--------- Website Scaling Desktop - Max --------- -------- Website Highlight Effekt ---------

We use cookies!

We use cookies to personalize content and advertisements, provide social media features, and analyze website traffic. We also share information about their use, which our partners may combine with data already collected.
declinepreferences
accept

Dissecting the EU AI Act: The Code of Practice

Officially entering into force on August 1st, 2024, the countdown to the EU AI Act’s numerous implications has officially begun. In light of its risk-based approach, various parts of the act will come into effect at different time points, ranging from February 2025 to August 2027.

In particular, the near horizon contains two notable effects, with the latter impacting a wide span of firms: Bans on Prohibited Use-cases (effective February 2025) and the Code of Practice (effective April 2025). In this blog post, we will take a closer look at the Codes of Practice, their scope, and what they will entail for enterprises powered by AI.

The Code of Practice: What to Expect

Applicable to general purpose AI (GPAI) models, the Code of Practice is the “interim” documentation between the EU AI Act and the harmonized standards involving the European Committee for Standardisation (CEN) and the European Committee for Electrotechnical Standardisation (CENELEC). In particular, Article 56 of the EU AI Act defines the Code of Practice as placeholder mode of compliance for GPAI models, with the core obligations outlined as:

- Provision of technical documentation to the AI Office and National Competent Authorities

- Provision of relevant information to downstream providers seeking integration of a model into their AI/GPAI system, including capabilities and limitations

- Summaries of the training data used

- Policies for complying with existing Union copyright law

In particular, the Code will have additional provisions for GPAI models with systemic risk - identified as models with “high impact” or trained with above an 1025 FLOPS threshold (for example, ChatGPT-4). These additions include:

- State of the art model evaluations

- Risk assessment and mitigation

- Serious incident reporting, including corrective measures

- Adequate cybersecurity protection

The Drafting of the Code

On July 30th, the European AI Office opened an official call for expression of interest to participate in the drawing-up of the first general-purpose AI Code of Practice. This ushers in an iterative drafting process, supported by a multi-stakeholder engagement approach.

The timeline is thus broken into three stages: Process Launch, Iterative Drafting in the Code of Practice Plenary, and the Final Code. Officially starting with the official call above, the Final Code of Practice is expected in April 2025. The stages are anticipated as follows:

Process Launch: July - Sept. 2024

- Call for interest of stakeholders

- Multi-stakeholder consultations

- Kick-off meeting of all participants (online)

Iterative Drafting: Sept. 2024 - Apr. 2025

- 1st, 2nd, and 3rd Plenary conducted virtually for discussions organized in 4 Working Groups with specified focuses of the Code

- Participants providing comments consolidated by the Chair and Vice-Chair of each Working Group

- GPAI model provider workshops with Chairs and Vice-Chairs coincidentally occurring

Final Code: April 2025

- Closing plenary

- GPAI model providers express whether they plan to use the code

Multi-stakeholder Involvement

As aforementioned, the web of stakeholder engagement will be involved in each step of the Code’s development. Noted by Latham & Watkins LLP, providers of GPAI models, downstream providers, and various industry or stakeholder organizations (including NGOs, rightsholder organizations, and any interested independent experts), along with public authorities, are invited to offer their input on the development of rules. These rules will address issues such as transparency, copyright, risk taxonomy, assessment, and mitigation, as well as the review and monitoring of the Codes of Practice for GPAI models.

In the Process Launch phase, the consultation of stakeholders will found the basis of the initial draft of the code, with stakeholders invited to become participants to the Code of Practice Plenary groups.

During the stage of Iterative Drafting, the following 4 Working Groups, supported from the previous stage’s stakeholders, will focus on the following:

1. Transparency and copyright-related issues

2. Risk identification and assessment measures

3. Risk mitigation measures

4. Internal risk management and governance for GPAI providers

Moreover GPAI Model Providers will be invited to workshops with working group Chairs and Vice-Chairs, upholding the AI Office’s focus on transparency to all Plenary participants. Once the Iterative Drafting is complete, the Final Code stage involves GPAI model providers directly, with the Final Code of Practice being presented and GPAI model providers expressing their use intentions with the code, as reflected above.

Preparing Enterprises for the Code of Practice

At Calvin, our modularized suite of AI risk management, governance, validation, compliance, and audit tools form the basis of EU AI Act readiness; in particular, Calvin’s LLM offer allows firms to take control of their generative AI compliance process with ease - providing the vital quantitative tools needed to align with the anticipated Code of Practice and various upcoming components of the EU AI Act. As the EU AI Act drives further into effect, our core mission is to lessen the needed administrative and technical efforts by providing efficient, quantitative risk management solutions - guiding firms to certainty in their EU AI Act success.

Authors

Shelby Carter

Business Development Intern

Upgrade AI risk management today!

request a demo

Subscribe to our
monthly newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join our
awesome team today!

e-mail us

Managing the risks of your AI algorithms since 2022.

LinkedIn company logo which serves as a link to the linkedin company page
browse
homeproductabout us
resources
whitepapernewsroomblogcareerscontact us
backed by

Copyright Calvin Risk AG YEAR. All rights reserved

imprintprivacy policy

Disclaimer

The author reserves the right not to be responsible for the topicality, correctness, completeness, or quality of the information provided. Liability claims regarding damage caused using any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. Parts of the pages or the complete publication including all offers and information might be extended, changed, or partly or completely deleted by the author without separate announcement.

Disclaimer for links

References and links to third party websites are beyond our responsibility. Any responsibility for such websites is declined. The access and use of such websites is at the own risk of the respective user.

Copyrights

The copyrights and all other rights to the content, images, photos, or other files on this website belong exclusively to Calvin Risk AG or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of any elements.