Article 84 of Regulation (EU) 2024/1689 — Tasks of the AI Office in relation to general-purpose AI models. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 84 of Regulation (EU) 2024/1689 establishes the specific tasks of the AI Office in relation to general-purpose AI (GPAI) models. Under this provision, the AI Office is empowered to take a range of supervisory and investigatory actions against providers of GPAI models, including those posing systemic risk.
The AI Office may request providers to supply any information necessary to assess compliance with Chapter V obligations. It may conduct evaluations of GPAI models — either on its own initiative or at the request of market surveillance authorities — to assess whether a model meets its obligations, particularly regarding risk management, transparency, and technical documentation. For GPAI models with systemic risk, the AI Office is authorised to mandate in-depth evaluations, which may be carried out with the assistance of independent scientific experts.
Where the AI Office identifies actual or potential infringements, it may call upon the provider to adopt corrective or restrictive measures, including modifying technical documentation, adjusting model deployment conditions, or restricting access. The AI Office is also tasked with coordinating with national competent authorities, sharing relevant findings, and ensuring a coherent supervisory approach across Member States. The provision underscores the AI Office's central role as the EU-level body specifically competent for GPAI model oversight, distinct from the national market surveillance apparatus that governs most other AI system categories.
What This Means in Practice
For providers of general-purpose AI models — including large language models, multimodal foundation models, and similar general-purpose systems — Article 84 means that the AI Office functions as an active, ongoing supervisor, not merely a policy body.
For all GPAI providers: The AI Office may, at any time, request access to technical documentation, training data summaries, evaluation results, and information about downstream deployment practices. Providers must be operationally ready to respond to such requests promptly, maintaining up-to-date documentation aligned with Article 53 requirements (technical documentation, copyright compliance summaries, model cards). Ignoring or delaying responses to AI Office requests constitutes a compliance risk that can trigger escalated scrutiny and formal enforcement.
For providers of systemic-risk models: The stakes are higher. The AI Office can mandate independent expert evaluations, which may involve providing model access, internal test results, and red-teaming data. Providers should establish internal protocols for managing such evaluations — designating compliance leads, maintaining structured model access environments, and preparing briefing materials that make expert review efficient.
Practical example: A provider releasing a GPAI model with training compute above 10^25 FLOPs should assume ongoing AI Office engagement, prepare a standing documentation repository, and treat AI Office information requests as equivalent in seriousness to formal regulatory audits. Corrective orders — such as updating model documentation or modifying deployment scope — must be implemented within the timeframes specified by the AI Office.
Key Obligations
- Respond to AI Office information requests: Providers of GPAI models must supply all information — technical documentation, evaluation data, deployment practices — requested by the AI Office for compliance assessment purposes, within specified timeframes.
- Submit to model evaluations: Providers must cooperate with AI Office-mandated evaluations of their GPAI models, including providing model access and supporting materials required by independent experts conducting assessments.
- Implement corrective measures: When the AI Office identifies an actual or potential breach of Chapter V obligations, providers must implement the corrective or restrictive measures ordered, which may include amending documentation, modifying deployment conditions, or restricting model availability.
- Maintain ongoing documentation readiness: Because the AI Office can initiate evaluations at any point, providers must ensure that technical documentation (per Article 53) is current, accurate, and structured for external review at all times.
- Cooperate with systemic-risk assessments: Providers of GPAI models with systemic risk face enhanced obligations, including mandatory cooperation with in-depth evaluations that may involve independent scientific experts appointed or approved by the AI Office.
- Support national authority coordination: Where the AI Office shares findings with national market surveillance authorities, providers may face follow-on requests or actions at Member State level and should maintain consistent documentation across all regulatory touchpoints.
Relationship to Other Articles
Article 84 does not operate in isolation. It is the enforcement and supervisory backbone of Chapter V (Articles 51–56), which defines obligations for GPAI model providers — technical documentation (Article 53), transparency toward downstream providers (Article 53), copyright compliance policies (Article 53), and the enhanced obligations for systemic-risk models (Articles 55–56).
It connects directly to Article 90, which governs the AI Office's power to request information from providers across the value chain, and to Articles 99–101, which establish the penalty regime that follows from confirmed infringements identified through Article 84 oversight processes. The in-depth evaluation mechanism echoes the conformity assessment logic applicable to high-risk AI systems under Articles 43–44, but adapted for the GPAI context where no notified body is involved.
Article 84 should also be read alongside Article 88 (enforcement of rules on GPAI models by the AI Office) and Recitals 149–155, which provide interpretive context for the AI Office's supervisory design and the rationale for centralised oversight of GPAI models at EU level.
Compliance Timeline
The EU AI Act entered into force on 1 August 2024, twenty days after publication in the Official Journal. Article 84, as part of the GPAI chapter provisions, became applicable on 2 August 2025 — twelve months after entry into force.
This means that from August 2025, the AI Office has full authority to exercise the tasks described in Article 84: requesting information, mandating evaluations, engaging independent experts for systemic-risk models, and ordering corrective measures.
Providers of GPAI models should have had their compliance programmes — technical documentation, transparency obligations, systemic-risk assessments — in place by August 2025. The AI Office began structured engagement with major GPAI providers ahead of this date, through the General-Purpose AI Code of Practice process initiated in 2024.
For context: prohibited AI practices became enforceable from 2 February 2025; high-risk AI system obligations under Annex I (product safety legislation) apply from 2 August 2026; and remaining high-risk AI system obligations under Annex III apply from 2 August 2027. Article 84 sits firmly in the August 2025 wave — it is already in full legal effect.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
The AI Office is responsible for monitoring compliance of general-purpose AI (GPAI) model providers, conducting evaluations, requesting information, ordering corrective measures, and — for systemic-risk models — carrying out in-depth assessments. It acts as the primary EU-level supervisory body for GPAI models.
Article 84 grants the AI Office investigatory and monitoring powers, including the ability to request information and order corrective actions. Formal fines and penalties are addressed under Title X (Articles 99–101), but the AI Office's findings under Article 84 feed directly into enforcement proceedings.
All providers of general-purpose AI models placed on the EU market fall within scope, with enhanced scrutiny applying to providers of GPAI models classified as posing systemic risk (those trained with compute exceeding 10^25 FLOPs, or otherwise designated by the Commission).
The AI Office may mandate evaluations of GPAI models — particularly those with systemic risk — by independent experts. These evaluations assess capabilities, limitations, and risk profiles. Providers must cooperate and supply the documentation, model access, and technical information required.
Article 84 became applicable on 2 August 2025, twelve months after the EU AI Act entered into force. This aligns with the broader GPAI provisions in Chapter V (Articles 51–56), which also apply from that date.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.