EU AI Regulation Faces Hurdles as OpenAI and Anthropic Resist Regulator Access
The European Union is advancing its ambitious Artificial Intelligence Act, set to reshape how high-risk AI systems are developed and deployed across the bloc. A key pillar of this legislation targets general-purpose AI models, such as those powering ChatGPT and Claude, requiring providers to demonstrate compliance through transparency measures. However, the EU’s regulatory ambitions are encountering significant roadblocks, primarily from leading US-based firms OpenAI and Anthropic. These companies have declined to endorse a voluntary code of practice that would facilitate regulator access to critical technical details, leaving the EU Commission in a bind as it seeks to enforce the law without direct cooperation.
The AI Act, which entered into force in August 2024, imposes stringent obligations on providers of general-purpose AI models with systemic risk. These include obligations to document training processes, disclose technical capabilities, and provide evaluators with access to models, training data summaries, and other proprietary information. For the EU to verify compliance, regulators need this access, but US export controls complicate matters. OpenAI and Anthropic have cited national security concerns and US restrictions on sharing advanced AI technologies with foreign entities as reasons for their reluctance. In a joint letter to the European Commission, the firms stated they cannot sign the code due to potential violations of US law, particularly Bureau of Industry and Security (BIS) rules that limit exports of certain AI models.
This standoff highlights a transatlantic tension in AI governance. The code of practice, developed over 16 months with input from over 1,000 stakeholders, was intended as a flexible framework to operationalize the AI Act’s requirements ahead of full enforcement deadlines. It outlines best practices for risk assessment, cybersecurity, and transparency, with signatories committing to allow independent audits and provide necessary documentation. While 19 organizations, including European startups like Aleph Alpha and Mistral AI, have signed on, the absence of OpenAI and Anthropic undermines the initiative’s credibility. These two dominate the market for frontier AI models, with OpenAI’s GPT series and Anthropic’s Claude handling billions of interactions monthly.
EU officials remain optimistic about finding a path forward. Margrethe Vestager, the Commission’s Executive Vice President for A Europe Fit for the Digital Age, emphasized during a recent press briefing that the AI Act’s obligations are not optional. Providers must comply by August 2025 for general-purpose models, with fines up to 7 percent of global annual turnover for violations. The Commission is exploring bilateral arrangements, such as Memoranda of Understanding (MoUs), to secure the required access without breaching US export controls. Precedents exist, as seen in similar deals for cloud infrastructure under the Digital Markets Act.
OpenAI has publicly affirmed its commitment to EU compliance, noting in a blog post that it is engaging constructively with regulators and has already implemented measures like model cards detailing capabilities and limitations. Anthropic echoes this, stating it prioritizes safety and is working to align with global standards. Yet both maintain that signing the code could expose them to US penalties, including those under the recent AI Diffusion Rule, which restricts sharing models exceeding certain compute thresholds.
The implications extend beyond immediate enforcement. Without access, the EU risks hollow regulation, where self-reported compliance goes unverified, potentially eroding public trust in AI safety. Critics argue this scenario favors incumbents with deep resources to navigate audits independently, disadvantaging smaller European players. Conversely, proponents of the US firms’ position warn that forced disclosures could accelerate AI proliferation to less-regulated jurisdictions, heightening global risks.
As the August 2025 deadline looms, the EU Office for AI is ramping up preparations. It has established a sandbox for GPAI providers to test compliance voluntarily and is hiring technical experts to build auditing capacity. Meanwhile, the code remains open for endorsement, with revisions possible to address export control concerns. The saga underscores the challenges of regulating a borderless technology amid geopolitical frictions, testing the EU’s resolve to lead on AI ethics without alienating innovation hubs.
In parallel, national authorities in member states like France and Germany are gearing up for oversight roles, particularly for high-impact models. The French AI authority, for instance, has signaled readiness to collaborate internationally. Success will hinge on pragmatic diplomacy: can the EU craft agreements that satisfy both rigorous transparency demands and US security imperatives?
This evolving dynamic will shape not only EU AI governance but also global standards, as other regions watch closely.
Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.
What are your thoughts on this? I’d love to hear about your own experiences in the comments below.