AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

AI Safety Newsletter #59: EU Publishes General-Purpose AI Code of Practice

inforegulatory

policysafety

Source: CAIS AI Safety NewsletterJuly 15, 2025

Summary

The EU published a General-Purpose AI Code of Practice in July 2025 to clarify how AI developers should comply with the EU AI Act's safety requirements, which had been ambiguously worded. The Code establishes a three-step framework for identifying, analyzing, and determining whether systemic risks (including CBRN threats, loss of control, cyber attacks, and harmful manipulation) are acceptable before deploying large AI models, along with requirements for continuous monitoring and incident reporting.

Solution / Mitigation

The EU General-Purpose AI Code of Practice provides a structured approach requiring GPAI providers to: (1) Identify potential systemic risks in four categories (CBRN, loss of control, cyber offense capabilities, and harmful manipulation), (2) Analyze each risk using model evaluations and third-party evaluators when necessary, (3) Determine whether risks are acceptable and implement safety and security mitigations if not, and (4) conduct continuous monitoring after deployment with strict incident reporting timelines.

Classification

Attack SophisticationModerate

Impact (CIA+S)

safety

AI Component TargetedModel

Original source: https://newsletter.safe.ai/p/ai-safety-newsletter-59-eu-publishes

First tracked: February 15, 2026 at 08:49 PM

Classified by LLM (prompt v3) · confidence: 92%