Answer to a written question – Restoring European AI-driven innovation, competitiveness and investment in the EU by addressing challenges in the GPAI Code of Practice and the implementation of the GDPR – E-000760/2025(ASW)

The Code of Practice on general-purpose artificial intelligence (AI) models will set out commitments to which providers of such models may voluntarily adhere to demonstrate compliance with the relevant provisions under the AI Act[1].

The AI Office has facilitated the drawing-up of the Code, with working groups chaired by independent experts involving nearly 1 000 stakeholders, Member States representatives, and observers. As the main addressees of the Code, general-purpose AI model providers are invited to dedicated workshops with the chairs and vice-chairs.

The European AI Office is supporting the appointed chairs and vice-chairs drafting a simple but effective Code at the current state of the art. An adequate Code, to be assessed by the AI Office and the AI Board, would cover the relevant obligations in the AI Act, without going beyond it. Signatories to the Code can benefit from reduced administrative burden and increased trust by the AI Office.

Moreover, the AI Act as a product safety legislation is designed to complement and facilitate[2] the EU data protection law, while avoiding overlaps. When both apply[3], market surveillance authorities should cooperate with authorities supervising fundamental rights legislation[4]. The Commission will issue guidelines on the interplay with other EU laws to ensure effective and consistent implementation across the EU[5].

The Commission aims to cooperate with the European Data Protection Board (EDPB) to help AI providers and deployers understand and comply with their obligations under both acts. The EDPB has adopted an opinion under the General Data Protection Regulation’s (GDPR) consistency mechanism, addressed to the data protection authorities, on the application of the GDPR to AI models[6], thereby seeking EU-wide harmonised application. The Commission has also proposed GDPR procedural rules regulation[7], which harmonises procedural rules in cross-border cases.

• [1] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (AI Act), OJ L, 2024/1689.
• [2] Recitals (2), (10), 67 AI Act.
• [3] This is the case when personal data processing is involved in the development and use of AI systems subject to requirements under the AI Act. See Article 2(7) and Recital (10) AI Act.
• [4] See authorities designated under Article 77 AI Act that includes data protection authorities.
• [5] See Article 96(1)e) AI Act.
• [6] EDPB Opinion 28/2024, available at: https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-282024-certain-data-protection-aspects_en.
• [7] Proposal for a regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679, COM/2023/348 final. Currently under negotiation.