The Code is reviewed at least every two years, and the next cycle is the natural point to write the equivalent monitorability requirement directly into the text, with corresponding provisions in the sections on model evaluation, safety mitigations, and the Model Report, in order to remove any remaining legal uncertainty. Codification would give developers a cleaner, more auditable compliance pathway than interpretive guidance alone, and would better ensure consistent implementation across providers.
Reviewing safety cases that demonstrate non-regression from CoT monitoring will stretch Brussels’ technical capacity. The AI Office would receive these cases, but the expertise to assess them rigorously sits mostly in national AI Safety/Security Institutes and a small number of specialised third-party evaluators. In the long term, the AI Office could build that capacity in-house. In the short term, a workable arrangement is for it to retain decision-making authority while drawing on AI Safety/Security Institutes for methodology and standards, and on accredited external assessors for technical evaluation. By coordinating through the international network of AI Safety Institutes, assessors can ensure that a single safety case is valid across jurisdictions rather than having to be re-litigated in each one.