GPAI (General Purpose AI) model rules under the EU AI Act apply from 2 August 2025. All GPAI providers must maintain technical documentation and copyright summaries. Providers of systemic-risk models (above 10²⁵ FLOPs) face adversarial testing, incident reporting, and additional transparency obligations.
GPAI rules apply now — since 2 August 2025
Chapter 5 of the EU AI Act (Art. 51–56) governs general-purpose AI models. These rules apply from 2 August 2025 and were not extended by the 2026 omnibus.
A GPAI model is distinct from a GPAI system: a model is the trained foundation; a system is the model deployed in an application. Obligations apply to the model provider — not the downstream deployer who integrates the model into a product.
Who qualifies as a GPAI model provider?
An organisation is a GPAI model provider if it trains a model at significant scale and makes it available to other providers or deployers. This includes:
- Developers of large language models (GPT, Claude, Gemini, Mistral, Llama)
- Developers of large multimodal models (vision-language, audio-language)
- Developers of large image or video generation models
- Developers of code generation models
The Act distinguishes between providers who release models commercially, those who release open-source weights, and those who train models for internal use only. Internal-use models are not placed on the market and therefore outside scope.
Standard GPAI obligations (all non-exempt models)
All GPAI models except those with open-source weights must comply with:
- Technical documentation (Art. 53(1)(a)) — including training methodology, evaluation results, energy consumption, and data sources
- Copyright compliance summary (Art. 53(1)(c)) — a publicly available summary of content used in training, sufficient for copyright holders to exercise their rights
- Downstream compliance support (Art. 53(1)(b)) — information enabling downstream providers to comply with their own AI Act obligations
- Cooperation with AI Office (Art. 53(1)(d)) — providing information and documentation upon request
Additional obligations for systemic-risk GPAI models
GPAI models trained with more than 10²⁵ FLOPs face additional obligations under Art. 55:
| Obligation | Detail |
|---|---|
| Model evaluation | Standardised protocols including adversarial testing (red teaming) before and after training |
| Systemic risk assessment | Assess and mitigate systemic risks from the model's training and foreseeable use |
| Incident reporting | Serious incidents to the EU AI Office without undue delay |
| Cybersecurity | Adequate cybersecurity protection for the model and its infrastructure |
| Energy reporting | Electricity consumption reporting |
Open-source GPAI: reduced but not zero obligations
Open-source GPAI models (published weights) are exempt from the technical documentation and copyright summary requirements unless they have systemic risk. They still must:
- Comply with copyright law (not a reduced obligation)
- If systemic risk: all systemic-risk obligations still apply
- Cooperate with AI Office investigations
AI Office enforcement
The European AI Office is the primary regulator for GPAI models across the EU. It operates under the Commission and is the single point of contact for GPAI providers. National competent authorities handle GPAI system obligations (downstream deployers).
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
GPAI model obligations under Chapter 5 of the EU AI Act have applied from 2 August 2025. The 2026 Digital Omnibus did not change this deadline.
A General Purpose AI (GPAI) model is an AI model trained on large amounts of data using self-supervision at scale, displaying significant generality, and capable of competently performing a wide range of distinct tasks. Examples include large language models (LLMs), multimodal foundation models, and large image generation models. GPAI models built into products are also in scope.
GPAI models with systemic risk are those trained with more than 10²⁵ floating-point operations (FLOPs). The Commission can update this threshold. As of 2026, this covers the largest frontier models (GPT-4 class and above). Systemic risk models face additional obligations including adversarial testing, incident reporting to the EU AI Office, and cybersecurity measures.
Open-source GPAI models with published weights have reduced obligations — they are exempt from the technical documentation and copyright summary requirements. However, they remain subject to copyright compliance obligations. Open-source GPAI models with systemic risk are NOT exempt from systemic-risk obligations.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.