← Back to all briefings

AI · Credibility 93/100 · · 2 min read

AI Governance Briefing — May 2, 2025

EU AI Act codes of practice for general-purpose AI are due today, and Zeph Tech is finalising Annex XI disclosures, systemic-risk triggers, and downstream enablement packages for Commission review.

Executive briefing: Nine months after Regulation (EU) 2024/1689 entered into force, is the deadline for GPAI providers to submit Commission-endorsed codes of practice under Article 56(5). Zeph Tech’s teams are validating Annex XI documentation—training data summaries, compute usage, copyright safeguards, and evaluation protocols—while cross-checking systemic-risk triggers that could lead to Article 55 designations. The submission package includes downstream deployment guidance so customers can satisfy Article 52 transparency and risk duties.

Regulatory checkpoints

  • Code submission. Providers must attest to compliance with the approved code of practice or face direct application of Article 53 requirements, including expanded documentation and risk mitigation duties.
  • Annex XI completeness. Ensure transparency summaries cover training data provenance, evaluation coverage, energy usage, and policies for watermarking or content provenance.
  • Systemic-risk triggers. Providers must monitor indicators such as scale of deployment, compute intensity, and dual-use potential that could prompt systemic-risk designation and heightened oversight.

Control alignment

  • Configuration management. Store submitted code commitments, evaluation artefacts, and mitigation plans in controlled repositories for future audits.
  • Downstream assurance. Synchronise customer-facing documentation, service-level terms, and support processes with the commitments captured in the code of practice.
  • Monitoring handoff. Establish playbooks for updating the Commission and national authorities when model changes affect the submitted Annex XI metrics.

Enablement moves

  • Host customer briefings explaining the code-of-practice scope, residual risks, and escalation paths for serious incidents.
  • Integrate code commitments into roadmap governance so future model iterations trigger re-validation before release.
  • Coordinate with legal, policy, and commercial teams on how code obligations affect licensing, indemnity, and partnership agreements.
  • EU AI Act
  • General-purpose AI
  • Codes of practice
Back to curated briefings