Article 56 of Regulation (EU) 2024/1689 — Obligations in case of cessation of activities of providers of general-purpose AI models. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 56 of Regulation (EU) 2024/1689 (the EU AI Act) establishes obligations that apply to providers of general-purpose AI (GPAI) models in the specific circumstance where those providers cease their activities — whether through dissolution, insolvency, voluntary wind-down, or any other form of cessation. The article is located within Title V, which governs GPAI models as a distinct regulatory category first introduced by this Regulation.
The core requirement of Article 56 is that a provider intending to cease activities must notify the AI Office and, critically, all natural or legal persons that have obtained the model under licence or through an API relationship and have integrated that model into their own AI systems or general-purpose AI models. This notification obligation is designed to ensure that downstream providers and deployers — who rely on the upstream GPAI model to discharge their own compliance obligations — are given adequate warning and access to the documentation and technical information they need to continue operating lawfully or to transition to an alternative solution.
The provision also addresses the continuity of access to technical documentation produced under Article 53 and, where applicable, the evaluation and incident-reporting records required under Article 55. Providers must take reasonable steps to ensure that this information does not simply disappear with the business, given that downstream actors may need it to respond to regulatory inquiries, audits, or post-market surveillance requirements for potentially years after the cessation event.
What This Means in Practice
Article 56 primarily affects the operators and legal representatives of companies that develop and distribute general-purpose AI models — foundation model providers, large language model API vendors, and multimodal model distributors — at the point those businesses wind down or restructure. In practical terms, this means that cessation of activities is not simply a corporate event; it triggers a structured compliance process with direct obligations toward regulators and the downstream supply chain.
For a GPAI provider planning an orderly wind-down, the compliance team must identify all current licensees and API customers, prepare a formal notification that explains the timeline of cessation and the availability of required documentation, and communicate this to the AI Office. Timing matters: the notification should provide sufficient lead time for downstream actors to seek alternative models or renegotiate their own product architectures. Rushing this process or failing to notify could leave downstream deployers in breach of their own high-risk AI system obligations under Title III.
A concrete example: if a European startup providing a GPAI model used by ten healthcare software vendors decides to close following insolvency proceedings, Article 56 requires that the insolvency administrator or designated legal representative notify the AI Office and each of those ten vendors, and ensure that the technical documentation package — training data summaries, capability evaluations, known limitations, and incident logs — is preserved and transferred or made accessible, not simply deleted with the servers.
For acquirers or successors-in-interest, Article 56 signals that GPAI model compliance obligations do not terminate automatically; they follow the model and must be addressed contractually in any asset purchase or IP transfer agreement.
Key Obligations
- Notification to the AI Office: The provider must formally notify the AI Office of the cessation of activities, including the planned timeline, before or as soon as practicable upon the triggering event.
- Notification to downstream providers and deployers: All persons who have received the GPAI model under licence or API access and who have integrated it into their own systems must be individually notified, giving them adequate time to assess the compliance impact on their own products.
- Preservation and transfer of technical documentation: Documentation produced under Article 53 (and, for systemic-risk models, Article 55) must be preserved and made accessible to notified downstream actors and to the AI Office, preventing the loss of the compliance record needed for ongoing regulatory accountability.
- Continuity of compliance information for the supply chain: Downstream providers and deployers must receive sufficient information to continue meeting their own obligations — for example, to respond to post-market surveillance requests or national authority audits — even after the upstream provider has ceased to exist.
- Cooperation with the AI Office during wind-down: The provider must cooperate with any AI Office requests for information or documentation during and after the cessation process, for as long as downstream systems based on the model remain in use within the Union.
Relationship to Other Articles
Article 56 cannot be read in isolation. It operates as the termination-phase complement to the ongoing obligations established throughout Title V. Article 53 sets out the core documentation and transparency obligations for all GPAI model providers during normal operation; Article 56 ensures those obligations survive cessation. For providers of GPAI models with systemic risk, Article 55 adds adversarial testing, incident reporting, and cybersecurity duties that are equally subject to the Article 56 handover requirement.
Article 52 on transparency obligations for certain AI systems interacts where a GPAI model is embedded in a user-facing product, and Article 28 clarifies the distribution of responsibilities between upstream and downstream actors — a chain that Article 56 seeks to protect when the upstream link is removed. The enforcement framework in Articles 99 and 101 provides the sanction regime applicable to failures to comply with Article 56, while the AI Office's powers under Chapter VIII give it the supervisory authority to monitor cessation events. Article 2 on scope confirms that the obligations apply to providers placing GPAI models on the Union market regardless of establishment location.
Compliance Timeline
Regulation (EU) 2024/1689 entered into force on 1 August 2024, following publication in the Official Journal of the European Union. The Regulation introduced a phased application schedule:
- February 2025: Prohibitions on unacceptable-risk AI practices (Title II) became applicable.
- August 2025: Title V provisions on general-purpose AI models — including Articles 53, 55, and 56 — became applicable. From this date, GPAI model providers are subject to the full suite of Title V obligations, including the cessation-of-activities requirements under Article 56.
- December 2026 / August 2027: High-risk AI system obligations under Title III apply progressively depending on the Annex in which the system is listed.
Article 56 therefore has been fully in effect since August 2025. Any GPAI model provider that ceased or ceases activities on or after that date must comply with the notification, documentation preservation, and downstream communication requirements set out in this article. Providers should treat Article 56 planning as part of standard business continuity and corporate governance documentation from the date they first place a GPAI model on the Union market.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Under Article 56, a provider that ceases activities must notify the AI Office and all downstream providers and deployers that have integrated the model into their own systems. It must ensure that documentation, technical information, and any relevant compliance records are preserved and made accessible so that the supply chain is not left without the information required to meet their own obligations under the EU AI Act.
Article 56 applies to providers of general-purpose AI models as defined in Article 3(63) of Regulation (EU) 2024/1689, regardless of whether the model has been classified as posing systemic risk. However, providers of GPAI models with systemic risk face additional parallel obligations under Articles 55 and 52, meaning cessation of activities triggers a broader and more demanding notification and handover process for that category.
The AI Office, established under Chapter VIII of the Regulation, is the primary supervisory authority for GPAI model providers, including enforcement of Article 56. National competent authorities coordinate with the AI Office. Non-compliance with Article 56 notification and documentation obligations can lead to administrative fines under Article 99, which for GPAI-related infringements can reach up to EUR 15 000 000 or 3 % of total worldwide annual turnover, whichever is higher.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.