Skip to main content
|

Add a bookmark to get started

Bookmarks info
29 November 202421 minute read

Innovation Law Insights

29 November 2024
Artificial Intelligence

First draft of the General-Purpose AI Code of Practice published

A group of independent experts has presented the first draft of the General-Purpose AI Code of Practice. It aims to detail the AI Act rules for providers of general-purpose AI models and general-purpose AI models with systemic risks.

Although the first draft is light in detail, this approach aims to provide stakeholders with a clear sense of direction of the final Code's potential form and content. Key areas of focus include transparency, a taxonomy of systemic risks, robust risk assessments, and stringent risk mitigation strategies, encompassing both technical and governance measures. The final version of the Code should be ready by 1 May 2025.

Transparency

The draft’s primary focus is ensuring transparency in the development and use of AI models. Providers will have to draw up and keep up-to-date technical documentation on the model listed in the Code so they can provide the documentation, upon request, to the AI Office, the national competent authorities and to providers of AI systems who intend to integrate the general-purpose AI model into their AI systems. The documentation should include intended tasks and type and nature of AI systems in which it can be integrated, acceptable use policies, and interaction of the model with external hardware or software. Providers are also encouraged to make elements of this information publicly available to promote transparency and trust.

With specific reference to the Acceptable Use Policy, providers should commit to sharing all the necessary information related to their general-purpose AI model with downstream providers. This should enable downstream providers to comply with existing regulations applicable to the task or use case their AI system is intended to be used for. The Code also provides a list of elements that have to be included in the Acceptable Use Policy, such as:

  • the scope defining who the policy applies to and what resources it covers;
  • primary intended uses and users;
  • unacceptable uses, detailing forbidden actions; and
  • security measures containing a description of the security protocols that the users of the general purpose AI systems must follow.

Taxonomy of systemic risks

The draft introduces a comprehensive taxonomy of systemic risks associated with general-purpose AI models. Providers have to commit to draw from the elements of this taxonomy of systemic risks as a basis for their systemic risk assessment and mitigation.

According to the draft, signatories have to treat the following as systemic risks:

  • Cyber offence: Risks related to offensive cyber capabilities such as vulnerability discovery or exploitation.
  • Chemical, biological, radiological, and nuclear risks: Dual-use science risks enabling chemical, biological, radiological, and nuclear weapons attacks via, among other things, weapons development, design, acquisition, and use.
  • Loss of Control: Issues related to the inability to control powerful autonomous general-purpose AI models.
  • Automated use of models for AI Research and Development: This could greatly increase the pace of AI development, potentially leading to unpredictable developments of general-purpose AI models with systemic risk.
  • Persuasion and manipulation: The facilitation of large-scale persuasion and manipulation, as well as large-scale disinformation or misinformation with risks to democratic values and human rights, such as election interference, loss of trust in the media, and homogenisation or oversimplification of knowledge.
  • Large-scale discrimination: Large-scale illegal discrimination of individuals, communities, or societies.

When determining a systemic risk, signatories have to consider the nature (such as intent, novelty, velocity at which the risk materializes) and the source.

Risk assessment

Providers of general-purpose AI models have to adopt rigorous risk assessment methodologies to ensure they can identify, evaluate and mitigate systemic risks throughout the model’s lifecycle. Key requirements include:

  • Robust methodologies: Providers have to employ sophisticated and reliable risk analysis techniques to identify potential pathways through which AI models might pose systemic risks. This includes estimating the likelihood and severity of such risks materializing, ensuring proactive management.
  • Mapping systemic risk indicators: An essential part of the process is identifying and documenting the capabilities or tendencies of AI models that may be linked to systemic risks. These risk sources must be mapped to specific indicators that can serve as early warning signs for emerging threats.
  • Severity tiers: Identified risks must be classified into severity tiers, with clear distinctions between manageable risks and those deemed intolerable. This ensures that critical threats are promptly addressed with appropriate safeguards.
  • Risk forecasting: Providers are also expected to anticipate when systemic risks are likely to arise, offering best-effort estimates based on the model’s development trajectory and application environment. This forward-looking approach allows for early interventions to prevent risks from escalating.

In addition to these specific measures, providers have to maintain a continuous risk assessment process across all stages of a model’s lifecycle. This involves regularly gathering and analyzing evidence to monitor risk indicators and the effectiveness of mitigation strategies. Providers have to conduct assessments before and after implementing risk mitigations, ensuring that the measures taken remain robust and relevant in the face of evolving challenges.

Technical and governance risk mitigation

The draft emphasizes the need for both technical and governance-based measures to mitigate systemic risks.

Technically, providers have to link systemic risk indicators to proportional safety and security measures to keep risks below intolerable levels and minimize them further. Providers have to put in place:

  • Safety mitigations: Including adjusting models’ behaviour, safeguarding deployment systems, or providing countermeasures to mitigate systemic risks.
  • Security mitigations: Meaning that providers have to protect unreleased model weights and assets during and after development, using measures like access control, monitoring, and red-teaming.
  • Limitations: Providers have to document in their safety and security framework the limitations in existing safety and security mitigations to identify gaps in mitigation measures.
  • Adequacy assessment: Providers have to regularly evaluate in the safety and security framework the effectiveness of mappings between risks and mitigations.

Providers have to create detailed safety and security reports at key development stages, documenting risk and mitigation assessments. And they have to establish criteria to halt or continue model development based on safety and security reports results.

As per the governance mitigation, providers have to ensure accountability for systemic risks at executive and board levels, allocating resources and establishing oversight committees. They also have to conduct annual evaluations to assess adherence to the safety and security framework and its relevance to evolving risks and practices.

Providers also have to enable independent evaluations of systemic risks and mitigations throughout the model lifecycle. Such independent expert risk and mitigation assessment may involve independent testing of model capabilities, reviews of evidence collected, systemic risks, and the adequacy of mitigations. Before deployment providers have to facilitate external testing and review. After deployment, providers have to support ongoing assessments to address emerging risks.

Finally, providers have to:

  • establish processes to identify, document, and report serious incidents or near-misses to the AI Office and define corrective measures;
  • implement and inform employees about secure channels for reporting violations, with appropriate safeguards;
  • notify the AI Office about models meeting systemic risk thresholds, updates to the safety and security framework and safety and security report, and emerging systemic risks;
  • maintain detailed records throughout the AI model lifecycle to demonstrate compliance with risk mitigation standards and facilitate AI Office requests;
  • publish safety and security frameworks and safety and security reports, balancing societal benefit with the need to protect sensitive information.

Conclusions

The draft General-Purpose AI Code of Practice lays the groundwork for a regulatory framework that balances innovation with safety and societal accountability. The upcoming stakeholder consultations will refine the draft, integrating feedback to create a more comprehensive and effective Code.

The final version, due in May 2025, will serve as a vital tool in ensuring that the deployment of general-purpose AI models adheres to ethical and legal standards, minimizing systemic risks while fostering trust in AI technology.

Author: Roxana Smeria

 

Intellectual Property

New opportunities for designs: EU reform that changes the rules of the game

2025 will mark a turning point in design protection in the EU with the entry into force of the EU Designs Regulation 2024/2822 and the EU Directive 2024/2823 on the Legal Recognition of Designs. These regulatory instruments, published in the Official Journal of the European Union, modernise and harmonise the design protection system, addressing the challenges of the digital age. Companies and designers will benefit from new opportunities, but will have to rethink their IP strategies to maximise the benefits of this reform.

A modern and harmonised regulatory framework

EU Regulation 2024/2822 will enter into force on 1 May 2025, with some provisions operative from 1 July 2026. EU Directive 2024/2823 will enter into force on 8 December 2024, with a transposition deadline for member states until 9 December 2027. The aim is to create a uniform and flexible system that simplifies and strengthens design protection throughout the EU, with a focus on digitisation, 3D printing and graphical interfaces.

The main novelties: Innovations and implications

New features include the extension of protection to digital and animated designs, new representation requirements, the possibility of registering several designs with one application, and strengthened measures to combat 3D printing-related counterfeiting.

Another important innovation is the introduction of the registered design symbol Ⓓ, which owners of registered designs in the EU will be able to use to indicate that the product enjoys legal protection. This symbol, similar to those already in use for trademarks ® and copyright ©, is a further tool to enhance and protect creative work.

Each change not only offers new opportunities, but also presents challenges that require a targeted strategic approach. Below is an overview of the most relevant changes and their practical implications for companies and creative people.

Protection for digital and animated designs

As of 1 July 2026, the definition of design will be extended to include animations, visual effects, transitions and other digital features. Virtual environments, graphical user interfaces (GUIs) and digital products in the broadest sense will also be protected. This change opens up enormous possibilities for sectors such as technology, fashion, gaming and automotive, allowing dynamic patterns, interactive features and non-physical designs to be protected. Companies innovating in these areas will have the opportunity to protect a broader spectrum of creations.

New modes of representation

The manner in which designs are represented will be made more flexible as of 1 July 2026, with the elimination of the seven-perspective limitation and the introduction of three-dimensional views and visual exclusion options. However, the technical details (formats, electronic file sizes) will be defined through secondary legislation. This will offer more freedom to companies in representing complex products, but will also require more attention to detail to ensure effective protection.

Multi-class registration and reduced costs

From 1 May 2025, it will be possible to include up to 50 designs in one application, even if they belong to different classes. This simplification will significantly reduce administrative costs, an advantage particularly relevant for SMEs and sectors with large product catalogues such as furniture and medical devices.

Counterfeiting and 3D printing

With counterfeiting via 3D printing on the rise, new legal tools will enable design owners to take action against unauthorised copies, including the seizure of counterfeit goods in transit. This measure, effective from 1 May 2025, will strengthen the ability to defend products in an increasingly competitive market.

New visibility requirements

As of 1 May 2025, EU design protection only covers those features that are visibly represented in the application for registration. However, to obtain protection, those features need not be visible at a specific time or in a particular situation of use.

For components of complex products, design protection is only granted for those parts that remain visible during normal use of the product, in line with current EU provisions.

This clarification offers greater legal certainty for companies, limiting the possibility of disputes over non-visible elements but strengthening the protection of functional and decorative features actually represented in the application.

Increase in renewal fees

As of 1 May 2025, renewal fees for designs will increase significantly for the third and fourth renewals, with increases of up to three or four times the current fees. Filing fees for new designs will remain the same. This requires companies to carefully plan the life cycle of their products and focus resources on the most strategic designs.

Repair clause and focus on spare parts

From 2032, “must-match” spare parts (used to restore the original appearance of a complex product) will no longer be protected as registered designs. This will pave the way for increased competition, especially in the automotive sector, where manufacturers will have to differentiate themselves with aesthetic or functional innovations.

Administrative procedure for the declaration of invalidity

The Directive introduces the possibility for member states to implement – by 9 December 2027 – an administrative procedure to obtain a declaration of invalidity of designs registered at national intellectual property offices, without necessarily resorting to the courts. However, this innovation is not compulsory: each country will be able to choose whether or not to adopt it, leading to possible fragmentation at European level.

Fast track for nullity actions

As from 1 July 2026, it will be possible to apply for an accelerated invalidation procedure for European registered designs, provided that the holder doesn’t contest the grounds for invalidation. This measure is particularly relevant for cases of clear misappropriation or blatant infringement of rights.

Protection of cultural heritage

The Directive introduces additional protection for national cultural symbols, such as traditional costumes or historical elements, by prohibiting registrations that use them without authorisation. This will require companies to be more sensitive when creating designs that could interfere with these protections.

How our team can support companies and designers

Our team is ready to guide clients through this transition, offering strategic and operational support to make the most of the opportunities offered by the reform and address its complexities.

  • Customised sector-specific analysis: we provide sector-specific advice, highlighting how changes can be harnessed to strengthen competitiveness and protect innovations.
  • Auditing design portfolios: we examine existing portfolios for compliance with the new rules, identifying strategic designs and proposing possible adjustments or modifications.
  • Strategic support for digital and interactive designs: we work with technology, fashion and gaming companies to integrate new protections into their development processes, providing protection for graphic interfaces, animations and digital products.
  • Simplified and multi-class registration: we support companies in taking advantage of the new filing methods to optimise time and costs.
  • Renewal planning: we help predict renewal costs and focus on designs with the highest strategic value, minimising the impact of tariff increases.
  • Anti-counterfeiting: we offer tools to monitor and act against infringements, taking advantage of the new legal possibilities offered by the reform.
  • Educational training: we organise workshops for designers and companies on how to represent designs in accordance with the new technical standards.

We can help you take full advantage of the opportunities offered by the new regulatory framework, better protecting your innovations and ensuring a future of protected creativity.

Author: Maria Rita Cormaci

 

Technology Media and Telecommunication

Infratel publishes report on the progress of the National Ultra-Broadband Plan

In a press release dated 24 October 2024, Infratel announced the publication of a report on the progress of the National Ultra-Broadband Plan, updated to 30 September 2024.

The National Strategy for Ultra-Broadband – “Towards the Gigabit Society,” included in the National Recovery and Resilience Plan (Piano Nazionale di Ripresa e Resilienza – PNRR), was approved on 25 May 2021 by the Interministerial Committee for Digital Transition (Comitato interministeriale per la Transizione Digitale – CiTD). It aims to bring 1 Gbp/s connectivity across Italy by 2026 and foster the development of fixed and mobile telecommunications infrastructure.

The strategy encompasses several public intervention plans to promote and incentivize the coverage of geographical areas where the provision of infrastructure and ultra-high-speed digital services is either absent or insufficient.

Infratel Italia initiated the operational activities of the National Ultra-Broadband Plan in 2016. Infratel’s aim is to intervene in market failure areas by building and integrating broadband and ultra-broadband infrastructure to extend access opportunities to high-speed internet for citizens, businesses, and public administrations. Through Infratel, the Ministry of Enterprises and Made In Italy implements measures defined in the National Ultra-Broadband Strategy to reduce infrastructure and market disparities across Italy, creating favourable conditions for the integrated development of electronic communications infrastructure.

The report describes the plan’s progress, focusing on the five main operational phases: final design (progettazione definitiva), executive design (progettazione esecutiva), works' execution, testing, and start of service.

During the final design phase, the layouts of the networks to be built are identified, along with the infrastructure to be reused, the authorities responsible for granting authorizations for FTTH (Fiber To The Home) technology deployment, and the necessary sites for FWA (Fixed Wireless Access) technology deployment. Once Infratel approves the final designs, the executive design phase begins, aimed at obtaining the necessary authorizations. Subsequently, works can commence on the sites. When the work has been completed, Infratel conducts final verifications. If the verification is successful, Infratel will issue a positive testing certificate (collaudo).

The report indicates that as of 30 September 2024, the final design for the FTTH network has been approved in 6,063 municipalities, 82 fewer than in September 2022. As highlighted in the report, the number of planned projects may vary over time due to redesigns prompted by various obstacles. Specifically, during the executive design phase, some municipalities were found to lack any “white” housing units to connect. This led to the issuance of new regional technical plans that incorporated the cancellation of interventions in certain municipalities. As a result, the number of municipalities with approved final designs for the FTTH network is lower than the figure recorded two years ago.

Conversely, there’s been an increase in the number of municipalities where the final design for the FWA network has been approved. As of 30 September 2024, the number of municipalities with approved final designs for the FWA network reached 6,956, an increase of 137 units compared to 2022.

The report also states that the executive design of FTTH networks has been approved for a total of 6,000 municipalities, while executive designs for FWA network construction have been approved in 3,583 municipalities. This is an increase of, respectively, 1,070 and 747 municipalities compared to 2022.

As of 30 September 2024, infrastructure work has been completed in 8,897 out of 11,236 total active sites for fibre construction and in 3,453 out of 3,580 sites for FWA network construction.

Infrastructure work for FTTH technology was completed with positive testing in 4,371 municipalities, covering a total of 7,739 projects. Compared to the same period in 2022, the projects related to the FTTH network have been positively tested in additional 1,927 municipalities and the number of positively tested projects increased by 4,069 since 2022.

Infrastructure work for FWA technology was completed with positive testing at 2,159 sites, an increase of 1,286 units compared to the corresponding period in 2022.

Authors: Massimo D'Andrea, Flaminia Perna, Arianna Porretti

 

Life Sciences

Combatting medicine counterfeiting: New measures in Italy by 2025

By 9 February 2025, Italy must align national provisions with the Delegated Regulation (EU) 2016/161 (Regulation), which establishes specific rules to combat the counterfeiting of medicines.
Until now, Italy has benefited from a derogation, as the Regulation became applicable almost six years ago, on 9 February 2019.

In light of the upcoming deadline, the draft Legislative Decree that will implement the Regulation is currently being reviewed by the relevant parliamentary committees. These committees are conducting hearings with regulatory authorities and major stakeholders in the sector.

Compared to earlier versions circulated in recent months, changes are expected to address some of the observations and requests put forward by industry associations.

New measures

In line with the provisions of the Regulation, the main changes introduced by the Legislative Decree include:

  • Unique identifier: a two-dimensional barcode that manufacturers must place on the packaging of prescription medicines (with some exceptions, such as medical gases and radionuclides) and on non-prescription medicines listed in Annex II of the Regulation (currently omeprazole capsules of 20 and 40 mg). The identifier will include the product code, batch number, expiry date, and a unique serial number.
  • Tamper-evident system: mandatory for all medicines authorized in Italy, this system will allow verification of whether the packaging has been tampered with.

The Legislative Decree also introduces specific penalties for non-compliance with these provisions.

As mentioned, Italy benefited from a derogation until 2025 because it already adopted a system for verifying the authenticity of medicines, which relied on pharmaceutical stamps. With the Legislative Decree, Italy will align with European standards that have been in force in other member states since 2019.

To facilitate the transition, the Legislative Decree is expected to allow holders and applicants of new marketing authorizations (MA) to provide advance notification to AIFA (Italian Medicines Agency) of information related to the unique identifier and tamper-evident system, including the integration of any pending applications. Furthermore, medicines intended for sale in Italy, whose batches were released before 9 February 2025, and bear the pharmaceutical stamp, can be distributed until their expiry date without requiring repackaging or relabelling.

Origins of this regulatory framework

The regulatory framework for combating counterfeit medicines has its roots in Directive 2011/62/EU (Falsified Medicines Directive – FMD), which introduced several measures to prevent and combat the phenomenon of falsified medicines. In 2016, the Regulation established detailed rules regarding the safety features that must appear on the packaging of certain types of medicines to mitigate the risk of counterfeit products entering the supply chain.

To ensure Italy complies with the deadline, Law 15/2024 (European Delegation Law 2022-2023) authorized the government to adopt one or more legislative decrees to align the national regulatory framework with the Regulation’s provisions. Based on this, the Council of Ministers approved the draft Legislative Decree on 30 August 2024.

Challenges and next steps

During discussions, stakeholders have raised several concerns, which will likely result in amendments to the final text of the Legislative Decree.

Industry associations, such as Farmindustria and Egualia, have expressed doubts about the impact of the tamper-evident system based on the "secure paper" approach. Adjusting production lines will require significant investments and time, potentially affecting the availability of medicines. Additionally, ADF and Federfarma have raised concerns about the added costs for wholesalers verifying the authenticity of medicines. It’s possible that the Legislative Decree will include specific measures to mitigate the impact of introducing tamper-evident systems.

The inclusion of a dedicated sanctions regime has raised concerns in the industry, given the tight timeline to comply with the new rules. Stakeholders have requested a transitional period of at least 18 months and a gradual application of the sanctions system.

While the transition to a stricter system represents a significant step forward for the safety of the pharmaceutical supply chain and public health protection, it will require coordinated efforts between institutions and industry operators to address the challenges it presents. In any case, the Legislative Decree will need to be supplemented by implementing decrees from the Ministry of Health and operational guidelines from AIFA to define the technical and procedural details.

Author: Nicola Landolfi and Nadia Feola

Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo BardelliCarolina BattistellaCarlotta BusaniGiorgia Carneri, Noemi Canova, Gabriele Cattaneo, Maria Rita CormaciCamila CrisciCristina CriscuoliTamara D’AngeliChiara D’OnofrioFederico Maria Di VizioNadia FeolaLaura GastaldiVincenzo GiuffréNicola LandolfiGiacomo LusardiValentina MazzaLara MastrangeloMaria Chiara MeneghettiDeborah ParacchiniMaria Vittoria Pessina, Marianna RiedoTommaso RicciRebecca RossiRoxana SmeriaMassimiliano Tiberio, Federico Toscani,  Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’AndreaFlaminia Perna and Matilde Losa.

For further information on the topics covered, please contact the partners Giulio CoraggioMarco de MorpurgoGualtiero DragottiAlessandro FerrariRoberto ValentiElena VareseAlessandro Boso CarettaGinevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as a report analyzing key legal issues arising from the metaverse qui, and a comparative guide to regulations on lootboxes here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.

Print

Related capabilities

TechnologyMedia, Sport and EntertainmentLife SciencesConsumer Goods, Food and RetailIntellectual Property
Privacy policyLegal noticesCookie policyModern slaveryWhistleblowingFraud AlertSitemap

DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper's structure, please refer to the Legal Notices page of this website. All rights reserved. Attorney advertising.

© 2024 DLA Piper