Article 56: Codes of Practice
Article 56
Codes of Practice
Updated on 31 July 2024 based on the version published in the Official Journal of the EU dated 12 July 2024 and entered into force on 1 August 2024.
1. The AI Office shall encourage and facilitate the drawing up of codes of practice at Union level in order to contribute to the proper application of this Regulation, taking into account international approaches.
2. The AI Office and the Board shall aim to ensure that the codes of practice cover at least the obligations provided for in Articles 53 and 55, including the following issues:
- the means to ensure that the information referred to in Article 53(1), points (a) and (b), is kept up to date in light of market and technological developments;
- the adequate level of detail for the summary about the content used for training;
- the identification of the type and nature of the systemic risks at Union level, including their sources, where appropriate;
- the measures, procedures and modalities for the assessment and management of the systemic risks at Union level, including the documentation thereof, which shall be proportionate to the risks, take into consideration their severity and probability and take into account the specific challenges of tackling those risks in light of the possible ways in which such risks may emerge and materialise along the AI value chain.
3. The AI Office may invite all providers of general-purpose AI models, as well as relevant national competent authorities, to participate in the drawing-up of codes of practice. Civil society organisations, industry, academia and other relevant stakeholders, such as downstream providers and independent experts, may support the process.
4. The AI Office and the Board shall aim to ensure that the codes of practice clearly set out their specific objectives and contain commitments or measures, including key performance indicators as appropriate, to ensure the achievement of those objectives, and that they take due account of the needs and interests of all interested parties, including affected persons, at Union level.
5. The AI Office shall aim to ensure that participants to the codes of practice report regularly to the AI Office on the implementation of the commitments and the measures taken and their outcomes, including as measured against the key performance indicators as appropriate. Key performance indicators and reporting commitments shall reflect differences in size and capacity between various participants.
6. The AI Office and the Board shall regularly monitor and evaluate the achievement of the objectives of the codes of practice by the participants and their contribution to the proper application of this Regulation. The AI Office and the Board shall assess whether the codes of practice cover the obligations provided for in Articles 53 and 55, and shall regularly monitor and evaluate the achievement of their objectives. They shall publish their assessment of the adequacy of the codes of practice.
The Commission may, by way of an implementing act, approve a code of practice and give it a general validity within the Union. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 98(2).
7. The AI Office may invite all providers of general-purpose AI models to adhere to the codes of practice. For providers of general-purpose AI models not presenting systemic risks this adherence may be limited to the obligations provided for in Article 53, unless they declare explicitly their interest to join the full code.
8. The AI Office shall, as appropriate, also encourage and facilitate the review and adaptation of the codes of practice, in particular in light of emerging standards. The AI Office shall assist in the assessment of available standards.
9. Codes of practice shall be ready at the latest by 2 May 2025. The AI Office shall take the necessary steps, includinginviting providers pursuant to paragraph 7.
If, by 2 August 2025, a code of practice cannot be finalised, or if the AI Office deems it is not adequate following itsassessment under paragraph 6 of this Article, the Commission may provide, by means of implementing acts, common rulesfor the implementation of the obligations provided for in Articles 53 and 55, including the issues set out in paragraph 2 ofthis Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article98(2).
Table of Contents
Chapter III: High-Risk AI Systems
- Section 1: Classification of AI Systems as High-Risk
- Section 2: Requirements for High-Risk AI Systems
- Article 8: Compliance with the Requirements
- Article 9: Risk Management System
- Article 10: Data and Data Governance
- Article 11: Technical Documentation
- Article 12: Record-Keeping
- Article 13: Transparency and Provision of Information to Deployers
- Article 14: Human Oversight
- Article 15: Accuracy, Robustness and Cybersecurity
- Section 3: Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Article 16: Obligations of Providers of High-Risk AI Systems
- Article 17: Quality Management System
- Article 18: Documentation Keeping
- Article 19: Automatically Generated Logs
- Article 20: Corrective Actions and Duty of Information
- Article 21: Cooperation with Competent Authorities
- Article 22: Authorised Representatives of Providers of High-Risk AI Systems
- Article 23: Obligations of Importers
- Article 23a
- Article 24: Obligations of Distributors
- Article 25: Responsibilities along the AI Value Chain
- Article 26: Obligations of Deployers of High-Risk AI Systems
- Article 27: Fundamental Rights Impact Assessment for High-Risk AI Systems
- Section 4: Notifying Authorities and Notified Bodies
- Article 28: Notifying Authorities
- Article 29: Application of a Conformity Assessment Body for Notification
- Article 30: Notification Procedure
- Article 31: Requirements Relating to Notified Bodies
- Article 32: Presumption of Conformity with Requirements Relating to Notified Bodies
- Article 33: Subsidiaries of Notified Bodies and Subcontracting
- Article 34: Operational Obligations of Notified Bodies
- Article 35: Identification Numbers and Lists of Notified Bodies
- Article 36: Changes to Notifications
- Article 37: Challenge to the Competence of Notified Bodies
- Article 38: Coordination of Notified Bodies
- Article 39: Conformity Assessment Bodies of Third Countries
- Section 5: Standards, Conformity Assessment, Certification, Registration
- Article 40: Harmonised Standards and Standardisation Deliverables
- Article 41: Common Specifications
- Article 42: Presumption of Conformity with Certain Requirements
- Article 43: Conformity Assessment
- Article 44: Certificates
- Article 45: Information Obligations of Notified Bodies
- Article 46: Derogation from Conformity Assessment Procedure
- Article 47: EU Declaration of Conformity
- Article 48: CE Marking
- Article 49: Registration
Chapter V: General-Purpose AI Models
Chapter VI: Measures in Support of Innovation
- Article 57: AI Regulatory Sandboxes
- Article 58: Detailed Arrangements for, and Functioning of, AI Regulatory Sandboxes
- Article 59: Further Processing of Personal Data for Developing Certain AI Systems in the Public Interest in the AI Regulatory Sandbox
- Article 60: Testing of High-Risk AI Systems in Real World Conditions Outside AI Regulatory Sandboxes
- Article 61: Informed Consent to Participate in Testing in Real World Conditions Outside AI Regulatory Sandboxes
- Article 62: Measures for Providers and Deployers, in Particular SMEs, including Start-Ups
- Article 63: Derogations for Specific Operators
Chapter VII: Governance
Chapter IX: Post-Market Monitoring, Information Sharing and Market Surveillance
- Section 1: Post-Market Monitoring
- Section 2: Sharing of Information on Serious Incidents
- Section 3: Enforcement
- Article 74: Market Surveillance and Control of AI Systems in the Union Market
- Article 75: Mutual Assistance, Market Surveillance and Control of General-Purpose AI Systems
- Article 76: Supervision of Testing in Real World Conditions by Market Surveillance Authorities
- Article 77: Powers of Authorities Protecting Fundamental Rights
- Article 78: Confidentiality
- Article 80: Procedure for Dealing with AI Systems Classified by the Provider as Non-High-Risk in Application of Annex III
- Article 81: Union Safeguard Procedure
- Article 82: Compliant AI Systems which Present a Risk
- Article 82a
- Article 83: Formal Non-Compliance
- Article 84: Union AI Testing Support Structures
- Article 79: Procedure at National Level for Dealing with AI Systems Presenting a Risk
- Section 4: Remedies
- Section 5: Supervision, Investigation, Enforcement and Monitoring in Respect of Providers of General-Purpose AI Models
- Article 88: Enforcement of the Obligations of Providers of General-Purpose AI Models
- Article 89: Monitoring Actions
- Article 90: Alerts of Systemic Risks by the Scientific Panel
- Article 91: Power to Request Documentation and Information
- Article 92: Power to Conduct Evaluations
- Article 93: Power to Request Measures
- Article 94: Procedural Rights of Economic Operators of the General-Purpose AI Model
Chapter XIII: Final Provisions
- Article 102: Amendment to Regulation (EC) No 300/2008
- Article 103: Amendment to Regulation (EU) No 167/2013
- Article 104: Amendment to Regulation (EU) No 168/2013
- Article 105: Amendment to Directive 2014/90/EU
- Article 106: Amendment to Directive (EU) 2016/797
- Article 107: Amendment to Regulation (EU) 2018/858
- Article 108: Amendment to Regulation (EU) 2018/1139
- Article 109: Amendment to Regulation (EU) 2019/2144
- Article 110: Amendment to Directive (EU) 2020/1828
- Article 111: AI Systems Already Placed on the Market or Put into Service and General-Purpose AI Models Already Placed on the Marked
- Article 112: Evaluation and Review
- Article 113: Entry into Force and Application