Article 52 — Obligations for all providers of general-purpose AI models (EU AI Act)

Article 52 of Regulation (EU) 2024/1689 — Obligations for all providers of general-purpose AI models. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 52 of Regulation (EU) 2024/1689 establishes baseline obligations applicable to all providers of general-purpose AI models (GPAI models), irrespective of whether those models are classified as posing systemic risk. The article operates as the foundational compliance layer for the entire GPAI regulatory framework set out in Title V of the Regulation.

Under Article 52, every GPAI model provider must: draw up and maintain adequate technical documentation before placing the model on the market or putting it into service; make available to downstream providers integrating the model into their own AI systems sufficient information and documentation to enable those providers to understand the capabilities and limitations of the model and to fulfil their own obligations under the Regulation; register the model in the EU database referred to in Article 71; and put in place a policy to comply with Union law on copyright and related rights, in particular to identify and comply with rights reservations expressed by rightsholders pursuant to Article 4(3) of Directive (EU) 2019/790.

The technical documentation required by Article 52 must meet the minimum content requirements specified in Annex XI and must be kept up to date throughout the lifecycle of the model. Providers must also make publicly available a sufficiently detailed summary of the content used for training the GPAI model, in accordance with a template provided by the AI Office.

What This Means in Practice

Article 52 creates an unavoidable baseline compliance floor for any organisation that develops and commercialises or releases a general-purpose AI model in the EU. The obligations apply from the moment the model is placed on the market or put into service — there is no grace period once the GPAI application date of August 2025 has passed.

For developers of proprietary GPAI models — whether large commercial frontier labs or enterprise AI teams building in-house foundation models — the primary workload lies in constructing and maintaining Annex XI-compliant technical documentation. This documentation must cover model architecture, training data sources and volumes, training methodologies and compute used, evaluation procedures, performance benchmarks, known limitations, and foreseeable misuse risks. The documentation is not a one-time deliverable; it must be updated whenever the model is materially modified.

For providers distributing models via API or licensing to downstream integrators, Article 52 requires proactively furnishing those downstream parties with sufficient technical information. In practice, this means structured model cards, capability disclosures, and usage guidelines that allow downstream AI system providers to perform their own conformity assessments and risk classifications.

On copyright compliance, providers must implement and document a concrete policy identifying how they detect and honour rightsholders' machine-readable reservations (Article 4(3) of the DSM Directive). This is not a best-efforts commitment — it requires a verifiable process. Training data provenance records and opt-out signal processing workflows must be in place before training commences or before placing an already-trained model on the EU market.

The public training data summary must be published in a standardised format aligned with the AI Office template. It does not need to disclose confidential commercial details but must be sufficiently granular for public scrutiny of training data sources and categories.

Key Obligations

• Technical documentation (Annex XI): Draw up, maintain, and keep current technical documentation covering model architecture, training data, training methodology, compute and energy consumption, capabilities, limitations, evaluation results, and known risks, prior to market placement.
• Information provision to downstream providers: Proactively supply integrating providers with all information necessary for them to understand the model's capabilities and limitations and to fulfil their own obligations under the Regulation, including conformity assessment requirements.
• EU database registration: Register the GPAI model in the EU database established under Article 71 before placing it on the market, providing the information specified in Annex XII.
• Copyright compliance policy: Establish, document, and implement a policy ensuring compliance with Union copyright law, specifically including identification of and compliance with opt-out reservations under Article 4(3) of Directive (EU) 2019/790 (the DSM Directive).
• Public training data summary: Publish a sufficiently detailed summary of training content, in a format consistent with the template issued by the AI Office, to enable public oversight of data sourcing practices.
• Ongoing update obligation: Keep technical documentation and downstream disclosures up to date to reflect any material modifications to the model throughout its active lifecycle.

Relationship to Other Articles

Article 52 is the baseline tier of a two-tier framework for GPAI models. It must be read alongside Article 53, which imposes additional, more stringent obligations specifically on providers of GPAI models with systemic risk (defined by a training compute threshold, currently 10²⁵ FLOPs, or by AI Office designation). Providers should determine whether Article 53 applies to them before concluding that Article 52 obligations alone are sufficient.

Article 51 establishes the classification criteria and notification procedure for systemic-risk models, forming the gateway to Article 53 and providing context for Article 52's scope. Article 55 sets out the obligations of GPAI model providers that are also deployers of their own models in integrated AI systems, creating potential overlap with high-risk AI system requirements under Title III.

Annex XI (technical documentation content) and Annex XII (EU database information) are directly operative annexes for Article 52 compliance. Article 71 governs the EU database itself. Article 4(3) of Directive (EU) 2019/790 (the DSM Directive) is the external legal reference for the copyright opt-out obligation. Codes of practice developed under Article 56 will provide operational guidance on how to satisfy Article 52 obligations in practice.

Compliance Timeline

The EU AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024, twenty days after publication in the Official Journal. Application of the Regulation is phased:

• 2 February 2025 — Prohibitions on unacceptable-risk AI practices (Article 5) became applicable.
• 2 August 2025 — Title V (GPAI models, Articles 51–56), including Article 52, became fully applicable. All GPAI model providers placing models on the EU market from this date must comply with Article 52 in full. Providers whose models were already on the market before this date had until 2 August 2025 to achieve compliance.
• 2 August 2026 — Codes of practice under Article 56 are expected to be finalised, providing authoritative guidance on how to demonstrate compliance with Article 52 obligations in practice.
• 2 December 2026 / 2 August 2027 — High-risk AI system obligations under Title III become fully applicable (depending on Annex I vs. Annex III classification), relevant for GPAI providers that also deploy integrated high-risk AI systems.

Providers should treat 2 August 2025 as the hard compliance deadline for Article 52. The AI Office's codes of practice and any delegated acts specifying Annex XI content requirements should be monitored continuously as they refine the precise documentation standards expected.