EU Issues First Compliance Guidance for AI Providers Under Landmark Regulation

EU Issues First Compliance Guidance for AI Providers Under Landmark Regulation

The European Union published a General-Purpose AI Code of Practice on July 10, 2025, establishing the first concrete compliance framework for AI developers operating under the bloc's AI Act, which took effect in June 2024.

The Code addresses a critical gap in the AI Act's requirements for large AI models. The regulation mandates that providers of general-purpose AI systems assess and mitigate "systemic risks," but the law left implementation details unspecified—creating uncertainty for both developers and regulators about what constitutes adequate compliance.

The new Code provides practical guidance on safety and security standards for AI models trained using 10^25 FLOPs or greater, along with transparency and copyright protection requirements. The move is significant for finance teams evaluating AI tool adoption: companies deploying EU-regulated AI systems now have clearer benchmarks for vendor compliance verification.

The AI Act remains the world's most comprehensive AI regulation, banning certain applications like social scoring and predictive policing while restricting "high-risk" uses including credit scoring and educational evaluation.

What's next: Finance leaders should monitor whether the Code becomes the de facto global standard for AI governance, potentially affecting procurement policies across multinational organizations.