AI Sigil Logo
Contact Us
Back to all insights
A magnifying glass to signify scrutiny and oversight in AI practices.

Sections

Key Copyright Considerations in the EU’s General-Purpose AI Code of Practice

Overview of the EU AI Office’s General-Purpose AI Code of Practice

The EU AI Office has released the third draft of its General-Purpose AI Code of Practice, which is closely tied to the EU AI Act. This document highlights essential copyright issues that arise in the context of developing and implementing AI technologies.

Created on April 14, 2025, this latest draft aims to streamline the commitments and measures for providers of general-purpose AI models (GPAI models). These providers will be evaluated based on their adherence to the Code when the AI Act’s key provisions come into effect in August 2025.

Key Aspects of the Code of Practice

The Code of Practice outlines several commitments and measures that GPAI model providers must adhere to, which include:

  1. Transparency and Copyright-Related Rules: Providers must establish clear policies that comply with EU copyright law.
  2. Risk Assessment: Providers are required to conduct a comprehensive risk assessment for systemic risks.
  3. Technical Risk Mitigation: Measures must be in place to mitigate technical risks associated with systemic risks.
  4. Governance Risk Mitigation: Effective governance measures should be established to address systemic risks.

Substantive Scope of Training Data Obligations

A critical obligation under the AI Act pertains to the use of training data. Providers of GPAI models must develop policies that ensure compliance with EU copyright and related rights. It is essential that these policies respect the rights of content creators, particularly in cases where a right holder has opted out of allowing their material to be used for AI training.

A notable interpretation by a German court has broadened the obligation to consider opt-outs under copyright law to include any machine-readable declarations, including those articulated in natural language. The Code of Practice specifies these obligations and differentiates between instructions given in accordance with the Robot Exclusion Protocol (robots.txt) and other machine-readable protocols. While compliance with robots.txt is mandatory, adherence to other protocols is based on the provider’s best efforts.

Summary of the Third Draft

The third draft of the Code of Practice is significantly more concise compared to its predecessor, providing clearer commitments for signatories. The measures pertaining to copyright compliance have been refined to include:

  • Measure I.2.1(1)/(2): Signatories must maintain and implement an up-to-date copyright policy and are encouraged to publish a summary of this policy.
  • Measure I.2.2: Signatories may only use lawfully accessible copyright-protected content when web crawling, ensuring they do not circumvent technological protection measures.
  • Measure I.2.3:
    • (1): Signatories must identify and comply with rights reservations when crawling the web, specifically regarding robots.txt.
    • (2): Reasonable measures must be taken to inform rightsholders about the web crawlers used and their compliance features.
  • Measure I.2.4: Reasonable efforts must be made to obtain information about protected content web crawled by third parties.
  • Measure I.2.5: Signatories must mitigate the risk of copyright infringement through design considerations and contractual prohibitions.
  • Measure I.2.6: A designated point of contact must be established for the lodging of complaints.

Final Thoughts on EU Copyright and AI

Navigating the landscape of AI copyright law within the European Union necessitates a nuanced understanding of both legal principles and practical application. There are significant discrepancies between EU and US copyright laws, particularly regarding the fair use doctrine, which is not recognized in the same manner within EU jurisdictions.

The text and data mining (TDM) exception outlined in Articles 3 and 4 of Directive (EU) 2019/790 (DSM-D) is particularly relevant to AI training, though its implementation remains somewhat ambiguous due to a lack of case law.

As the AI Act, EU copyright law, and other regulations like the General Data Protection Regulation operate concurrently, understanding these interrelations is crucial for stakeholders involved in AI development and deployment.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More