AI Sigil Logo
Contact Us
Back to all insights
A magnifying glass to signify scrutiny and oversight in AI practices.

Sections

Key Copyright Considerations in the EU’s General-Purpose AI Code of Practice

Overview of the EU AI Office’s General-Purpose AI Code of Practice

The EU AI Office has released the third draft of its General-Purpose AI Code of Practice, which is closely tied to the EU AI Act. This document highlights essential copyright issues that arise in the context of developing and implementing AI technologies.

Created on April 14, 2025, this latest draft aims to streamline the commitments and measures for providers of general-purpose AI models (GPAI models). These providers will be evaluated based on their adherence to the Code when the AI Act’s key provisions come into effect in August 2025.

Key Aspects of the Code of Practice

The Code of Practice outlines several commitments and measures that GPAI model providers must adhere to, which include:

  1. Transparency and Copyright-Related Rules: Providers must establish clear policies that comply with EU copyright law.
  2. Risk Assessment: Providers are required to conduct a comprehensive risk assessment for systemic risks.
  3. Technical Risk Mitigation: Measures must be in place to mitigate technical risks associated with systemic risks.
  4. Governance Risk Mitigation: Effective governance measures should be established to address systemic risks.

Substantive Scope of Training Data Obligations

A critical obligation under the AI Act pertains to the use of training data. Providers of GPAI models must develop policies that ensure compliance with EU copyright and related rights. It is essential that these policies respect the rights of content creators, particularly in cases where a right holder has opted out of allowing their material to be used for AI training.

A notable interpretation by a German court has broadened the obligation to consider opt-outs under copyright law to include any machine-readable declarations, including those articulated in natural language. The Code of Practice specifies these obligations and differentiates between instructions given in accordance with the Robot Exclusion Protocol (robots.txt) and other machine-readable protocols. While compliance with robots.txt is mandatory, adherence to other protocols is based on the provider’s best efforts.

Summary of the Third Draft

The third draft of the Code of Practice is significantly more concise compared to its predecessor, providing clearer commitments for signatories. The measures pertaining to copyright compliance have been refined to include:

  • Measure I.2.1(1)/(2): Signatories must maintain and implement an up-to-date copyright policy and are encouraged to publish a summary of this policy.
  • Measure I.2.2: Signatories may only use lawfully accessible copyright-protected content when web crawling, ensuring they do not circumvent technological protection measures.
  • Measure I.2.3:
    • (1): Signatories must identify and comply with rights reservations when crawling the web, specifically regarding robots.txt.
    • (2): Reasonable measures must be taken to inform rightsholders about the web crawlers used and their compliance features.
  • Measure I.2.4: Reasonable efforts must be made to obtain information about protected content web crawled by third parties.
  • Measure I.2.5: Signatories must mitigate the risk of copyright infringement through design considerations and contractual prohibitions.
  • Measure I.2.6: A designated point of contact must be established for the lodging of complaints.

Final Thoughts on EU Copyright and AI

Navigating the landscape of AI copyright law within the European Union necessitates a nuanced understanding of both legal principles and practical application. There are significant discrepancies between EU and US copyright laws, particularly regarding the fair use doctrine, which is not recognized in the same manner within EU jurisdictions.

The text and data mining (TDM) exception outlined in Articles 3 and 4 of Directive (EU) 2019/790 (DSM-D) is particularly relevant to AI training, though its implementation remains somewhat ambiguous due to a lack of case law.

As the AI Act, EU copyright law, and other regulations like the General Data Protection Regulation operate concurrently, understanding these interrelations is crucial for stakeholders involved in AI development and deployment.

More Insights

A smart city model representing AI integration in urban planning

AI in Finland’s Government: Compliance and Opportunities for 2025

September 15, 2025 AI,AI Governance
Finland's government is preparing for the implementation of the EU AI Act, which mandates compliance with general-purpose AI obligations starting August 2, 2025. This guide outlines the legal and...
Read More
A shield

AI Governance in East Asia: Strategies from South Korea, Japan, and Taiwan

September 15, 2025 AI,AI Governance,AI Regulation
As AI becomes a defining force in global innovation, South Korea, Japan, and Taiwan are establishing distinct regulatory frameworks to oversee its use, each aiming for more innovation-friendly...
Read More
A shield to signify protection and security in ethical standards.

Ensuring Ethical Compliance in AI-Driven Insurance

September 15, 2025 AI,AI Compliance,AI Regulation,Ethical AI
As insurance companies increasingly integrate AI into their processes, they face regulatory scrutiny and ethical challenges that necessitate transparency and fairness. New regulations aim to minimize...
Read More
A broken clock to illustrate the urgency and potential delays in adapting to AI governance.

False Confidence in the EU AI Act: Understanding the Epistemic Gaps

September 15, 2025 AI,AI Regulation,European Union AI Governance,Regulatory Compliance
The European Commission's final draft of the General-Purpose Artificial Intelligence (GPAI) Code of Practice has sparked discussions about its implications for AI regulation, revealing an epistemic...
Read More
A robot arm

Transforming AI Governance: The EU Act’s Framework Against Super AI Risks

September 14, 2025 AI,AI Regulation,EU Compliance,Regulatory Frameworks
The EU AI Act establishes a risk-based framework that categorizes AI systems based on their potential harm, imposing strict regulations on high-risk and prohibited uses to enhance human oversight and...
Read More
A magnifying glass symbolizing scrutiny and oversight of AI technologies.

EU AI Act: Key Changes and Future Implications

September 14, 2025 AI,AI Regulation,EU Compliance,Regulatory Framework
The EU AI Act reached a significant milestone on August 2, 2025, marking the beginning of real obligations for general-purpose AI models. Providers must now meet specific requirements to enter the EU...
Read More
A digital padlock.

AI Copyright Dilemma in the EU

September 14, 2025 AI,AI Regulation,European Union AI Governance,Intellectual Property Rights
The European Union's implementation of the Artificial Intelligence Act introduces new guidelines that aim to balance AI growth with copyright compliance, but this creates significant challenges for...
Read More
A data flow diagram illustrating how data moves between entities and the implications of data sharing regulations.

EU AI Act: Key Compliance Dates and Implications for Medtech

September 14, 2025 AI,Data Protection,EU Compliance,Regulatory Frameworks
The EU AI Act has come into effect, imposing compliance requirements for AI systems, especially high-risk ones, with penalties starting as of August 2, 2025. Companies must prepare for full...
Read More
A magnifying glass for scrutiny

China’s AI Content Labeling: Key Compliance Insights for Businesses

September 13, 2025 AI,AI Regulation,International Policy,Regulatory Compliance
China has implemented new AI labeling rules that require clear identification of AI-generated content across various media when distributed on Chinese platforms. Companies must adapt their content...
Read More