EU AI Act GPAI Obligations: Chapter V Guide

What Counts as GPAI?

The EU AI Act defines general-purpose AI models broadly:

An AI model that displays significant generality and is capable of competently performing a wide range of distinct tasks, regardless of how it is placed on the market. Most large language models, image-generation models, and multimodal foundation models qualify.

Article 53: Standard GPAI Provider Obligations

All GPAI providers must satisfy these baseline requirements:

• Maintain technical documentation including training and testing process
• Provide information to downstream providers integrating the model
• Comply with EU copyright law, including a policy to respect text-and-data-mining opt-outs
• Publish a sufficiently detailed summary of training data
• Designate an EU representative if established outside the EU

Article 55: Systemic-Risk GPAI Obligations

Models meeting the systemic-risk threshold (currently 10²⁵ FLOPs of training compute, indicative) face additional duties:

• Model evaluations including adversarial testing
• Systemic-risk assessment and mitigation
• Cybersecurity protections
• Serious-incident reporting to the AI Office
• Energy-consumption disclosure

Code of Practice

The Commission has facilitated a voluntary code of practice for GPAI providers:

Adoption is voluntary but provides a presumption of conformity for the obligations it covers.

Open-Source Carve-Out

Open-source GPAI models receive favorable treatment under the regulation:

GPAI models released under free and open-source licenses are largely exempted from Article 53, except for the copyright and training-data-summary obligations — and the carve-out does not apply at all to systemic-risk-tier models.