EU GPAI Code of Practice and the final form — when frontier-lab procedural artifacts become the regulatory baseline

The European Commission's publication of the final EU AI Act GPAI Code of Practice on May 28 — referencing the three-lab procedural convergence on capability-driven release gating as the operational baseline for systemic-risk evaluation — completes the regulatory-procedural alignment with the frontier-lab safety-and-alignment artifacts. The Code enters force in August 2026 with a 12-month transition period.

The Code's final form is the substantive piece. The Commission's 220-page document covers model-evaluation requirements, documentation-and-transparency requirements, incident-reporting obligations, and governance procedures. The model-evaluation section explicitly references the methodological frameworks Anthropic, OpenAI, and DeepMind have published — meaning the regulatory requirements piggyback on the procedural convergence the frontier labs have already produced rather than specifying capability-evaluation methodology from scratch.

The three-lab procedural convergence is what the Code's operational baseline depends on. OpenAI's Superalignment Report and DeepMind's Frontier Safety Framework v3 release the same day complete the procedural-alignment baseline the Code references. Anthropic's Mythos restricted-release precedent and methodology from earlier in the month is the third procedural anchor. For the first time, EU regulatory architecture references specific frontier-lab procedural artifacts as the operational baseline rather than specifying methodology from scratch.

The compliance-and-transition timeline is what makes the publication operationally consequential. The Code enters force in August 2026 with a 12-month transition period for systemic-risk GPAI providers to come into procedural compliance. For the three major frontier labs the procedural compliance work is substantially already done — the published methodologies map onto the Commission requirements with relatively minor gaps. For smaller GPAI providers and the broader open-source ecosystem the compliance work is more substantial; the proportionality provisions scale obligations to deployment context and capability tier rather than applying the same requirements uniformly across all GPAI providers.

The parallel China regulatory work is the convergent-but-asymmetric structural frame. The Cyberspace Administration of China's draft generative-AI export rules published the same day open a 60-day consultation period and codify security review for frontier-model export to designated jurisdictions. The China framework emphasizes domestic-data-handling and cross-border-export controls; the EU framework emphasizes systemic-risk and capability-driven controls. The two regulatory surfaces operate on overlapping-but-distinct evaluation axes, and multinational deployments require parallel procedural artifacts rather than a single unified evaluation.

The US regulatory work is the third axis of the global regulatory landscape. The current US executive order trajectory under the Trump administration emphasizes deregulation and pre-emption of state-level AI regulation; the federal regulatory architecture for frontier AI remains substantially less developed than the EU or China frameworks. The structural consequence is that EU and China regulatory frameworks are setting the procedural baseline that multinational frontier-AI deployment will need to operate against, with the US framework lagging.

The competitive implication for the frontier labs is the procedural advantage the converged frameworks produce. The three major Western frontier labs have substantial procedural infrastructure that maps onto the EU Code requirements; the open-source and smaller-provider ecosystem lacks equivalent procedural infrastructure. The structural pressure is on the ecosystem to develop shared procedural artifacts that smaller labs and open-source projects can reference — Hugging Face's safety-and-evaluation tooling, EleutherAI's benchmarking releases, and the various shared procedural-artifact projects are the early shape of the ecosystem-level response.

The longer-arc question is whether the EU Code becomes the global procedural baseline or whether the divergence with the China framework and the US deregulatory posture produces fragmentation. The economic-and-procedural pressure for global procedural convergence is real — multinational deployments are easier to operate when the procedural baseline is consistent across jurisdictions — but the political-economy pressure for jurisdictional differentiation is also real. The next 12-24 months will determine whether the EU Code becomes the global procedural baseline or whether fragmentation produces parallel regulatory regimes that frontier-AI deployments have to navigate separately.

The line: the EU AI Act Code of Practice used to be a forward-looking regulatory project. In mid-2026 it is the published procedural baseline, referencing frontier-lab artifacts directly — and the structural shape of global AI regulation depends on whether other jurisdictions converge or diverge.

European Commission — AI Act GPAI Code of Practice final publication May 28 2026 → · Euractiv — EU AI Act Code of Practice references frontier-lab frameworks → · Cyberspace Administration of China — Generative AI export rules draft consultation May 28 2026 →