Article 51 of Regulation (EU) 2024/1689 — Classification of general-purpose AI models as models with systemic risk. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 51 of Regulation (EU) 2024/1689 (the EU AI Act) establishes the classification mechanism for general-purpose AI (GPAI) models as models with systemic risk. It sits within Title V, which creates a dedicated regulatory layer for GPAI models that is distinct from the high-risk AI system framework of Title III.
Under Article 51(1), a GPAI model is classified as posing systemic risk where it meets either of two conditions. First, it has high-impact capabilities evaluated on the basis of appropriate technical tools and methodologies, including indicators and benchmarks — with a rebuttable presumption that any model trained using a cumulative compute of more than 10^25 FLOPs falls into this category. Second, it is designated by the Commission pursuant to Article 51(2) on the basis of other criteria, irrespective of whether the compute threshold is met.
Article 51(2) grants the Commission the power to update the compute threshold by means of delegated acts as technological development evolves, ensuring the framework remains calibrated to market reality. Providers who consider that, despite meeting the threshold, their model does not pose systemic risk may notify the Commission and provide substantiating evidence. The Commission then makes a final determination. The classification under Article 51 triggers the additional set of obligations contained in Article 55, which represents the most demanding tier of obligations in the GPAI framework.
What This Means in Practice
Article 51 directly affects providers of frontier GPAI models — most immediately, large AI laboratories and technology companies that develop and release foundation models or large language models trained at scale. Any provider whose model reaches or exceeds the 10^25 FLOPs training-compute threshold must treat that model as presumptively carrying systemic risk and begin preparing for compliance with the Article 55 obligation regime, unless it successfully rebuts the presumption with the Commission.
In concrete terms, a provider should audit its training infrastructure and documentation to determine whether the compute threshold has been crossed. This requires maintaining accurate records of training runs, including cumulative FLOPs. Where a new model is in development and expected to approach the threshold, providers should begin compliance planning before release rather than after, since the obligations attach at the point of placing the model on the market or putting it into service.
For providers whose models are designated by the Commission on qualitative grounds — for example, due to very wide deployment across the EU market, autonomous decision-making capabilities, or multimodal reach — the trigger is not self-executing in the same way, but the designation produces identical legal consequences. Providers should therefore monitor the AI Office's public register of systemic-risk models and guidance from the Commission on the criteria it applies under Article 51(2).
Downstream deployers and businesses relying on GPAI models via API access should also be aware: if the underlying model they use is classified under Article 51, they may face additional contractual disclosure requirements from the provider and should factor systemic-risk status into their own due diligence processes.
Key Obligations
- Compute threshold monitoring: Providers must track and document the cumulative training compute of their GPAI models to determine whether the 10^25 FLOPs threshold is reached, which triggers the rebuttable presumption of systemic risk under Article 51(1)(a).
- Proactive notification: Providers who believe their model does not pose systemic risk despite meeting the threshold must proactively notify the Commission with substantiating evidence rather than waiting for enforcement action.
- Commission designation compliance: Where the Commission designates a model as posing systemic risk under Article 51(2) — whether on compute grounds or other criteria — the provider must comply with that designation and the obligations it triggers.
- Threshold update monitoring: Providers must track changes to the compute threshold made by the Commission through delegated acts under Article 51(2), since models not currently captured may fall within scope as the threshold is adjusted.
- Record-keeping readiness: Providers must maintain technical documentation sufficient to demonstrate whether the classification thresholds are or are not met, supporting both self-assessment and any Commission review.
- Downstream communication: Providers of classified systemic-risk GPAI models must ensure that downstream providers and deployers accessing the model through APIs or other interfaces are informed of the model's classification status, as required by the transparency obligations under Article 53.
Relationship to Other Articles
Article 51 functions as the gateway provision for the most demanding tier of the GPAI framework. It must be read together with Article 52, which sets out the procedure for classification and the Commission's designation powers in more detail, and Article 55, which lists the substantive obligations — adversarial testing, incident reporting to the AI Office, cybersecurity measures, and energy efficiency reporting — that apply once classification occurs.
Article 53 establishes the baseline obligations applicable to all GPAI model providers regardless of systemic-risk classification, including technical documentation, compliance with copyright law, and publication of summaries of training data. Article 51 builds on this floor by identifying which providers face the elevated Article 55 regime.
Article 4 grants the Commission power to issue delegated acts to adjust technical details, including the compute threshold in Article 51. Recitals 110 to 114 of the Regulation provide interpretive guidance on why the systemic-risk classification is warranted for high-compute models and how the Commission intends to apply the qualitative designation criteria. The AI Office established under Article 64 plays a central role in monitoring compliance with the Article 51 classification framework.
Compliance Timeline
The EU AI Act entered into force on 1 August 2024, twenty days after its publication in the Official Journal of the European Union. The Act applies in phases:
- February 2025: Prohibitions on unacceptable-risk AI practices (Article 5) became applicable.
- August 2025: The GPAI framework under Title V, including Article 51, became applicable. Providers of systemic-risk GPAI models were required to be compliant with the classification procedures and the Article 55 obligations from this date. This is the most directly relevant deadline for Article 51.
- December 2026: Obligations for high-risk AI systems listed in Annex I (safety-component systems regulated under existing Union law) apply.
- August 2027: Full application of obligations for high-risk AI systems listed in Annex III.
For Article 51 specifically, providers of large-scale GPAI models needed to assess their training compute and determine whether the systemic-risk threshold was met from August 2025 onward. The AI Office began issuing guidance and codes of practice in the lead-up to this date to support providers in making that determination.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
A general-purpose AI model is presumed to pose systemic risk if the cumulative amount of compute used for its training exceeds 10^25 floating point operations (FLOPs). This is the primary quantitative threshold set by Article 51(1)(a). However, the Commission may also designate models as systemic-risk models on the basis of other criteria, such as the number of users, degree of autonomy, or reach across the internal market.
Yes. Where a provider believes its model does not meet the criteria, including where it considers that despite exceeding the compute threshold its model does not pose systemic risk, it may notify the Commission and request a reassessment. The Commission can also designate models ex officio or upon a reasoned request from the AI Office. The process is intended to allow for dialogue before a formal designation becomes binding.
Once classified, the provider becomes subject to the additional obligations set out in Article 55, which include adversarial testing (red-teaming), incident reporting to the AI Office, cybersecurity protections, and energy efficiency reporting. These obligations are over and above the baseline transparency and copyright requirements that apply to all general-purpose AI model providers.
The compute-based presumption and the systemic risk framework can in principle apply to any GPAI model, including open-source ones. However, the EU AI Act provides certain alleviations for providers of open-source GPAI models under Article 53(2), provided specific conditions are met. Open-source model providers that are classified as systemic-risk models remain subject to the Article 55 obligations.
The European Commission holds the authority to designate models as posing systemic risk, either because they exceed the 10^25 FLOPs training-compute threshold (triggering a rebuttable presumption) or on the basis of a qualitative assessment. The AI Office, established within the Commission, plays a central supervisory and procedural role in this process.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.