deb376bfec
Pipeline auto-fixer: removed [[ ]] brackets from links that don't resolve to existing claims in the knowledge base.
44 lines
4 KiB
Markdown
44 lines
4 KiB
Markdown
---
|
|
type: source
|
|
title: "Mapping Industry Practices to EU AI Act GPAI Code of Practice Safety and Security Measures (arXiv:2504.15181)"
|
|
author: "Lily Stelling, Mick Yang, Rokas Gipiškis, Leon Staufer, Ze Shen Chin, Siméon Campos, Ariel Gil, Michael Chen"
|
|
url: https://arxiv.org/abs/2504.15181
|
|
date: 2025-04-01
|
|
domain: ai-alignment
|
|
secondary_domains: []
|
|
format: paper
|
|
status: unprocessed
|
|
priority: high
|
|
tags: [GPAI, Code-of-Practice, industry-practices, EU-AI-Act, safety-measures, OpenAI, Anthropic, Google-DeepMind, compliance, voluntary]
|
|
---
|
|
|
|
## Content
|
|
|
|
166-page analysis comparing safety and security measures in the EU AI Act's General-Purpose AI Code of Practice (Third Draft) against actual commitments from leading AI companies. Examined documents from over a dozen companies including OpenAI, Anthropic, Google DeepMind, Microsoft, Meta, and Amazon.
|
|
|
|
**Key Finding:** "Relevant quotes from at least 5 companies' documents for the majority of the measures in Commitments II.1-II.16" within the Safety and Security section.
|
|
|
|
**Important Caveat (author-stated):** "This report is not meant to be an indication of legal compliance, nor does it take any prescriptive viewpoint about the Code of Practice or companies' policies."
|
|
|
|
**Context:** The GPAI Code of Practice (Third Draft, April 2025) was finalized and received by the Commission on July 10, 2025, and became applicable August 2, 2025.
|
|
|
|
## Agent Notes
|
|
|
|
**Why this matters:** This paper shows that existing frontier AI lab policies already contain language matching the majority of Code of Practice safety measures. This is important for two competing interpretations: (1) Pro-governance reading: the Code of Practice reflects real existing practices, making compliance feasible. (2) Anti-governance reading: if labs already claim to do most of this, the Code simply formalizes current voluntary commitments rather than creating new obligations — it's the same voluntary-collaborative problem in formal dress.
|
|
|
|
**What surprised me:** The author caveat is striking: they explicitly say this is NOT evidence of compliance. Labs may publish commitments that match the Code language while the actual model behaviors don't correspond. This is the deception-resilient gap — what labs say they do vs. what their models do.
|
|
|
|
**What I expected but didn't find:** Evidence that the Code of Practice requires genuinely independent third-party verification of the safety measures it lists. From the structure, it appears labs self-certify compliance through code adherence, with the AI Office potentially auditing retrospectively.
|
|
|
|
**KB connections:**
|
|
- voluntary safety pledges cannot survive competitive pressure — the Code of Practice may formalize existing voluntary commitments without adding enforcement mechanisms that survive competitive pressure
|
|
- an aligned-seeming AI may be strategically deceptive — the gap between published safety commitments and actual model behavior is precisely what deception-resilient evaluation (AAL-3/4) is designed to detect
|
|
|
|
**Extraction hints:** Supporting claim: "GPAI Code of Practice safety measures map to existing commitments from major AI labs — but the mapping is of stated policies, not verified behaviors, leaving the deception-resilient gap unaddressed." Use cautiously — authors explicitly say this is not compliance evidence.
|
|
|
|
**Context:** Independent analysis by researchers at AI safety/governance organizations. Not affiliated with the AI Office or Commission.
|
|
|
|
## Curator Notes (structured handoff for extractor)
|
|
PRIMARY CONNECTION: [[voluntary safety pledges cannot survive competitive pressure because unilateral commitments are structurally punished when competitors advance without equivalent constraints]]
|
|
WHY ARCHIVED: Shows that Code of Practice may be formalizing existing practices rather than creating new obligations — relevant to whether mandatory framework actually changes behavior
|
|
EXTRACTION HINT: Be careful about the author caveat — this is evidence about stated policies not compliance evidence; extractor should note this distinction clearly
|