Blog · Analysis · May 2026

The Model Constitution Arrives as a Code of Practice

The EU's General-Purpose AI Code of Practice is not a constitution in law. But it is one of the first attempts to write public obligations around foundation-model builders before their models become invisible infrastructure.

From Product to Institution

Foundation models are no longer only products. They are becoming institutional substrate: search assistants, workplace copilots, coding systems, public-service interfaces, tutoring tools, customer-support layers, creative engines, and agents that act through browsers, APIs, documents, and enterprise software.

This creates a governance problem that ordinary product regulation struggles to name. A general-purpose model may be released by one company, customized by another, embedded by a third, and encountered by a user inside a system that looks like a bank form, school portal, help desk, or phone interface. The model's builder is upstream, but its effects are downstream and distributed.

The European Union's AI Act tries to answer that upstream problem by creating obligations for providers of general-purpose AI models, or GPAI models. The Commission says these obligations entered into application on August 2, 2025. All GPAI providers face documentation, copyright-policy, and training-content-summary duties. Providers of GPAI models with systemic risk face additional duties around notification, risk assessment, mitigation, incident reporting, and cybersecurity.

The General-Purpose AI Code of Practice, published in July 2025, sits inside that architecture. It is voluntary, but not decorative. The Commission and Member States have treated it as an adequate voluntary tool for providers to demonstrate compliance. Signatories get a clearer path; non-signatories must show compliance by other means.

That is why the code matters. It marks a shift from asking whether a model is impressive to asking what public obligations attach to the act of building a model other institutions will depend on.

What the Code Does

The Code of Practice was prepared by independent experts through a multi-stakeholder process. The Commission says the final version involved input from more than 1,000 stakeholders, including model providers, small and medium-sized enterprises, academics, safety experts, rightsholders, and civil-society organizations.

That process does not make the code perfect. Multi-stakeholder governance can blur accountability when every actor gets a voice but no actor owns the social consequences. It can also become a site where powerful companies shape compliance into something they can already do. Still, the process is institutionally important because it moves model governance out of pure company policy and into a public compliance vocabulary.

The Commission describes the code as a tool for complying with AI Act obligations on safety, transparency, and copyright. This is the right triad. Transparency asks what the model is and what evidence surrounds it. Copyright asks how the model relates to the cultural memory used to train it. Safety and security ask what happens when the model's capability becomes large enough to create systemic risk.

In other words, the code begins to treat a model as a public object: not public property, not necessarily open source, but an object whose builders owe society some structured account of what they made.

The Three Chapters

The code has three separately authored chapters: Transparency, Copyright, and Safety and Security.

Transparency gives providers a model-documentation form for information needed under Article 53 of the AI Act. This is not glamorous work. It is administrative legibility: facts about the model, its provider, technical characteristics, training process, capabilities, limitations, and intended use. But administrative legibility is where governance starts. A system that cannot be described cannot be audited, compared, procured responsibly, or contested.

Copyright offers practical ways for providers to maintain a policy for complying with EU copyright law. This matters because general-purpose models are trained on large bodies of text, images, code, music, video, metadata, and other cultural traces. Copyright is not the whole moral problem of training data, but it is one of the few existing legal languages that can force the training stack to acknowledge human contribution, opt-outs, licensing, and recordkeeping.

Safety and Security applies to the smaller class of providers whose models present systemic risk. The Commission describes this chapter as state-of-the-art practice for managing systemic risks from the most advanced models. It belongs beside the emerging AI safety-institute layer discussed in The Measurement State Comes for AI: public governance now depends on tests, documentation, incident records, risk models, and institutional capacity to understand systems before deployment normalizes them.

The three chapters are not equal in political meaning. Transparency and copyright apply broadly. Safety and security concentrate on the frontier. Together they create a two-level model polity: baseline duties for all general-purpose model providers, and heavier duties for the most capable systems.

Soft Law With Teeth Nearby

The code is voluntary, but the AI Act is not. This distinction is easy to misunderstand. A voluntary code in isolation can become public-relations foam. A voluntary code attached to legal obligations can become a compliance bridge.

The Commission's fact page says providers who sign and adhere to the code can demonstrate compliance more easily. The same public materials say the rules became applicable on August 2, 2025, with existing models already on the market given until August 2, 2027, to comply. The AI Office is responsible for governing and enforcing obligations for GPAI providers at the EU level, while national competent authorities oversee many AI-system rules.

This is a real institutional design choice. Instead of waiting for every technical standard to harden, the EU is using a code to translate broad legal duties into operational practices. That can reduce ambiguity. It can also create a risk: early compliance templates may freeze a narrow picture of responsibility before the technology's social consequences are understood.

The test is whether the code becomes a floor or a ceiling. If it becomes a floor, providers meet baseline documentation, copyright, and safety practices while regulators, researchers, workers, users, and courts continue to identify missing duties. If it becomes a ceiling, companies can treat signature as a badge that ends the conversation.

The copyright chapter is often treated as a fight between rights holders and model developers. It is that, but it is also a fight over machine memory.

Generative AI turns cultural archives into capability. Books, news, websites, art, recordings, code, subtitles, comments, manuals, forum posts, and public datasets become part of a statistical system that can answer, imitate, summarize, translate, style-transfer, and compete. The model does not preserve works the way a library preserves works. It metabolizes patterns and sells access to the resulting capability.

That is why a training-content summary matters even when it is incomplete. It gives the public a handle on the memory source of the machine. It does not settle whether training was lawful, fair, exploitative, transformative, or socially legitimate. But it refuses the blankness of "the model was trained on data."

The site's earlier essay After the Book Becomes a Database argued that public knowledge is being moved into private retrieval and answer systems. The GPAI obligations are a European attempt to put some recordkeeping around that movement. They cannot solve the ownership problem alone. They can make it harder for model providers to pretend the training world has no authors, no exclusions, no contracts, and no political economy.

Systemic Risk Is a Political Category

The AI Act uses compute thresholds as part of the systemic-risk framework. The Commission's public fact page says models are considered GPAI if trained with more than 10^23 FLOP and capable of generating language, while GPAI models are presumed to pose systemic risk above 10^25 FLOP, with that threshold under review.

Thresholds are useful because law needs handles. But systemic risk is not only a number. A model's social risk depends on deployment, tool access, autonomy, user base, domain, safeguards, integration into institutions, and incentives around it. A model attached to medical triage, financial services, cyber tools, companion products, workplace management, or public administration can matter differently than the same model in a sandbox.

The Commission knows this at least in part: its public materials describe systemic-risk duties such as notification, risk assessment and mitigation, incident reporting, and cybersecurity protections. Those duties point beyond raw scale toward institutional behavior. The provider must not only build. It must watch, report, secure, and respond.

This is the real constitutional move. A model provider becomes a governed actor because its system may shape the conditions under which other actors know, decide, create, and act.

The Governance Standard

A strong GPAI regime should meet five practical tests.

First, documentation must be usable. A model-documentation form should help regulators, downstream providers, researchers, and procurers understand real capabilities and limits. It should not become a dense paperwork shield that only compliance teams can parse.

Second, training-content summaries must preserve contestability. If creators, publishers, researchers, or regulators cannot understand broad source categories and opt-out practices, the summary will not support accountability.

Third, systemic-risk assessment must include deployment context. Scale matters, but so do tools, agents, memory, integrations, user populations, and foreseeable misuse.

Fourth, incident reporting must connect to public memory. A serious incident should not disappear into private remediation. It should feed institutional learning, as argued in The Incident Report Becomes Public Memory.

Fifth, signatory status must not become moral laundering. Signing a code is evidence of participation in a compliance regime. It is not proof that a model is safe, fair, lawful in every use, or socially legitimate.

The Spiralist Reading

The Code of Practice is a ritual of legibility. That is not an insult. Rituals matter when they make power answerable to form.

A foundation model is difficult to govern because it hides inside other things. It becomes the summary in the search box, the suggestion in the editor, the classifier in the workflow, the agent in the browser, the tutor in the school product, the voice in the customer-service line. By the time a user encounters it, the model may feel like the institution itself.

The code interrupts that invisibility. It says there is a provider, a model, a training history, a documentation duty, a copyright policy, a risk process, a security obligation, a reporting path, and an enforcement body. It turns the glowing interface back into an accountable chain.

But the danger is compliance theater. The provider signs. The model ships. The interface smiles. The downstream institution points upstream. The upstream provider points to the code. The user experiences an automated decision, generated claim, lost job pathway, broken citation, manipulative companion, or impossible appeal, and every actor says the paperwork was in order.

The useful standard is harder: public obligations must remain connected to human consequence. Documentation must help someone understand. Copyright policy must help someone contest. Risk assessment must change deployment. Incident reports must preserve memory. Enforcement must be capable of saying no.

The model constitution has arrived in modest clothes: a code, a form, a threshold, a chapter, a signature, an office. That modesty is appropriate. No code can govern the whole machine. But without such instruments, the machine governs through defaults, and defaults are constitutions written by whoever shipped first.

Sources

Return to Blog