Products Pricing Methodology Contact
Client Portal Contact Us
Cresthaven Analytics Intelligence Brief

EU AI Office & Digital Strategy Brief

April 4, 2026 · 14:00 UTC · European Commission DG CONNECT · APAC

By Cresthaven Analytics Research Desk

Headline

EU AI Office publishes first codes of practice for general-purpose AI model providers under Article 52a of the AI Act establishing transparency and safety evaluation requirements

Executive Summary

The European AI Office within DG CONNECT has published the first set of codes of practice for providers of general-purpose AI models under Article 52a of Regulation (EU) 2024/1689 (the AI Act), establishing detailed requirements for transparency reporting, technical documentation, copyright policy compliance, and safety evaluations for models that pose systemic risk. The codes of practice provide the operational specifications that GPAI model providers must implement to demonstrate compliance with the AI Act's GPAI provisions, which became applicable on 2 August 2025.

Key Regulatory Signals

  • Compliance Specification Published: The codes of practice translate the AI Act's principles-based GPAI obligations into actionable compliance specifications, providing model providers with the definitive reference for demonstrating compliance during AI Office enforcement assessments and reducing the interpretive uncertainty that has characterized the GPAI provisions since their application date.
  • Systemic Risk Model Obligations: GPAI models designated as posing systemic risk face enhanced obligations including adversarial testing, red-teaming for dangerous capabilities, incident reporting to the AI Office, and cybersecurity assessments, with the codes of practice specifying the frequency, methodology, and reporting format for each requirement.
  • Transparency Reporting Requirements: All GPAI model providers must publish technical documentation including model capability summaries, training data descriptions compliant with the EU Copyright Directive's text and data mining provisions, and energy consumption metrics, creating a standardized disclosure framework for the EU market.
  • Copyright Compliance Framework: The codes of practice specify the mechanisms through which GPAI model providers must comply with EU copyright law, including implementation of opt-out mechanisms for rights holders under Article 4 of the Copyright in the Digital Single Market Directive and documentation of training data provenance.
  • Enforcement Timeline Active: The AI Office has indicated that enforcement assessments against the codes of practice will commence within 6 months of publication, creating a defined compliance window for GPAI model providers to implement the required transparency, safety, and documentation measures.

Regulatory Delta

The EU AI Act was published in the Official Journal on 12 July 2024 and its GPAI model provisions became applicable on 2 August 2025, creating a 12-month period during which providers were required to comply with principles-based obligations without detailed implementing specifications. The current codes of practice fill that specification gap and represent the first operational output of the EU AI Office, which was established in February 2024 as the dedicated enforcement body for the AI Act's GPAI provisions. The development process involved a multi-stakeholder consultation including GPAI model providers, civil society organizations, academic researchers, and member state representatives, reflecting the AI Office's mandate to develop codes of practice through an inclusive process under Article 52a(6). The codes of practice interact with the AI Act's broader framework including the high-risk AI system requirements under Title III, the prohibited practices under Title II, and the harmonized standards being developed by CEN-CENELEC under the AI Act standardization request.

Materiality Classification

High — First codes of practice under the EU AI Act establishing enforceable compliance specifications for general-purpose AI model providers, with direct implications for all organizations developing or deploying GPAI models in the EU market.

Time Horizon

6 months — AI Office enforcement assessments commencing within 6 months; GPAI model providers must implement codes of practice requirements and prepare compliance documentation within this window.

Intelligence Outlook

Monitor the EU AI Office for enforcement assessment methodology and initial compliance reviews. Track CEN-CENELEC for harmonized AI Act standards development. Assess interaction with national market surveillance authorities' AI Act implementation.

Source EU AI Office — Codes of Practice ↗

This is a sample intelligence brief from Cresthaven Analytics. Live subscribers receive briefs like this on a daily or weekly cadence depending on tier.

More briefs in Technology, AI & Competition