Article 64 — AI Office (EU AI Act)

Article 64 of Regulation (EU) 2024/1689 — AI Office. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 64 of Regulation (EU) 2024/1689 establishes the AI Office as a body within the European Commission, charged with contributing to the implementation, monitoring, and supervision of the EU AI Act at Union level. The AI Office is vested with a broad institutional mandate covering several core functions: developing and maintaining Union-level expertise on artificial intelligence technologies and markets; overseeing compliance by providers of general-purpose AI models, including models presenting systemic risk; supporting the European Artificial Intelligence Board and the Commission in their respective tasks; and coordinating with national competent authorities to ensure coherent enforcement across the single market.

The Article grants the AI Office investigative and enforcement powers with respect to general-purpose AI (GPAI) models. These include the authority to request information and documentation from providers, conduct evaluations of GPAI models, and refer matters for further action. The Office also manages the development of codes of practice intended to facilitate compliance with obligations applicable to GPAI model providers under Chapter V of the Regulation.

Article 64 further assigns the AI Office responsibility for monitoring market developments, emerging AI capabilities, and systemic risks associated with frontier models. It may issue guidance, recommendations, and opinions to stakeholders and national authorities. The AI Office acts as the single point of contact for matters involving GPAI models and ensures that enforcement actions at Union level are proportionate, technically informed, and procedurally sound under the framework established by the Regulation.

What This Means in Practice

For providers of general-purpose AI models — including large language models and multimodal foundation models — the AI Office is the primary regulatory interlocutor at European level. Any provider whose model is made available in the EU, regardless of where the provider is established, falls within scope of the AI Office's oversight mandate once the GPAI provisions apply.

In practical terms, providers should expect the AI Office to issue requests for technical documentation, model evaluations, and information about training data, compute thresholds, and downstream use cases. Providers of models classified as presenting systemic risk — those trained with more than 10^25 FLOPs or otherwise identified by the Commission — face heightened scrutiny, including adversarial testing requirements and incident reporting obligations monitored by the AI Office.

The AI Office also leads the development and oversight of codes of practice for GPAI compliance. Participation in these codes is voluntary but carries significant compliance weight: providers that adhere to an approved code of practice benefit from a presumption of conformity with the corresponding obligations. Providers that choose not to participate must demonstrate alternative compliance by other means, which the AI Office evaluates.

For deployers and downstream operators, the AI Office is less directly relevant but its guidance documents, published evaluations, and enforcement decisions establish the interpretive baseline that national market surveillance authorities follow. Businesses integrating GPAI models into high-risk AI systems should monitor AI Office publications closely, as its technical findings shape how obligations cascade from GPAI providers to deployers.

National competent authorities handling high-risk AI systems coordinate with the AI Office through the European Artificial Intelligence Board, ensuring that enforcement across Member States remains consistent and technically informed.

Key Obligations

• Providers of GPAI models must cooperate fully with AI Office information requests, including providing access to technical documentation, model weights (under appropriate confidentiality protections), training data summaries, and evaluation results within the timeframes set by the Office.
• Providers of GPAI models with systemic risk must engage with the AI Office's enhanced oversight regime, including adversarial capability evaluations, incident notification, and cybersecurity measure reporting.
• All GPAI providers should monitor and participate in AI Office-led code of practice processes, or maintain documented alternative compliance evidence sufficient to satisfy the Office's equivalence assessment.
• The AI Office itself is obligated to exercise its powers in accordance with due process, proportionality, and the procedural guarantees set out in Chapter VII of the Regulation, including rights of defence for entities under investigation.
• National competent authorities must cooperate with and support the AI Office's cross-border investigations and share relevant market surveillance findings through the established coordination mechanisms.
• The European Commission must ensure the AI Office is appropriately resourced with technical expertise, staffing, and independence of operation to carry out its mandate effectively under the Regulation.

Relationship to Other Articles

Article 64 is the institutional foundation for the Union-level governance architecture and must be read in conjunction with the surrounding provisions of Title VII. Article 65 establishes the European Artificial Intelligence Board, which works alongside the AI Office as the principal advisory body. Articles 66 and 67 create the Advisory Forum and Scientific Panel on General-Purpose AI respectively — both feeding technical expertise into the AI Office's operations.

For GPAI-specific oversight, Article 64 connects directly to Chapter V (Articles 51–56), which sets out the obligations that the AI Office enforces. Articles 88 to 94 govern the AI Office's investigative and enforcement powers in detail, including access to models, corrective measures, and penalties.

Article 74 on market surveillance and Article 85 on confidentiality of information are also operationally relevant to how the AI Office conducts its activities. Article 5 (prohibited practices) and Articles 6–51 (high-risk systems) inform the AI Office's market monitoring responsibilities, even where primary enforcement rests with national authorities.

Compliance Timeline

The EU AI Act entered into force on 1 August 2024, establishing the legal basis for the AI Office immediately. The Office began constituting its structure and expertise during the initial transitional period.

February 2025: Provisions on prohibited AI practices (Article 5) became applicable; the AI Office's monitoring role in relation to systemic risks and market developments was activated.

August 2025: GPAI model obligations under Chapter V became fully applicable. From this date, the AI Office's enforcement authority over general-purpose AI model providers — including systemic risk assessments, code of practice oversight, and information requests — became fully operational.

December 2026: High-risk AI system requirements under Annex I (product safety legislation) apply; national market surveillance authorities activate under AI Office coordination.

August 2027: Remaining high-risk AI system obligations under Annex III apply. Full cross-level governance — combining AI Office GPAI oversight with national authority enforcement of high-risk systems — is operational across the EU single market.

Providers of GPAI models that were already available before August 2025 had limited transitional accommodation but should by now be fully compliant with all Chapter V obligations and actively engaged with AI Office oversight processes.