The European AI Office has initiated the drafting process for the first-ever Code of Practice for general-purpose AI (GPAI) models under the EU AI Act. The Code of Practice will serve as a guiding framework to align with the stringent requirements of the Act and ensure compliance. Over 1,000 stakeholders are involved in the drafting process, which will span four rounds of reviews and consultations, with the final version expected to be published in April 2025. The Code of Practice provides guidelines for GPAI model providers to demonstrate compliance with legal obligations, including identifying and addressing systemic risks. If the Code of Practice is not ready or deemed inadequate by 2 August 2025, the European Commission may introduce common rules to ensure compliance with the AI Act.

California Governor Gavin Newsom has vetoed the Safe and Secure Innovation for Frontier Artificial Models Act, or SB1047, which aimed to regulate the development and deployment of large-scale AI solutions in the state. The bill, which set strict safety standards for developers of AI models costing over $100m, and empowered the California Attorney General to hold them accountable for negligence that caused harm, was opposed by Big Tech. Newsom acknowledged the need for regulatory measures on AI development but criticised the bill for not being informed by "an empirical trajectory analysis of AI systems".

California, home to 32 of the top 50 AI companies globally, has enacted several new laws and regulations related to AI, focusing on transparency, ethical use, and protecting individuals from harmful AI-generated content. Key legislative activity includes laws prohibiting non-consensual deepfake content, protecting against unauthorized sharing of intimate digital images, mandating clear disclosures for digitally manipulated political advertising, and imposing stricter requirements on collecting and sharing personal information. Governor Newsom is set to decide on pending bills mandating AI developer disclosures and setting safety standards for powerful AI systems. Controversial bills face significant opposition from industry leaders, who argue they could stifle innovation, while supporters believe they could serve as a model for future regulations. Other proposed laws regulate AI in healthcare, transportation, and communications, with specific provisions for autonomous vehicles, healthcare decision-making, and consumer privacy. Stakeholders across various industries are closely monitoring these developments as California continues to lead efforts in AI regulation.

NHelp, EPIC, and Upturn have filed a complaint against Deloitte over the accuracy of its Texas Integrated Eligibility Redesign System (TIERS), which is used to evaluate individuals' eligibility for Medicaid. The complaint accuses Deloitte of violating the Federal Trade Commission (FTC) Act, claiming that the system is deceptive and unfair, and cites several established voluntary AI frameworks including the OECD AI Principles and the Universal Guidelines for AI to support its case. The complaint calls for Deloitte to adopt these frameworks, increase transparency, and implement harm mitigation measures. The complaint highlights the value in voluntarily adopting responsible AI frameworks to reduce reputational and legal risks.

The EU AI Act focuses on data governance and management in AI development, with strict requirements for high-risk AI systems and general-purpose AI models to comply with. The Act also addresses the interplay between AI governance and personal data protection law, particularly the GDPR. The Act introduces new legal grounds for personal data processing and also mandates impact assessments to address risks to fundamental human rights and freedoms. However, AI technologies present unique challenges for privacy and personal data protection, and enterprises may need to navigate compliance with multiple regulatory frameworks. Proper preparation is vital to avoid the harsh consequences of non-compliance.