The European Commission released new potential requirements and security mandates on Thursday for general-purpose artificial intelligence (AI) providers that make their models available in the bloc.

The General-Purpose AI Code of Practice provides guidance for the industry on how to comply with the EU’s AI Act’s general-purpose AI requirements. The EU’s AI Office and board are currently assessing the code, and may approve it by 2 August.

The commission is focused on regulating the most advanced general-purpose AI providers—such as Google, Microsoft, and OpenAI—because they underpin many other AI systems in the EU.

“Some general-purpose AI models could carry systemic risks, such as risks to fundamental rights and safety, including lowering barriers for the development of chemical or biological weapons, or risks related to loss of control over the model,” according to a press release from the commission. “The AI Act mandates that model providers assess and mitigate these systemic risks.”

The code consists of three chapters—Transparency, Copyright, and Safety and Security—that apply to providers of the most advanced general-purpose models.

The Safety and Security chapter contains significant requirements for systemic risk management, including mandates to address cyber and physical security, insider risks, and enterprise security risk management.

Security Measures

The code requires that providers implement “an adequate level of cybersecurity” protection for their physical infrastructure and models along the entire lifecycle of the model to prevent unauthorized releases, access, or theft.

Adequate security mitigations that prevent unauthorized access include the following:

1. Strong identity and access management practices that restrict device and account sharing
   
   
2. Multi-factor authentication
   
   
3. Strong password enforcement
   
   
4. Strong access management tools
   
   
5. 802.1x authentication
   
   
6. Zero trust architecture
   
   
7. Protection of wireless networks to the same standard as wired networks
   
   
8. Separation of guest networks form the work network

Providers are also required to reduce social engineering risks by filtering emails for suspicious attachments, links, and phishing attempts; reduce the risk of malware infection and malicious use of portable devices by creating policies on removable media; and reduce the risk of vulnerability exploitation and malicious code execution by regularly updating and patching software.

The code specifies requirements for protecting unreleased models that include creating a secure internal registry of all devices and locations where model parameters are stored, preventing unauthorized copying of model parameters to unmanaged devices, and preventing unauthorized access to model parameters during transport, at rest, and temporary storage.

Providers must also prevent unauthorized “physical access to systems hosting model parameters through…restricting physical access to data centers and other sensitive working environments to required personnel only, along with regular inspections of such sites for unauthorized personnel or devices,” according to the code.

Providers are required to specify the threat actors their security mitigations are intended to protect against, including insider threats. For these high-risk actors, the code lays out four requirements:

1. Conduct background checks on employees and contractors that have or might reasonably obtain read or write access to unreleased model parameters or their managing systems
   
   
2. Provide training on recognizing and reporting insider threats
   
   
3. Create sandboxes (an isolated testing environment) around models to reduce the risk of self-exfiltration
   
   
4. Check training data for indications of tampering

The code further lays out security assurance requirements for providers to ensure the above security measures are working as intended. These include conducting regular independent external security reviews to mitigate systemic risks, validating network and physical access management and security gap identification through frequent red-teaming, and validating network software integrity through competitive bug bounty programs.

Additionally, providers are tasked with validating their insider threat security mitigations by conducting personnel integrity testing; facilitating reporting of security issues by third parties through secure communication channels; detecting suspicious or malicious activity using endpoint detection and response or intrusion detection systems; and using a security team to monitor and respond to endpoint detection and response alerts.

Risk Management

Under the code, providers will need to allocate risk responsibility at multiple levels to address systemic risks from their models. The governance structure includes creating oversight responsibility at these five levels:

1. The management body in its supervisory function or another independent body, such as a council or board
   
   
2. The management body in its executive function
   
   
3. Relevant operational teams
   
   
4. If available, internal assurance providers, such as internal auditors
   
   
5. If available, external assurance providers, such as third-party auditors

The code also requires that these risk managers be provided with resources—human, financial, access to information and knowledge, and computational—to complete their responsibilities.

Additionally, providers will need to promote a healthy risk culture and ensure that risk managers are taking a “reasoned and balanced approach to systemic risk,” according to the code.

The commission included examples of what a healthy risk culture looks like in practice, such as setting the tone from the top, creating incentives and providing staff with independence to discourage excessive systemic-risk-taking while encouraging unbiased assessments of systemic risks from their models, and creating internal reporting channels that are used and responded to appropriately.

Moving Forward

The publication of the final version of the code is an important step in making advanced AI models available in Europe while also maintaining safety and transparency, said Henna Virkkunen, executive vice-president of the European Commission for tech sovereignty, security, and democracy, in a press release.

“Co-designed by AI stakeholders, the code is aligned with their needs,” Virkkunen added. “Therefore, I invite all general-purpose AI model providers to adhere to the code. Doing so will secure them a clear, collaborative route to compliance with the EU’s AI Act.”

The code enters into application on 2 August 2025 but is not enforceable for existing models until 2 August 2026 and future models until 2 August 2027. The commission said it intends to release additional guidelines on general-purpose AI before the enforcement date.

It was not immediately clear which general-AI providers would voluntarily comply with the 2 August 2025 deadline. Failure to comply with the EU AI Act comes with steep penalties, though, including requirements to recall a model from the market and fines of up to 3 percent of global annual turnover or 15 million Euros—whichever is higher.

 

MOST POPULAR ARTICLES

1. What is Agentic AI?

2. Staffing Continues to Complicate K-12 Entrance Security

3. Risk vs. Reward: What Security Leaders Need to Know When Using Agentic AI