EU AI Act Article 52: Systemic-Risk GPAI Notification Procedure
Article 52 governs GPAI systemic-risk notification: two-week window at 10²⁵ FLOPs, rebuttal rights, Commission-initiated designation, reassessment.
When a general-purpose AI model crosses the 10²⁵ FLOP threshold under Article 51(1)(a) of Regulation (EU) 2024/1689, a procedural clock starts. Article 52 governs what happens next: who notifies whom, by when, what that notification must contain, and how the European Commission decides whether the model carries systemic risk. It also sets out the path for a provider that believes the threshold-crossing model does not, in fact, present systemic risk — and what happens when the Commission disagrees.
This article is squarely about procedure. Article 51 defines the classification criteria. Article 53 governs obligations for all GPAI providers. Article 55 sets the substantive obligations for systemic-risk models. Article 52 connects those last two: it is the procedural machinery through which a model officially acquires systemic-risk status and the obligations that come with it.
GPAI rules have applied since 2 August 2025. If your organisation develops or places on the EU market a GPAI model capable of reaching the training-compute threshold — or if you are a downstream company that relies on one — understanding this procedure matters now.
What Article 52 covers: the short version
Article 52 establishes four distinct procedural mechanisms:
- Provider notification — when a model meets the Article 51(1)(a) criterion, the provider must notify the Commission without delay and within two weeks.
- Rebuttal argument — a provider may argue, alongside its notification, that despite meeting the criterion the model does not present systemic risk.
- Commission-initiated designation — the Commission may designate a model as systemic-risk on its own initiative or after a qualified alert from the scientific panel under Article 90.
- Reassessment — a provider may request a fresh look no earlier than six months after the initial designation decision.
The Commission must maintain and publish a list of GPAI models designated as having systemic risk, while protecting intellectual property and confidential business information.
The notification trigger: Article 51(1)(a) and the 10²⁵ FLOP presumption
Article 51(1) creates a presumption: a GPAI model is presumed to present systemic risk if the training compute used for it exceeds 10²⁵ floating-point operations (FLOPs). This is the Article 51(1)(a) criterion. It sets the threshold high — above the training compute of the largest publicly known models as of mid-2025 — deliberately targeting the top tier of capability.
The presumption is exactly that: a presumption, not a certainty. A provider whose model crosses the threshold can argue it does not actually present systemic risk (see below). But the presumption does trigger the notification obligation.
Article 51 also allows the Commission to designate additional models as systemic-risk where they demonstrate "capabilities or an impact equivalent to those in paragraph 1" — a catch-all for capabilities that do not show up in raw compute (Article 51(1)(b)). Notifications under that pathway follow Article 52's procedure too.
Who counts? The obligation falls on the provider — the entity that trains the model and places it on the market or puts it into service. A downstream company that fine-tunes or deploys a third-party GPAI model is not the provider and does not carry the Article 52 notification duty. That said, downstream companies should track whether the GPAI models they depend on are on the Commission's systemic-risk list; the Article 55 obligations flow from that status and can affect the contractual information providers must pass downstream under Article 53(1)(e).
The two-week notification window
Once a provider knows — or has reason to know — that a model it is training will meet the Article 51(1)(a) threshold, it must notify the Commission without delay and in any event within two weeks of that requirement being met (or of becoming aware that it will be met).
The wording "or it becomes known to it that the requirement will be met" means the clock can start before training completes. A provider running training runs where extrapolated compute will clearly reach 10²⁵ FLOPs cannot wait until the final checkpoint.
The notification must include information showing that the threshold is met. In practice this means providing the training-compute figure, the methodology used to calculate it (e.g. the floating-point operations count per step multiplied by total training steps), the model architecture details relevant to compute measurement, and the model's identifying information. The Commission may request additional technical information to verify the calculation.
Notification timeline — worked example
Consider a company training a large multimodal model starting in October 2025. Suppose:
- Week 1 of training: internal estimates project final compute at 8 × 10²⁴ FLOPs — below the threshold. No notification required yet.
- Week 4: revised projections, based on actual throughput, now indicate 1.2 × 10²⁵ FLOPs. The threshold will be met.
- Week 4, within two weeks: the provider must file its notification. It cannot wait until training ends or until the model is deployed.
- With the notification, the provider may include a substantiated argument that the model does not present systemic risk (see below).
- After filing: the Commission reviews the notification and either confirms systemic-risk status or — if it accepts the rebuttal — does not designate the model.
The notification goes to the AI Office, the body within the Commission established under Article 64 to oversee GPAI models. The AI Office coordinates the assessment.
The rebuttal: arguing against systemic-risk designation
Article 52 gives providers a narrow but meaningful procedural right. A provider that meets the Article 51(1)(a) criterion may, with its notification, present sufficiently substantiated arguments that the model does not, despite meeting the compute threshold, present systemic risk because of its specific characteristics.
What would "sufficiently substantiated" look like? The regulation does not enumerate exact grounds, but the logic of Article 51 points toward factors such as:
- Limited or domain-constrained capability — the model is trained for a narrow task despite high compute (e.g. a scientific simulation model that cannot generate text or reason across domains).
- Architectural properties that limit general-purpose capability even at high compute.
- Access restrictions that prevent the model from reaching users at scale.
- Demonstrated absence of high-impact capabilities under the Article 51(1)(b) equivalence criteria.
The rebuttal must be presented at the time of notification, not as a separate later filing. The Commission then assesses the arguments and may accept or reject them. If it rejects the rebuttal, the model is designated as carrying systemic risk, and the Article 55 obligations attach. If it accepts, the provider does not receive systemic-risk designation — though the Article 53 baseline obligations for all GPAI providers continue to apply regardless.
In practice, rebuttals are likely to be rare and technically demanding. A model trained at 10²⁵+ FLOPs is, almost by construction, a capable general-purpose system. Providers planning to make such an argument should document architectural and capability characteristics throughout training, not retrospectively.
Commission-initiated designation
The Commission does not have to wait for a notification. Article 52 explicitly allows the Commission to designate a GPAI model as having systemic risk on its own initiative — for instance if it becomes aware that a model has been deployed at scale without a notification, or based on capability assessments conducted independently of compute measurement.
The Commission may also act following a qualified alert from the scientific panel under Article 90. The scientific panel — an independent body of experts established under Article 68 to advise on GPAI matters — may flag a model as warranting systemic-risk consideration, which can trigger Commission action under Article 52.
This route matters because compute is an imperfect proxy. A model trained at 9 × 10²⁴ FLOPs might still present systemic risk if it exhibits the right (or wrong) capabilities. The Commission's initiative power ensures that the regulatory perimeter does not depend entirely on self-reported numbers.
Reassessment after designation
Systemic-risk designation is not irrevocable. Under Article 52, a provider may request a reassessment — but not earlier than six months after the designation decision. The request must be based on new objective reasons showing that the model no longer presents, or never presented, systemic risk.
"New objective reasons" sets a meaningful bar. A provider cannot simply restate its original rebuttal arguments. It would need to point to new capability evaluations, architectural changes, deployment restrictions, or emerging evidence about the model's actual real-world impact that was not available at the time of designation.
The six-month minimum prevents strategic gaming — filing a reassessment request immediately after designation to delay the Article 55 obligations from attaching. Once designated, Article 55 duties apply; the provider must comply while any reassessment is pending.
The published list of systemic-risk GPAI models
The Commission maintains and publishes a list of GPAI models designated as having systemic risk. This list serves several functions:
- Market transparency — downstream deployers can check whether the GPAI models they procure appear on the list and plan accordingly.
- Enforcement orientation — national market surveillance authorities know which models face the Article 55 regime.
- Public accountability — the list demonstrates that the AI Office's oversight function is operational.
The Commission publishes the list while protecting information that qualifies as intellectual property or confidential business information. In practice, this means the list will identify the model (by name or other identifier) and the fact of designation, but need not disclose the training-compute figures or architectural details submitted in the notification.
How Article 52 fits into the GPAI chapter
The GPAI provisions in Chapter V of Regulation (EU) 2024/1689 follow a deliberate layered structure. Understanding where Article 52 sits helps avoid confusing it with adjacent articles:
| Article | Subject |
|---|---|
| Art 51 | Classification criteria — what makes a GPAI model systemic-risk (10²⁵ FLOP presumption; Commission's equivalence designation power) |
| Art 52 | Procedure — notification, rebuttal, Commission-initiated designation, reassessment, published list |
| Art 53 | Baseline obligations for all GPAI providers — technical documentation, downstream information, copyright policy, training-data summary |
| Art 54 | Authorised representatives of GPAI providers established outside the EU |
| Art 55 | Systemic-risk obligations — model evaluation, adversarial testing, risk mitigation, incident reporting to the AI Office, cybersecurity measures |
| Art 56 | Codes of practice (GPAI) |
Article 52 is exclusively procedural. A provider that completes the notification and receives systemic-risk designation moves to Article 55 for the substance of what it must do. Article 53 applies in parallel to all GPAI providers regardless of systemic-risk status.
Who is actually affected?
As of mid-2025, a handful of global AI developers — concentrated in the United States, and a few in Europe — train models at the scale Article 51(1)(a) describes. For most European companies, the Article 52 notification obligation does not apply directly because they are not building models at that compute level.
The downstream effects are a different matter. If your company integrates a systemic-risk GPAI model into a product or service — as a deployer or as a provider of a downstream AI system — several things follow:
- The GPAI model provider's Article 55 obligations include providing the information your compliance program needs about the model's capabilities and limitations.
- Article 53(1)(e) requires all GPAI providers to inform downstream providers and deployers of what they need to know to meet their own obligations. For systemic-risk models, that information is more extensive.
- If you are a provider of a high-risk AI system under Article 6 that uses a systemic-risk GPAI model as a component, your Article 9 risk management system must account for that.
For most companies in Germany, Spain, France, or the Netherlands building products on top of foundation models — rather than training them — Article 52 is relevant as background knowledge, not a direct compliance task. Your compliance focus is on understanding which models your systems depend on, checking the Commission's published list, and ensuring your supplier agreements with GPAI providers are structured to give you what Article 53 requires.
How Confir helps
Confir's registration workflow asks, for each AI system you register, whether it uses or depends on a GPAI model. Where it does, Confir's rule-based classification engine flags that dependency and identifies the relevant GPAI article obligations — including whether the model appears, or may appear, on the Commission's systemic-risk list. This gives compliance, legal, and IT teams a documented record of GPAI dependencies across the system inventory, and surfaces the contractual information requirements that Article 53(1)(e) places on GPAI providers supplying those components.
A note on timing
GPAI obligations under Chapter V — including Article 52 — have applied since 2 August 2025. There is no transition period or grace period for GPAI notification. If a model crossed the Article 51(1)(a) threshold on or after 2 August 2025, the two-week notification obligation applied from that date.
The Digital Omnibus agreed in May 2026 deferred the high-risk obligations for Annex III stand-alone systems to 2 December 2027 and for Annex I product safety components to 2 August 2028. The GPAI provisions were not deferred by the Digital Omnibus. Chapter V obligations remain anchored to 2 August 2025.
Frequently Asked Questions
Does Article 52 apply only to EU-based AI developers?
No. Article 52 applies to any provider that places a GPAI model on the EU market or makes it available to EU users, regardless of where the provider is established. A provider established outside the EU must designate an authorised representative under Article 54 and that representative assists with regulatory contact, but the substantive notification obligation falls on the provider itself.
What is the difference between Article 52 notification and Article 53 documentation?
Article 52 is a one-time procedural trigger: when the compute threshold is met, notify the Commission. Article 53 is an ongoing set of obligations — technical documentation, downstream information, copyright policy, training-data summary — that apply to every GPAI provider continuously. Meeting the Article 52 notification obligation does not satisfy Article 53, and vice versa.
Can a provider withdraw its notification?
The regulation does not provide for withdrawal of a notification, but it does allow the provider to submit a rebuttal argument with the notification. If the Commission accepts the rebuttal, no systemic-risk designation follows. If the provider later believes the designation was in error, the reassessment route (available after six months) is the correct mechanism.
What are the penalties if a provider fails to notify under Article 52?
GPAI-specific penalties are set out in Article 101. The Commission may impose fines on GPAI providers of up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher, for failure to comply with obligations including the Article 52 notification duty. The Commission, not national authorities, enforces against GPAI providers directly.
Is the GPAI systemic-risk list publicly available?
Yes. Article 52 requires the Commission to maintain and publish the list of GPAI models with systemic risk. As of the GPAI rules' application date of 2 August 2025, the AI Office is responsible for maintaining this list. Publication details and the list itself are accessible via the AI Office's official channels; search for "GPAI systemic risk list" on the European Commission's AI policy pages.
Does my company need to do anything if we use a listed systemic-risk GPAI model?
Directly, no — you have no notification obligation under Article 52 as a downstream user. But you should check your contracts with the GPAI provider: Article 53(1)(e) requires GPAI providers to make available to downstream providers and deployers the information necessary to comply with their own EU AI Act obligations. If your product is a high-risk AI system that uses the GPAI model as a component, your risk management system under Article 9 must reflect that the GPAI component carries systemic-risk status.
Can a GPAI model lose its systemic-risk designation?
Yes, through the reassessment procedure under Article 52. A provider may request reassessment no earlier than six months after the designation decision, on the basis of new objective reasons. During any reassessment, Article 55 obligations continue to apply. If the Commission accepts the reassessment, it updates the published list accordingly.
Related guides
- EU AI Act compliance fundamentals
- SMB compliance guide for Article 52
- Article 52 compliance software comparison
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →