Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.

Spring in Brussels always gives rise to beautiful flower scenery, with carpets of tulips and irises treating the eye to colorful sights. Far from these relaxing pops of colors, the reality of European policymaking catches on.

Last week showed significant decisions from the EU competition team on Digital Markets Act enforcement. "Gatekeepers have started adapting their business models and European consumers are already seeing the benefits," said Executive Vice-President for a Clean, Just and Competitive Transition Teresa Ribera appearing before European Parliament for an exchange of view with the Internal Market and Consumer Protection Committee, discussing the progress of DMA implementation.

Ribera noted that in its first year of DMA application, the European Commission not only designated gatekeepers but also took note of and acted on changes in the ecosystem, like removing Facebook Marketplace's designation as a core platform since it no longer met the criteria. Despite this progress, Ribera said the Commission will continue to enforce the law, including potentially through ongoing investigations into Apple and Google.

Elsewhere, the EU Artificial Intelligence Act — in force since August 2024 — set ambitious timelines for the AI Office to deliver a no less ambitious list of deliverables meant to support implementation. According to the act, this could mean up to 60 deliverables of various forms — guidelines, delegated acts, methodologies, templates and standards — and on a range of topics addressed by the law, including practical examples of use cases, technical documentation, high-risk AI systems testing, post-market monitoring, benchmarks and measurement methodologies for accuracy and robustness.

Codes of practice are meant to translate AI Act requirements into concrete and operationally actionable requirements. A much-anticipated byproduct is the upcoming General-Purpose AI Code of Practice. Obligations for providers of general-purpose AI models are set to kick in 2 Aug. The EU AI office has been leading on the draft with input gathered during stakeholder consultations. The consultation process was heavily criticized: too many people, too little opportunity to provide substantive input and a general perception that the tech community heavily watered down the outcome of the process.

This Code of Practice should be ready by 2 May, in theory, and at best provide a three-month period before taking effect, giving providers of general-purpose AI models some time to meet requirements. An article by IAPP Country Leader, France, and Wilson Sonsini Goodrich & Rosati Partner Yann Padova and Associate Sebastian Thess, dives into some of the process and content challenges associated with the code.

Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.

This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.