GPAI Signatory Taskforce | High-Risk Guidelines Delayed
Your EU digital compliance briefing | Edition #005 | Tuesday, February 3, 2026
Every workday, we keep you current on EU digital regulation in 3 minutes.
Top Stories
AI Office Establishes GPAI Code of Practice Signatory Taskforce — 2 min read
The European AI Office on Monday established a Signatory Taskforce for the General-Purpose AI Code of Practice, chaired by the AI Office and designed to facilitate coherent application of the Code across its 29 signatories. The Taskforce will help GPAI model providers implement their commitments under the Code's three chapters — transparency, copyright, and safety and security — ahead of full enforcement on August 2, 2026. Signatories include Amazon, Google, Microsoft, OpenAI, Anthropic, Mistral AI, and IBM, among others. xAI signed only the safety and security chapter, committing to demonstrate transparency and copyright compliance through alternative means. Meta remains absent from the signatory list. From August 2, 2026, the AI Office is expected to begin actively enforcing GPAI obligations, with fines of up to 3% of global annual turnover or €15M for non-compliance.
Article 6 High-Risk Classification Guidelines Deadline Passes Without Publication — 1 min read
Monday was the Commission's statutory deadline under Article 6(5) of the AI Act to publish guidelines specifying the practical implementation of high-risk AI system classification, together with examples of use cases that are and are not high-risk. No formal publication appeared on the Commission's channels. The delay compounds uncertainty for organisations preparing for the August 2, 2026 enforcement date — already in flux due to the Digital Omnibus proposal, which would push the deadline to December 2027 for Annex III systems and August 2028 for Annex I systems, conditional on the availability of harmonised standards. The AI Office's guidelines roadmap lists these among several due in 2026, alongside guidance on transparency (Article 50), serious incident reporting, and fundamental rights impact assessments.
Stat of the Day
29
The number of organisations that have signed the GPAI Code of Practice — representing the majority of providers of the most advanced GPAI models on the EU market, but with notable gaps including Meta and Chinese developers. (Source)
Data & Privacy
No significant data & privacy developments on Monday.
Cybersecurity
ENISA: EU Faces 300,000-Person Cybersecurity Workforce Gap — ENISA's Florian Pennings warned Monday that the EU's cybersecurity workforce shortage stands at 300,000, a gap that current graduate output (3,100 per year, up 25% over two years) cannot close. Pennings said the Cybersecurity Solidarity Act and NIS2 have expanded ENISA's mandate to support member states, including through an EU Cybersecurity Reserve of trusted managed security service providers for severe incidents.
Compliance Calendar
28 Feb · DSA · EU Commission
First harmonised transparency reports due
11 Mar · Digital · EU Commission
Digital Fitness Check consultation closes
Apr · NIS2 · ECSO Tracker
Italy: ACN long-term security measures defined
3 May · DMA · DMA Portal
Commission review report due
~May · DSA · EU Commission
WhatsApp VLOP compliance deadline (4 months from designation)
Jun · AI Act · EU Commission
Final Code of Practice on AI-generated content
2 Aug · AI Act · AI Act
High-risk + transparency obligations apply (delay proposed to Dec 2027/Aug 2028)
2 Aug · AI Act · EU Commission
GPAI enforcement begins (fines up to 3% turnover / €15M)
11 Sep · CRA · EU Commission
Mandatory vulnerability reporting begins
Dates sourced from official EU publications and regulatory trackers. Verify with legal counsel before relying on deadlines.
Enforcement Tracker
Meta · DMA
€200M fine (consent or pay model). Issued Apr 2025, new model rolling out Jan 2026.
X (Twitter) · DSA
€120M fine. Issued Dec 2025.
X (Twitter) · DSA
Grok/recommender investigation. Opened Jan 2026.
Google · DMA
Specification proceedings (search data, interoperability). Opened Jan 2026.
TikTok · GDPR
€530M fine. Issued May 2025, appeal pending, stay granted Nov 2025.
Next edition: Wednesday, February 4, 2026
Was this useful? Forward to a colleague who needs to stay compliant.