As the capabilities of AI models increase, new regulation will be needed. In a new white paper, with co-authors from across academia, think tanks, and AI labs, we describe why regulation of frontier AI is needed, what it could look like, and minimal frontier AI safety standards.

Owain is at it again with the weird model behaviours.

Anthropic now also commits to signing the GPAI Code of Practice. Good to hear it! .

And now Microsoft. Brad Smith, MSFT President, recently said "I think it's likely we will sign." .

Also useful to note, while the GPAI obligations come into force August 2nd, the AI Office is only able to start e.g. issuing fines August 2nd 2026.

Will companies need to fully comply with the Code of Practice on GPAI starting August 2nd, when those parts of the AI Act comes into force? . The AI Office clarifies it "will not reproach" companies who fail to immediately fully comply, but expect good faith efforts to comply.

OpenAI and Mistral have announced they're intending to sign the general-purpose AI Code of Practice.

RT @Yoshua_Bengio: The Code of Practice is out. I co-wrote the Safety & Security Chapter, which is an implementation tool to help frontier….

Links: .

What’s next for me? First, taking a bit of a breath. Then making up for having been an absent collaborator for a while :) I’ll also likely be chatting to many of you about the safety and security chapter.

And thanks in particular to all the (vice-)chairs involved in writing the Code: @Yoshua_Bengio, @nuriaoliver, @MarietjeSchaake, @matthiassamwald, @AnkaReuel, @MartaZiosi, @nitarshan, @privitera_, @dbltnk, @RishiBommasani, Alexander Peukert, Céline Castets-Renard.

This was the result of a huge amount of work, including input from a huge number of stakeholders. Thank you all for your constructive engagement.

Working on this has probably been one of the most challenging and interesting things I’ve done. Thanks to the Commission for trusting independent experts with this task, and to everyone who contributed.

What’s next? The Commission and 27 Member States will formally decide on approval in coming weeks. Frontier AI companies can then choose whether to sign on – those who do can expect streamlined compliance and more trust from the AI Office.

I think it’s a solid document, balancing a huge number of different interests. It’s the first document of its kind. I’m proud of the work.

The chapter won't make sense forever – AI moves too fast for that. While we’ve added flexibility to allow for innovation in safety and security, we won’t have seen all technical developments coming. The text will need periodic updating and supplementing with AI Office guidance.

The chapter also describes how companies should allocate responsibility for systemic risk assessment and mitigation throughout their organization and maintain a healthy risk culture, such as by not retaliating against employees raising concerns.

Next, they need to continuously assess the risks from their models, including by tracking and reporting serious incidents stemming from their model, e.g. where the model was involved in significant loss of life or property.

Having understood the risks stemming from their models, they need to implement suitable mitigations, to improve the model’s safety and to protect against well-resourced cyberattackers trying to steal their model weights.

Next, they need to conduct state of the art model evaluations, to understand the risk their models might pose. Where a model could pose greater risk than models already on the EU market, they need to involve external evaluators, with some exceptions.

They need to identify the risks that are relevant for their model, using a procedure described in the chapter, including assessing and mitigating risks from cyberattacks, CBRN, loss of control, and harmful manipulation.