The European Union is recalibrating its approach to digital regulation as it advances the Artificial Intelligence Act alongside measures aimed at simplification and competitiveness. Since February, regulators have issued guidelines clarifying Artificial Intelligence system definitions and prohibited practices, announced a Digital Omnibus package expected in late 2025, unveiled an Artificial Intelligence Continent Action Plan, and published the General Purpose Artificial Intelligence Code of Practice. Key obligations under the Artificial Intelligence Act became theoretically applicable on August 2, 2025, notably Chapter 5 on general-purpose Artificial Intelligence (GPAI) models and Article 78 on data confidentiality and intellectual property rights. The European Commission emphasized a progressive enforcement approach: providers have until August 2026 for full compliance, with existing GPAI model providers granted until August 2027, though actual implementation may vary by Member State.
The GPAI Code of Practice, published on July 10 after a year-long, multi-stakeholder process involving over 1,000 participants, is structured around three chapters: transparency, copyright, and safety and security. The transparency and copyright provisions apply to all GPAI providers, while safety and security requirements target models with systemic risk, defined as those capable of causing large-scale harm. Providers can make selective, modular commitments to the Code. Complementing the Code, the European Commission released guidelines clarifying which providers fall within the GPAI scope of the Artificial Intelligence Act and a template for summarizing sources used to train models, addressing the politically sensitive issue of data provenance. An updated list of signatories includes major industry players, and the Code has been confirmed by the Commission and Member States. However, implementation remains uncertain because national supervisory authorities are not yet fully designated, despite an obligation for Member States to appoint and resource these bodies by August 2025.
For businesses, the message is twofold: there is an opportunity to engage policymakers as the European Union explores simplification, and there is a need to plan conservatively under existing law. Activity around a potential stop-the-clock indicates any recalibration will be measured, in line with an anticipated Digital Omnibus Package that may streamline certain digital rules, including aspects of GDPR. Companies should use the transitional period to mitigate risk, leveraging modular commitments to the GPAI Code and preparing for transparency and copyright disclosures.
Foreign policy considerations are influencing the pace and shape of these measures. While external pressures, including tariff and market access concerns, have pushed for flexibility on Artificial Intelligence, European Union leaders have tied any delay to the readiness of GPAI codes, underpinning the current grace periods. Any formal pause would require support from both the Council and the European Parliament, where major parties have questioned fast-tracked changes. A recent censure debate and the start of the Danish Council Presidency signal a potential shift toward a more sustainability-focused policy stance, reinforcing that core legislation such as the Artificial Intelligence Act will not be lightly amended.
