EU regulations demand clear disclosure from AI model developers
The European Union has introduced the AI Act, a landmark legislation aimed at regulating the development and deployment of artificial intelligence (AI) systems. One of the key aspects of the Act is its focus on intellectual property (IP) protection for developers of AI models.
Under the new rules, providers of General-Purpose AI (GPAI) models must adopt clear IP protection measures. This includes a copyright compliance policy that ensures training or fine-tuning data is lawfully obtained under EU copyright rules. GPAI model providers are also expected to implement safeguards preventing their models from generating outputs that replicate copyrighted works verbatim.
Providers must respect the rights of content owners by not circumventing technical protections such as paywalls and following standard web crawling instructions like robots.txt to lawfully collect training data. They are also required to publish a "sufficiently detailed" but broadly descriptive summary of the data sources used for training.
However, the legislation has faced criticism from creative and cultural organizations and rightsholder associations, who argue that the IP protection measures are not sufficiently robust. They emphasize the need for effective enforcement of copyright and fundamental rights, and advocate for their direct involvement in drafting the implementation tools to ensure that IP protections are meaningful in practice.
Academic and institutional studies also highlight a mismatch between generative AI training practices and existing copyright laws. They recommend enhanced traceability tools like standardized dataset logs, watermarking, and fingerprinting to audit content use and propose remuneration mechanisms for rights holders.
The AI Act applies to a wide range of providers, including popular AI models such as ChatGPT and Gemini. Particularly powerful AI models that could potentially pose a risk to the public must also document safety measures. The new European AI Authority will be responsible for enforcing the AI Act, with fines for violations reaching as high as 15 million euros or three percent of the company's total global annual turnover.
It's worth noting that the new rules do not require developers to name specific data sets, domains, or sources. This has raised concerns from organizations like the Initiative for Copyright. Models that were on the market before August 2, 2025, will be controlled from August 2027.
The AI Act was adopted in May 2024 and aims to strengthen copyright, among other things, as part of the EU's broader strategy to ensure AI systems are trustworthy, human-centric, and respect fundamental rights and values. Developers must now specify whether they automatically scraped websites for their training data, and there should be a contact point for rights holders within the companies under the new rules.
Google, among other tech giants, has expressed concerns about the new rules. The new guidelines mark a significant step towards regulating the AI industry in the EU, setting a global precedent for AI governance.
The technology of artificial-intelligence developers must adopt IP protection measures as per the requirements of the AI Act, including a copyright compliance policy and safeguards preventing models from generating copyrighted works verbatim. Providers must respect the rights of content owners under European Union copyright rules when collecting training data.
