← Back to all briefings
AI 5 min read Published Updated Credibility 93/100

AI Governance Briefing — May 2, 2025

EU AI Act codes of practice for general-purpose AI are due today, and Zeph Tech is finalising Annex XI disclosures, systemic-risk triggers, and downstream enablement packages for Commission review.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: Nine months after Regulation (EU) 2024/1689 entered into force, is the deadline for GPAI providers to submit Commission-endorsed codes of practice under Article 56(5). Zeph Tech’s teams are validating Annex XI documentation—training data summaries, compute usage, copyright safeguards, and evaluation protocols—while cross-checking systemic-risk triggers that could lead to Article 55 designations. The submission package includes downstream deployment guidance so customers can satisfy Article 52 transparency and risk duties.

Regulatory checkpoints

  • Code submission. Providers must attest to compliance with the approved code of practice or face direct application of Article 53 requirements, including expanded documentation and risk mitigation duties.
  • Annex XI completeness. Ensure transparency summaries cover training data provenance, evaluation coverage, energy usage, and policies for watermarking or content provenance.
  • Systemic-risk triggers. Providers must monitor indicators such as scale of deployment, compute intensity, and dual-use potential that could prompt systemic-risk designation and heightened oversight.

Control alignment

  • Configuration management. Store submitted code commitments, evaluation artefacts, and mitigation plans in controlled repositories for future audits.
  • Downstream assurance. Synchronise customer-facing documentation, service-level terms, and support processes with the commitments captured in the code of practice.
  • Monitoring handoff. Establish playbooks for updating the Commission and national authorities when model changes affect the submitted Annex XI metrics.

Enablement moves

  • Host customer briefings explaining the code-of-practice scope, residual risks, and escalation paths for serious incidents.
  • Integrate code commitments into roadmap governance so future model iterations trigger re-validation before release.
  • Coordinate with legal, policy, and commercial teams on how code obligations affect licensing, indemnity, and partnership agreements.
Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the AI pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • EU AI Act
  • General-purpose AI
  • Codes of practice
Back to curated briefings