AI Sigil Logo
Contact Us
Back to all insights
A clipboard with a checklist of compliance requirements

Sections

EU AI Act: Key Updates on Copyright Compliance for AI Providers

EU AI Act Guidelines Draft Hones Copyright Specifications

The latest draft from the EU AI Office on the Code of Practice (CoP) concerning general-purpose model provider obligations under the EU AI Act has been deemed more workable than its predecessors. Set for finalization by May 2, the forthcoming obligations will take effect on August 2, 2025. Compliance is crucial, as non-compliance can result in fines of up to 3% of annual global turnover or 15 million euros (approximately $16.2 million), whichever is higher, and may even lead to an EU ban on the model.

More than 1,000 stakeholders have collaborated with the EU AI Office on the CoP. This article provides an overview of the CoP’s status regarding copyright-related obligations.

Practice and Compliance

The EU AI Act introduced the concept of a CoP as a detailed guide for general-purpose AI (GPAI) model providers to meet their obligations. While adherence to the CoP is voluntary, it showcases compliance with the act until “harmonized standards” are established. Providers may also explore alternative means of compliance, subject to individual assessment by the European Commission.

The third draft of the CoP has eased copyright-related measures, establishing that compliance should be commensurate and proportionate to the size and capacity of individual providers.

Copyright Policy

GPAI model providers are required to implement a policy to comply with European copyright law. CoP specifications mandate the following:

  • Providers must assign internal compliance responsibilities, summarizing all copyright-relevant commitments in a single document. Regular updates to this policy summary are encouraged.
  • To mitigate risks of copyright infringement from downstream AI systems, providers must make “reasonable efforts” to prevent model memorization of training content that could lead to such output. Copyright-infringing use of the model must be prohibited in their policy and terms, with exceptions for open-source models.
  • Previous drafts suggested that obligations related to modification and fine-tuning were limited to those actions, but this was removed from the CoP text. Nonetheless, this statement remains in the AI Office’s GPAI model Q&A and will be part of the EU AI Act guidance.

Opt-Outs and Training

Providers must identify and comply with machine-readable rights reservations, or opt-outs, from rightsholders regarding the use of content for text and data mining that would otherwise be allowed under the EU TDM copyright exception. This obligation extends to AI training conducted both within and outside the EU.

Specifics for text and data mining of lawfully accessible material include:

  • In line with the TDM copyright exception, providers must not circumvent effective technological measures (e.g., paywalls) during web crawling. Such circumvention would violate the requirement for content to be lawfully accessible.
  • Providers should make “reasonable efforts” to exclude “piracy domains” from their web crawling.
  • For third-party datasets not obtained via web crawling, providers must exert “reasonable efforts” to ascertain whether the material respects rights reservations outlined in the Robot Exclusion Protocol (robots.txt).

Regarding machine-readable opt-outs:

  • Providers must utilize web crawlers that adhere to robots.txt to comply with the current standards recognized by legal scholars and technical experts.
  • “Best efforts” must be made to comply with other appropriate machine-readable protocols expressing opt-outs, ensuring that these protocols are the result of a cross-industry standard-setting process.
  • Rightsholders retain the freedom to effectuate their opt-out through any appropriate means, although such alternatives will not be specifically covered by the CoP.

Although not mandated by the act, the CoP advises providers to designate a point of contact for affected rightsholders. Definitions for a training data summary and the “placing on the market” of a GPAI model are not included in the CoP.

Takeaways

While the CoP does not resolve all legal and technical uncertainties surrounding GPAI model compliance, it provides a structured compliance pathway. The EU AI Act only requires providers to implement a policy for compliance with EU copyright law and the EU TDM exception. The CoP adds substantial specification, particularly regarding robots.txt as the standard for TDM opt-outs, significantly reducing uncertainties while encouraging collaborative standard establishment among stakeholders.

A key challenge remains the definition of what model providers must do to prevent copyright-infringing output from downstream systems. Although the latest draft has moved away from the term “overfitting,” the current directive—preventing repeated memorization of training content in output—remains ambiguous. The revisions in the drafting process reflect an acknowledgment of stakeholder input on practical and feasible solutions. Stakeholders are invited to provide final feedback by March 30 and participate in the concluding discussion rounds, marking the last opportunity for input before implementation.

Note: This article does not necessarily reflect the opinion of any specific organization or individual.

More Insights

A smart city model representing AI integration in urban planning

AI in Finland’s Government: Compliance and Opportunities for 2025

September 15, 2025 AI,AI Governance
Finland's government is preparing for the implementation of the EU AI Act, which mandates compliance with general-purpose AI obligations starting August 2, 2025. This guide outlines the legal and...
Read More
A shield

AI Governance in East Asia: Strategies from South Korea, Japan, and Taiwan

September 15, 2025 AI,AI Governance,AI Regulation
As AI becomes a defining force in global innovation, South Korea, Japan, and Taiwan are establishing distinct regulatory frameworks to oversee its use, each aiming for more innovation-friendly...
Read More
A shield to signify protection and security in ethical standards.

Ensuring Ethical Compliance in AI-Driven Insurance

September 15, 2025 AI,AI Compliance,AI Regulation,Ethical AI
As insurance companies increasingly integrate AI into their processes, they face regulatory scrutiny and ethical challenges that necessitate transparency and fairness. New regulations aim to minimize...
Read More
A broken clock to illustrate the urgency and potential delays in adapting to AI governance.

False Confidence in the EU AI Act: Understanding the Epistemic Gaps

September 15, 2025 AI,AI Regulation,European Union AI Governance,Regulatory Compliance
The European Commission's final draft of the General-Purpose Artificial Intelligence (GPAI) Code of Practice has sparked discussions about its implications for AI regulation, revealing an epistemic...
Read More
A robot arm

Transforming AI Governance: The EU Act’s Framework Against Super AI Risks

September 14, 2025 AI,AI Regulation,EU Compliance,Regulatory Frameworks
The EU AI Act establishes a risk-based framework that categorizes AI systems based on their potential harm, imposing strict regulations on high-risk and prohibited uses to enhance human oversight and...
Read More
A magnifying glass symbolizing scrutiny and oversight of AI technologies.

EU AI Act: Key Changes and Future Implications

September 14, 2025 AI,AI Regulation,EU Compliance,Regulatory Framework
The EU AI Act reached a significant milestone on August 2, 2025, marking the beginning of real obligations for general-purpose AI models. Providers must now meet specific requirements to enter the EU...
Read More
A digital padlock.

AI Copyright Dilemma in the EU

September 14, 2025 AI,AI Regulation,European Union AI Governance,Intellectual Property Rights
The European Union's implementation of the Artificial Intelligence Act introduces new guidelines that aim to balance AI growth with copyright compliance, but this creates significant challenges for...
Read More
A data flow diagram illustrating how data moves between entities and the implications of data sharing regulations.

EU AI Act: Key Compliance Dates and Implications for Medtech

September 14, 2025 AI,Data Protection,EU Compliance,Regulatory Frameworks
The EU AI Act has come into effect, imposing compliance requirements for AI systems, especially high-risk ones, with penalties starting as of August 2, 2025. Companies must prepare for full...
Read More
A magnifying glass for scrutiny

China’s AI Content Labeling: Key Compliance Insights for Businesses

September 13, 2025 AI,AI Regulation,International Policy,Regulatory Compliance
China has implemented new AI labeling rules that require clear identification of AI-generated content across various media when distributed on Chinese platforms. Companies must adapt their content...
Read More