GPAI Model Risk Under the EU AI Act: Classification, Obligations, and What Most Companies Actually Owe
GPAI models sit in Chapter V, separate from the four risk tiers. Article 51 systemic risk, Article 53 baseline obligations, and what downstream users owe.
The EU AI Act does not treat general-purpose AI (GPAI) models as a fifth risk tier. They sit in a separate, cross-cutting chapter — Chapter V, Articles 51 through 56 — that runs parallel to the four-tier risk framework rather than inside it. That distinction matters enormously in practice, because the obligations it creates fall almost entirely on the companies that train and release GPAI models, not on the far larger number of companies that use them.
This article explains who the GPAI rules actually bind, what Article 51 systemic risk classification means, and why most organisations are downstream users rather than GPAI providers.
What Makes a GPAI Model Different
The EU AI Act defines a GPAI model (Article 3(63)) as an AI model trained on large amounts of data, capable of serving a wide range of purposes, and designed to be integrated into downstream AI systems or applications. The classic examples are large language models, image-generation models, and multimodal foundation models.
The critical point: a GPAI model is not itself an "AI system" in the Act's primary sense. It becomes part of an AI system when a provider integrates it into a product and deploys it for a specific purpose. At that point, the downstream AI system may fall into Annex III and inherit high-risk obligations — but those obligations attach to the downstream system, not to the underlying GPAI model. The GPAI model has its own, separate obligations under Chapter V.
You can build a high-risk AI system on top of a GPAI model. You can also build a minimal-risk customer service bot on top of the same model. The GPAI model's Chapter V obligations are constant in either case. The downstream system's Annex III obligations depend entirely on what the downstream system does.
Two Levels of GPAI Obligation
Chapter V creates two tiers of obligation for GPAI model providers.
Tier 1 — Baseline obligations for all GPAI providers (Article 53)
Every provider of a GPAI model placed on the EU market must comply with Article 53. The four core obligations are:
- Technical documentation — prepare and maintain technical documentation as specified in Annex XI of the Regulation, covering model architecture, training methodology, training data, performance benchmarks, and known limitations.
- Downstream information — make available to providers who integrate the GPAI model into their products the information and documentation specified in Annex XII, sufficient for those downstream providers to comply with their own obligations under the Act.
- Copyright policy — put in place a policy for complying with EU copyright law, including the text and data mining exceptions in Directive 2019/790.
- Training data summary — publish a sufficiently detailed summary of the content used for training.
These obligations applied from 2 August 2025. GPAI models that were already on the market before that date have until 2 August 2027 to comply. The Digital Omnibus deferral that pushed the Annex III high-risk deadline to 2 December 2027 does not apply to Chapter V — the GPAI timeline is unchanged.
Tier 2 — Systemic risk obligations for GPAI models with systemic risk (Articles 51 and 55)
Some GPAI models carry a higher classification: GPAI model with systemic risk. Article 51 sets out how this is determined.
A GPAI model is classified as having systemic risk if it has "high-impact capabilities" — defined as capabilities that "match or exceed the state of the art across most relevant benchmarks" at a level that gives rise to significant risks. Article 51(1) also creates a rebuttable presumption: any GPAI model trained using a cumulative amount of compute greater than 10^25 FLOPs is presumed to have systemic risk. The European Commission can designate additional models under Article 51(2) based on criteria such as the number of users, the model's multimodality, or its accessibility via API.
Article 52 and Article 90 (the scientific panel's qualified-alert mechanism) give the Commission tools to trigger designation for models that do not meet the compute threshold but may still pose systemic risk.
GPAI providers with systemic risk must comply with Article 55 in addition to Article 53. The Article 55 obligations are:
- Perform model evaluations, including adversarial testing, before and after release.
- Assess and mitigate systemic risks — including risks to public security, public health, democratic processes, and fundamental rights.
- Report serious incidents and corrective measures to the AI Office (not to national authorities).
- Implement cybersecurity safeguards.
The fine ceiling for GPAI provider non-compliance is Article 101: up to €15 million or 3% of total worldwide annual turnover, whichever is higher. These fines are imposed by the Commission (via the AI Office), not by national authorities.
Who Is Actually a GPAI Provider?
Article 3(3) defines a GPAI model provider as an entity that develops — including by training — a GPAI model and places it on the market under its own name or trademark, whether for a fee or for free. The key phrase is "develops, including by training."
In practice, the entities that meet this definition are the large AI labs: OpenAI, Google DeepMind, Meta AI, Mistral, and a relatively small number of comparable organisations. A company that fine-tunes an existing open-weight GPAI model on proprietary data may also qualify as a provider if the result is a genuinely distinct model placed on the market. The Commission's guidance is still developing on where that line falls.
Most companies — including most SaaS startups, mid-sized technology firms, and any business that calls an API — are downstream users, not GPAI providers. If you use GPT-4 via API to power a customer support feature, you are a deployer of a downstream AI system. The GPAI model's Article 53 obligations fall on OpenAI, not on you. What you do inherit is whatever applies to the downstream system you build — which may or may not be high-risk under Annex III.
The Act's Article 25 role-shift rules apply here too. If you take a GPAI model and substantially modify it, or if you place it on the market under your own name without the original provider's consent to do so, you step into the provider role and inherit the Chapter V obligations.
The Downstream Question: When Does Using a GPAI Model Create Obligations?
Being a downstream user of a GPAI model does not make you a GPAI provider. But it may make you a provider or deployer of a high-risk AI system under the main four-tier framework.
If you build a recruitment-screening tool on top of a GPAI model, you are the provider of a high-risk AI system under Annex III, point 4(a). Your obligations are: risk management under Article 9, technical documentation under Article 11, record-keeping under Article 12, transparency under Article 13, human oversight under Article 14, accuracy and robustness under Article 15, conformity assessment under Article 43, and registration under Article 49. The deadline for stand-alone Annex III systems is 2 December 2027 (under the Digital Omnibus agreed in May 2026, which deferred the original 2 August 2026 date).
The GPAI model provider's Article 53 duty to supply Annex XII downstream information is precisely what makes this workable: the provider gives you enough technical information about the model to fill in the sections of your Annex IV technical documentation that concern the underlying model.
A GPAI model does not automatically make any downstream application high-risk. The high-risk classification turns on what the downstream application does — which Annex III category it falls into, whether it passes the Article 6(3) filter, and who deploys it and in what context.
The 10^25 FLOP Threshold in Context
The compute presumption in Article 51(1)(b) gives a bright-line indicator, but it is important not to over-read it. Ten to the power of 25 FLOPs is an extremely large training run — current frontier models like GPT-4 class systems are estimated to have used roughly 10^23–10^24 FLOPs for pre-training. The 10^25 threshold represents a clear step beyond today's largest models.
What this means:
- A company fine-tuning an existing model with a few hundred GPU-hours of compute is nowhere near this threshold.
- Even a mid-sized company training a domain-specific model from scratch is unlikely to approach it.
- The presumption is designed to capture the very largest frontier models and to avoid regulatory capture by model size inflation.
The threshold is rebuttable (a provider may demonstrate that a high-compute model does not in fact have systemic risk) and the Commission may designate lower-compute models that nonetheless have high-impact capabilities. The GPAI Codes of Practice being developed under Article 56 are expected to give more operational guidance on assessment methodology.
GPAI and the Four-Tier Framework: Not a Fifth Category
The EU AI Act's four risk tiers are: (1) unacceptable risk — prohibited under Article 5; (2) high risk — Article 6 and Annex III; (3) limited/transparency risk — Article 50; (4) minimal risk — everything else. GPAI models are not a fifth tier in this ladder.
A GPAI model can intersect with the four-tier framework in two ways. First, the model itself sits in Chapter V — a parallel track. Second, a system built using the GPAI model may fall in any of the four tiers depending on its deployment.
This distinction matters when you are mapping compliance responsibilities across a supply chain. A company that uses an open-weight GPAI model to build an emotion-recognition tool used in the workplace has not one problem but two: the tool may be prohibited under Article 5(1)(f) (emotion recognition in the workplace is a prohibited practice), and separately, the upstream model provider has obligations under Article 53. Those are distinct compliance questions with distinct addressees.
How Confir Helps
Most of Confir's users are downstream organisations — companies that integrate or deploy applications built on GPAI models, not companies that train foundation models. Confir's deterministic, rule-based classification engine records your GPAI dependencies (up to two per AI system entry) and distinguishes clearly between your obligations as a downstream deployer or provider and the GPAI model provider's separate Chapter V obligations. The intake questions flag whether a system uses a GPAI model as its underlying component, map the downstream system to its correct Annex III classification, and confirm which Article 53 downstream information you are entitled to receive from the model provider.
If you are preparing technical documentation under Article 11 for a high-risk system built on a GPAI model, Confir's Annex IV pack includes the sections that reference the upstream model and prompts you to document what Annex XII information you have received.
FAQ
Is a GPAI model itself a high-risk AI system?
No. A GPAI model is classified under Chapter V (Articles 51–56) as either a standard GPAI model or a GPAI model with systemic risk. It is not classified under Annex III. If a GPAI model is integrated into a downstream AI system that falls in an Annex III category, that downstream system is high-risk — but the underlying GPAI model's obligations remain governed by Chapter V, not by the high-risk framework.
When did GPAI obligations start applying?
Article 53 baseline obligations and Article 55 systemic-risk obligations became applicable on 2 August 2025. GPAI models already on the market before that date must comply by 2 August 2027. The Digital Omnibus deferral (high-risk Annex III systems: 2 December 2027) does not affect Chapter V.
What is the compute threshold for systemic risk classification?
Article 51(1)(b) sets a presumption of systemic risk for GPAI models trained using a cumulative compute exceeding 10^25 floating-point operations (FLOPs). The presumption is rebuttable. The Commission may also designate models below that threshold if they demonstrate high-impact capabilities (Article 51(2) via Article 52 / Article 90 qualified-alert procedure).
What fines apply to GPAI providers who do not comply?
Article 101 — separate from the main Article 99 penalty tiers — allows the Commission to fine GPAI model providers up to €15 million or 3% of total worldwide annual turnover, whichever is higher. These fines are levied by the Commission, not by national market surveillance authorities.
I use an LLM API to build a product. Am I a GPAI provider?
Almost certainly not. Calling a model API makes you a downstream deployer or provider of the application you build on top of it. The GPAI provider is the company that trained and placed the model on the market. What you need to assess is whether the application you build triggers Annex III high-risk classification — that turns on what your application does, not on the underlying model architecture.
Does a GPAI model with systemic risk automatically make any app built on it high-risk?
No. The systemic risk classification attaches to the model and creates Article 55 obligations for the model's provider. Whether a downstream application built on that model is high-risk depends on its own classification under Article 6 and Annex III — specifically, whether it falls within one of the eight Annex III categories and whether it passes the Article 6(3) filter.
Related guides
- OpenAI API Article 6 compliance
- Article 6 classification decision tree
- Article 52 GPAI provider obligations
- Article 53 provider obligations
- Article 8 high-risk requirements
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →