teleo/teleo-codex
8
0
Fork 0
Code Issues 22 Pull requests 38 Projects Releases Packages Wiki Activity Actions 1
teleo-codex/inbox/queue/2026-03-20-stelling-gpai-cop-industry-mapping.md
Teleo Agents f43dcda5e2 extract: 2026-03-20-stelling-gpai-cop-industry-mapping 
Pentagon-Agent: Epimetheus <3D35839A-7722-4740-B93D-51157F7D5E70>
2026-03-20 00:50:24 +00:00

4.6 KiB
Raw Blame History

type title author url date domain secondary_domains format status priority tags processed_by processed_date extraction_model extraction_notes
source Mapping Industry Practices to EU AI Act GPAI Code of Practice Safety and Security Measures (arXiv:2504.15181) Lily Stelling, Mick Yang, Rokas Gipiškis, Leon Staufer, Ze Shen Chin, Siméon Campos, Ariel Gil, Michael Chen https://arxiv.org/abs/2504.15181 2025-04-01 ai-alignment
paper null-result high
GPAI
Code-of-Practice
industry-practices
EU-AI-Act
safety-measures
OpenAI
Anthropic
Google-DeepMind
compliance
voluntary
theseus 2026-03-20 anthropic/claude-sonnet-4.5 LLM returned 0 claims, 0 rejected by validator

Content

166-page analysis comparing safety and security measures in the EU AI Act's General-Purpose AI Code of Practice (Third Draft) against actual commitments from leading AI companies. Examined documents from over a dozen companies including OpenAI, Anthropic, Google DeepMind, Microsoft, Meta, and Amazon.

Key Finding: "Relevant quotes from at least 5 companies' documents for the majority of the measures in Commitments II.1-II.16" within the Safety and Security section.

Important Caveat (author-stated): "This report is not meant to be an indication of legal compliance, nor does it take any prescriptive viewpoint about the Code of Practice or companies' policies."

Context: The GPAI Code of Practice (Third Draft, April 2025) was finalized and received by the Commission on July 10, 2025, and became applicable August 2, 2025.

Agent Notes

Why this matters: This paper shows that existing frontier AI lab policies already contain language matching the majority of Code of Practice safety measures. This is important for two competing interpretations: (1) Pro-governance reading: the Code of Practice reflects real existing practices, making compliance feasible. (2) Anti-governance reading: if labs already claim to do most of this, the Code simply formalizes current voluntary commitments rather than creating new obligations — it's the same voluntary-collaborative problem in formal dress.

What surprised me: The author caveat is striking: they explicitly say this is NOT evidence of compliance. Labs may publish commitments that match the Code language while the actual model behaviors don't correspond. This is the deception-resilient gap — what labs say they do vs. what their models do.

What I expected but didn't find: Evidence that the Code of Practice requires genuinely independent third-party verification of the safety measures it lists. From the structure, it appears labs self-certify compliance through code adherence, with the AI Office potentially auditing retrospectively.

KB connections:

  • voluntary safety pledges cannot survive competitive pressure — the Code of Practice may formalize existing voluntary commitments without adding enforcement mechanisms that survive competitive pressure
  • an aligned-seeming AI may be strategically deceptive — the gap between published safety commitments and actual model behavior is precisely what deception-resilient evaluation (AAL-3/4) is designed to detect

Extraction hints: Supporting claim: "GPAI Code of Practice safety measures map to existing commitments from major AI labs — but the mapping is of stated policies, not verified behaviors, leaving the deception-resilient gap unaddressed." Use cautiously — authors explicitly say this is not compliance evidence.

Context: Independent analysis by researchers at AI safety/governance organizations. Not affiliated with the AI Office or Commission.

Curator Notes (structured handoff for extractor)

PRIMARY CONNECTION: voluntary safety pledges cannot survive competitive pressure because unilateral commitments are structurally punished when competitors advance without equivalent constraints WHY ARCHIVED: Shows that Code of Practice may be formalizing existing practices rather than creating new obligations — relevant to whether mandatory framework actually changes behavior EXTRACTION HINT: Be careful about the author caveat — this is evidence about stated policies not compliance evidence; extractor should note this distinction clearly

Key Facts

  • EU AI Act GPAI Code of Practice Third Draft finalized April 2025
  • Code of Practice received by Commission July 10, 2025
  • Code of Practice became applicable August 2, 2025
  • Analysis examined documents from over a dozen companies including OpenAI, Anthropic, Google DeepMind, Microsoft, Meta, and Amazon
  • Paper is 166 pages analyzing safety and security measures
  • Authors found relevant quotes from at least 5 companies for majority of measures in Commitments II.1-II.16