--- type: source title: "EU GPAI Code of Practice (Final, August 2025): Principles-Based Evaluation Architecture" author: "European AI Office" url: https://code-of-practice.ai/ date: 2025-08-00 domain: ai-alignment secondary_domains: [] format: regulatory-document status: unprocessed priority: medium tags: [EU-AI-Act, Code-of-Practice, GPAI, systemic-risk, evaluation-requirements, principles-based, no-mandatory-benchmarks, loss-of-control, Article-55, Article-92, enforcement-2026] --- ## Content The EU GPAI Code of Practice was finalized July 10, 2025 and endorsed by the Commission and AI Board on August 1, 2025. Full enforcement begins August 2, 2026 with fines for non-compliance. **Evaluation requirements for systemic-risk GPAI (Article 55 threshold: 10^25 FLOP)**: - Measure 3.1: Gather model-independent information through "forecasting of general trends" and "expert interviews and/or panels" - Measure 3.2: Conduct "at least state-of-the-art model evaluations in the modalities relevant to the systemic risk to assess the model's capabilities, propensities, affordances, and/or effects, as specified in Appendix 3" - Open-ended testing: "open-ended testing of the model to improve understanding of systemic risk, with a view to identifying unexpected behaviours, capability boundaries, or emergent properties" **What is NOT specified**: - No specific capability categories mandated (loss-of-control, oversight evasion, self-replication NOT explicitly named) - No specific benchmarks mandated ("Q&A sets, task-based evaluations, benchmarks, red-teaming, human uplift studies, model organisms, simulations, proxy evaluations" listed as EXAMPLES only) - Specific evaluation scope left to provider discretion **Explicitly vs. discretionary**: - Required: "state-of-the-art standard" adherence; documentation of evaluation design, execution, and scoring; sample outputs from evaluations - Discretionary: which capability domains to evaluate; which specific methods to use; what threshold constitutes "state-of-the-art" **Architectural design**: Principles-based, not prescriptive checklists. The Code establishes that providers must evaluate "in the modalities relevant to the systemic risk" — but defining which modalities are relevant is left to the provider. **Enforcement timeline**: - August 2, 2025: GPAI obligations enter into force - August 1, 2025: Code of Practice finalized - August 2, 2026: Full enforcement with fines begins (Commission enforcement actions start) **What this means for loss-of-control evaluation**: A provider could argue that oversight evasion, self-replication, or autonomous AI development are not "relevant systemic risks" for their model and face no mandatory evaluation requirement for these capabilities. The Code does not name these categories. **Contrast with Bench-2-CoP (arXiv:2508.05464) finding**: That paper found zero compliance benchmark coverage of loss-of-control capabilities. The Code of Practice confirms this gap was structural by design: without mandatory capability categories, the "state-of-the-art" standard doesn't reach capabilities the provider doesn't evaluate. ## Agent Notes **Why this matters:** This is the most important governance document in the field, and the finding that it's principles-based rather than prescriptive is the key structural gap. The enforcement mechanism is real (fines start August 2026), but the compliance standard is vague enough that labs can avoid loss-of-control evaluation while claiming compliance. This confirms the Translation Gap (Layer 3) at the regulatory document level. **What surprised me:** The Code explicitly references "Appendix 3" for evaluation specifications but Appendix 3 doesn't provide specific capability categories — it's also principles-based. This is a regress: vague text refers to Appendix for specifics; Appendix is also vague. The entire architecture avoids prescribing content. **What I expected but didn't find:** A list of required capability categories for systemic-risk evaluation — analogous to FDA specifying what clinical trials must cover for specific drug categories. The Code's "state-of-the-art" standard without specified capability categories is the regulatory gap that allows 0% coverage of loss-of-control capabilities to persist despite mandatory evaluation requirements. **KB connections:** - Directly extends: 2026-03-20 session findings on EU AI Act structural adequacy - Connects to: 2026-03-20-bench2cop-benchmarks-insufficient-compliance.md (0% coverage finding — Code structure explains why) - Connects to: 2026-03-20-stelling-frontier-safety-framework-evaluation.md (8-35% quality) - Adds specificity to: domains/ai-alignment/market-dynamics-eroding-safety-oversight.md **Extraction hints:** 1. New/refined claim: "EU Code of Practice requires 'state-of-the-art' model evaluation without specifying capability categories — the absence of prescriptive requirements means providers can exclude loss-of-control capabilities while claiming compliance" 2. New claim: "principles-based evaluation requirements without mandated capability categories create a structural permission for compliance without loss-of-control assessment — the 0% benchmark coverage of oversight evasion is not a loophole, it's the intended architecture" 3. Update to existing governance claims: enforcement with fines begins August 2026 — the EU Act is not purely advisory ## Curator Notes PRIMARY CONNECTION: domains/ai-alignment/ governance evaluation claims and the 0% loss-of-control coverage finding WHY ARCHIVED: The definitive regulatory source showing the Code of Practice evaluation requirements are principles-based; explains structurally why the 0% compliance benchmark coverage of loss-of-control capabilities is a product of regulatory design, not oversight EXTRACTION HINT: The key claim is the regulatory architecture finding: mandatory evaluation + vague content requirements = structural permission to avoid loss-of-control evaluation; this is different from "voluntary evaluation"