is straightforward: documentation, copyright controls, and risk management are becoming part of the expected operating model for general-purpose AI in the EU. The voluntary code gives providers one structured path for preparing before the rules begin to bite.