Analysis of the 1st Code of Practice Draft for General-Purpose AI

The first draft of the AI Act Code of Practice for general-purpose AI marks a significant step toward regulating the development and deployment of artificial intelligence systems. The proposed measures focus on transparency, intellectual property rights, and systemic risk management, aiming to balance innovation with accountability. However, there are areas where the framework could benefit from refinement to better support public understanding, promote equitable collaboration, and address a broader spectrum of risks.

Strengthening Transparency Measures

Transparency forms the foundation of the draft’s regulatory approach, with a strong emphasis on detailed documentation and performance evaluation. These measures are critical to ensuring accountability and public trust, but the current draft leaves room for improvement.

1. Enhancing Public Accessibility of Information
   While the draft requires AI developers to provide extensive documentation covering technical specifications, performance metrics, and intended use cases, much of this information risks being inaccessible to non-experts. For the Code of Practice to be effective, key details must be presented in a clear, concise, and user-friendly manner. This includes adopting plain language summaries and visual aids, enabling a broader audience to understand and evaluate AI systems.
2. Adapting to Collaborative Development Models
   The language and requirements in the draft appear tailored to centralized, corporate AI development structures. However, many AI projects today are built in collaborative, open-source environments. Transparency requirements must be restructured to account for these decentralized approaches, ensuring that contributors at all levels of development can adhere to the standards without unnecessary burdens.
3. Scalable Performance Evaluation Standards
   The draft’s focus on performance testing—such as ensuring robustness, fairness, and reliability—is a positive step. However, smaller developers may lack the resources to meet extensive testing requirements. To address this, the Code of Practice could introduce tiered compliance standards, where obligations scale according to the size, scope, and potential impact of the AI system.

Addressing Copyright-Related Challenges

The draft recognizes the importance of intellectual property rights in AI, proposing measures to harmonize copyright compliance. These provisions aim to mitigate disputes and foster responsible use of datasets. However, implementation challenges must be addressed to ensure the measures are effective and inclusive.

1. Standardization and Stakeholder Collaboration
   The draft’s call for standardization and collaboration among AI developers, copyright holders, and regulators is a promising direction. By creating unified guidelines for dataset use, these measures can reduce ambiguity and foster innovation. However, achieving this standardization will require active participation from a diverse range of stakeholders, including smaller developers and underrepresented copyright holders.
2. Minimizing Burden on Smaller Developers
   Smaller developers are particularly vulnerable to the complexities of copyright compliance. The draft risks imposing undue burdens on these groups, potentially stifling innovation and competition. Streamlining processes, such as by providing access to shared compliance tools and pre-approved datasets, could alleviate these challenges.
3. Avoiding Regulatory Fragmentation
   Regulatory fragmentation remains a significant concern. Divergent interpretations of copyright rules across jurisdictions could create a patchwork of compliance obligations, making it difficult for developers to operate effectively. Harmonizing standards across regions is essential to ensure consistency and predictability in the regulatory landscape.

Revisiting the Taxonomy of Systemic Risks

One of the most critical aspects of the draft is its taxonomy of systemic risks. While the draft focuses on long-term, abstract hazards, it overlooks more immediate and tangible threats. A restructured approach to risk management is necessary to address the full spectrum of potential challenges.

1. Addressing Risks in Critical Settings
   AI systems deployed in high-stakes environments—such as healthcare, law enforcement, or infrastructure—pose immediate risks if improperly implemented. The current taxonomy does not sufficiently address these scenarios, leaving a critical gap in regulatory oversight. Introducing stricter controls and clear deployment guidelines for sensitive contexts is essential.
2. Mitigating Large-Scale Information Security Risks
   The draft does not adequately address risks related to information security, such as data breaches or vulnerabilities in AI systems used at scale. Robust measures, including mandatory security audits, encryption standards, and continuous monitoring, are necessary to safeguard sensitive information.
3. Countering Scaled-Up Abuse
   The potential for large-scale misuse of AI systems—such as through automated disinformation campaigns or cyberattacks—represents a growing threat. The taxonomy must explicitly incorporate these risks, alongside proactive strategies to detect and mitigate abuse. Shared threat intelligence and collaborative risk management frameworks could be instrumental in this effort.

Promoting Collaboration and Evidence-Based Governance

The Code of Practice draft emphasizes collaboration and evidence-based regulation but can further refine these aspects to achieve a balanced and effective framework.

1. Inclusivity in Compliance Frameworks
   To ensure equitable participation, the regulatory framework must support developers of all sizes. Introducing flexible compliance pathways and offering practical resources—such as templates, toolkits, and advisory services—can help level the playing field between large corporations and smaller entities.
2. Continuous Updates Based on Empirical Evidence
   AI systems evolve rapidly, making it crucial for the Code of Practice to remain dynamic. Regularly revisiting and revising the framework based on empirical evidence and real-world feedback will ensure its continued relevance and effectiveness.
3. Encouraging Global Cooperation
   Aligning the Code of Practice with international standards can help create a cohesive regulatory environment. By fostering global collaboration, the framework can address cross-border challenges and promote consistency in AI governance.

Recommendations for Improvement

To enhance the effectiveness of the AI Act Code of Practice, the following recommendations should be considered:

1. Simplify Transparency Requirements
   Adopt user-friendly language and formats for documentation to ensure accessibility for diverse stakeholders.
2. Support Collaborative Development Models
   Adjust regulatory language to reflect the realities of decentralized and open-source AI development environments.
3. Introduce Tiered Compliance Standards
   Scale obligations based on the size and potential impact of AI systems to prevent overburdening smaller developers.
4. Harmonize Copyright Standards
   Collaborate with international bodies to create consistent copyright rules, minimizing fragmentation.
5. Expand the Risk Taxonomy
   Broaden the focus of systemic risks to include immediate threats, such as misuse in critical settings and large-scale security vulnerabilities.
6. Provide Resources for Smaller Developers
   Offer practical tools, templates, and advisory support to help smaller entities meet compliance requirements.

Conclusion: A Path Toward Responsible AI Development

The 1st Code of Practice Draft for general-purpose AI sets the stage for comprehensive AI regulation. While its focus on transparency, copyright measures, and systemic risk management is commendable, targeted improvements are necessary to ensure its effectiveness and inclusivity. By refining transparency standards, addressing copyright challenges, and adopting a broader approach to risk management, the framework can better serve the diverse needs of the AI community.

Through these adjustments, the AI Act Code of Practice has the potential to balance innovation with accountability, fostering an environment where AI can be developed and deployed responsibly. By taking a proactive, evidence-based approach, this framework can provide a robust foundation for the ethical and equitable growth of artificial intelligence technologies.

Interested in speaking with our consultants? Click here to get in touch

 

Some sections of this article were crafted using AI technology