Foundation Model Compliance Under the EU AI Act: What Providers Must Do
GPAI providers face Art 53 duties from 2 Aug 2025. Systemic-risk (>10²⁵ FLOPs) adds Art 55. Open-source rules, Art 54 reps, and Art 101 fines explained.
"Foundation model" is not a separate legal category in Regulation (EU) 2024/1689. The Act calls them general-purpose AI (GPAI) models — models trained on large amounts of data, capable of serving a wide range of purposes, and made available to others. If you trained or fine-tuned a model and release it to downstream providers or deployers, you are a GPAI model provider under Chapter V of the Act. That status triggers obligations that have been in force since 2 August 2025.
This article explains what those obligations are, how systemic-risk models attract an additional layer, and what the open-source exception actually covers.
What is a GPAI model under the EU AI Act?
Article 3(63) defines a general-purpose AI model as an AI model trained with large amounts of data using self-supervision at scale, displaying significant generality, and capable of performing a wide range of distinct tasks. It can be integrated into a variety of downstream systems or applications. The term covers what the industry calls foundation models, large language models, and multi-modal base models — GPT-4, Llama 3, Mistral Large, Gemini 1.5, and comparable architectures.
A GPAI system (Article 3(66)) is a GPAI model that is deployed as a complete AI system in its own right. The obligations in Chapter V attach to the model, not just the system.
The distinction from high-risk AI matters here. GPAI is a cross-cutting category, not one of the four risk tiers. The high-risk classification under Article 6 applies to the downstream system based on its use — a chatbot built on a GPAI model is assessed by what the chatbot does, not by the model underneath it.
Chapter V in force: 2 August 2025
GPAI model obligations under Chapter V (Articles 51–56) applied from 2 August 2025. The Digital Omnibus agreement of May 2026, which deferred the high-risk Annex III deadlines to 2 December 2027, does not touch Chapter V. If your model was already on the market before 2 August 2025, you have until 2 August 2027 to comply.
Baseline obligations for all GPAI providers (Article 53)
Every GPAI model provider — regardless of model size — must satisfy four baseline obligations under Article 53.
Technical documentation (Annex XI). You must prepare and maintain documentation covering the model's general description, development process, training and fine-tuning methodology, training data (type, provenance, curation), testing and evaluation procedures, compute used, known limitations and risks, and mitigation measures. Annex XI sets out the content in detail.
Information for downstream providers (Annex XII). When you supply your model to another provider building a product or service on top of it, you must give them the information they need to meet their own obligations: a description of the model, its intended uses, limitations, and technical detail sufficient for the downstream provider to conduct their own risk management.
Copyright compliance — the TDM opt-out. Article 53(1)(c) requires you to honour the machine-readable opt-out that rightsholders can apply under Article 4(3) of Directive (EU) 2019/790. If a website or database has published a rights reservation, your training process must respect it. Document your policy and how it was implemented.
Training-data summary. Article 53(1)(d) requires a "sufficiently detailed summary about the training data used." The AI Office has published a template. The summary is publicly available and is distinct from the more detailed Annex XI documentation sent to regulators and downstream providers.
When does a GPAI model carry systemic risk?
Article 51 introduces a second tier: GPAI models with systemic risk. A model is presumed to carry systemic risk if the cumulative amount of compute used for training exceeds 10^25 floating point operations (FLOPs). That threshold currently captures a small number of frontier models — but it is the legal line, and it can be revised by Commission delegated act.
A model below the threshold can also be designated as carrying systemic risk by the Commission through the procedure in Article 52, based on qualitative criteria such as the number of users, the model's reach across sectors, or its potential for significant adverse impact. Providers can also notify the AI Office voluntarily.
Once classified, a model stays systemic-risk until the Commission determines otherwise.
Additional obligations for systemic-risk GPAI providers (Article 55)
Systemic-risk GPAI providers carry four obligations on top of those in Article 53.
Model evaluation and adversarial testing (Article 55(1)(a)–(b)). You must perform model evaluations in accordance with standardised protocols and carry out adversarial testing — red-teaming — to identify failure modes, including against third parties where necessary. The goal is to discover risks before the model reaches the market and after significant updates.
Incident reporting to the AI Office (Article 55(1)(c)). Serious incidents — those that cause or could cause significant damage — must be reported to the AI Office without undue delay. This is a direct-to-Commission reporting duty, separate from the Article 73 market-authority reporting that governs high-risk system providers.
Systemic risk mitigation (Article 55(1)(a)). Having identified risks through evaluation, you must take proportionate measures to address them: technical controls, usage policies, or deployment restrictions.
Cybersecurity (Article 55(1)(d)). You must ensure adequate cybersecurity protection for the model, its infrastructure, and physical security where relevant.
The open-source exception — and its limits
Article 53 carves out an exception for GPAI models released under a free and open-source licence that allows users to access, use, modify, and distribute the model's weights. For such models, the technical-documentation (Annex XI) and downstream-information (Annex XII) requirements do not apply.
The copyright-policy obligation (Article 53(1)(c)) and the training-data summary (Article 53(1)(d)) still apply to open-source models.
Critically, the open-source exception disappears entirely if the model carries systemic risk. An open-weight model that exceeds the 10^25 FLOP threshold — or is designated systemic-risk by the Commission — must comply with the full Article 53 and Article 55 stacks.
This is the most important line to hold when advising open-source model developers: the licence buys relief from documentation and information-sharing duties for non-systemic models, not from the transparency and copyright obligations, and it buys nothing at the frontier.
Non-EU providers: authorised representatives (Article 54)
If you are established outside the EU but place a GPAI model on the EU market or have it integrated into EU systems, you must appoint an authorised representative in the EU before your model enters the market. The representative handles communications with the AI Office and national authorities. Article 54 sets out the mandate requirements. This mirrors the authorised-representative mechanism for high-risk AI providers under Article 22.
Codes of practice (Article 56)
The AI Office is coordinating the development of codes of practice for GPAI providers — multi-stakeholder instruments that translate Chapter V obligations into operational guidance. Compliance with a code of practice creates a presumption of conformity. The first codes of practice were in drafting as of mid-2026. Providers should track the AI Office's work and consider participating in the drafting process; the codes will significantly shape how Annex XI and the adversarial-testing requirements are interpreted in practice.
Penalties for GPAI providers (Article 101)
Enforcement of GPAI obligations is handled at EU level. The Commission — not a member-state authority — may impose fines on GPAI providers under Article 101. The maximum is €15,000,000 or 3% of total worldwide annual turnover, whichever is higher. This sits parallel to the Article 99 penalty regime that applies to high-risk AI providers; both can in principle apply to the same provider for different breaches.
The Article 99(6) proportionality cap for SMEs (where the fine is the lower of the percentage or the fixed sum) does not appear in Article 101, which is addressed primarily at large-scale model providers. That said, the Commission must have regard to proportionality in exercising its discretion.
How GPAI obligations interact with downstream high-risk classification
GPAI obligations run alongside — not instead of — the high-risk framework. If a downstream provider builds a recruitment-screening tool on your GPAI model, that downstream provider is the Article 16 provider of the high-risk AI system and carries the Articles 9, 11, 13, 14, 43 stack. Your Annex XI documentation and Annex XII information duties remain yours; you equip the downstream provider, but do not absorb their obligations.
Article 25 governs role-shifting: a company that takes a GPAI model and builds a product under its own name becomes the provider of that product. The model provider's obligations stay with the model; the product provider's obligations attach to the product.
Where your model is used directly as a GPAI system — a general-purpose API accessed by organisations — the Article 50 limited-risk transparency obligations also apply from 2 August 2026.
Practical steps for a GPAI model provider
1. Confirm your GPAI status. Does your model meet the Article 3(63) definition — large-scale training, general capability, available to others? If yes, Chapter V applies from 2 August 2025.
2. Determine systemic-risk status. Calculate or estimate training compute. Above 10²⁵ FLOPs triggers the presumption and notification to the AI Office under Article 52.
3. Prepare Annex XI technical documentation. Start with training data, compute, and known limitations — these require the most internal coordination. Update with each significant model change.
4. Draft an Annex XII downstream-information pack. Identify your downstream providers and what they need to manage their own compliance. Make it part of API or licensing onboarding.
5. Document your copyright policy. Log TDM opt-outs encountered during training and how they were handled. For new models, build opt-out detection into the data pipeline before training begins.
6. Prepare a training-data summary. Use the AI Office template. Update when training data composition changes significantly.
7. For systemic-risk models, build the Article 55 programme. Run model evaluations before deployment and after major updates; stand up incident reporting to the AI Office; review cybersecurity controls.
8. Appoint an EU authorised representative if you are non-EU established. Do this before placing the model on the EU market.
How Confir helps
Confir's compliance register records GPAI model dependencies — so when your organisation builds on or integrates a GPAI model, the upstream relationship is documented alongside your own obligations. For organisations in the downstream position, Confir maps your role (Article 25 provider or Article 26 deployer), flags the Annex XII information you should be receiving from your model supplier, and generates the technical documentation required for your own system under Article 11 / Annex IV. The classification and scoping logic is deterministic and rule-based: same answers, same output, auditable at every step.
Frequently asked questions
Is "foundation model" a defined term in the EU AI Act?
No. The Act uses "general-purpose AI model" (Article 3(63)). "Foundation model" is an industry term that pre-dates the Regulation. For compliance purposes, map your model to the GPAI definition — if it fits, Chapter V applies.
Our model is below 10^25 FLOPs. Are we entirely outside Article 55?
Article 55 does not apply unless your model is classified as systemic-risk, and below 10^25 FLOPs there is no automatic presumption. You could still be designated systemic-risk by the Commission on qualitative grounds under Article 52, so monitor the AI Office's published register and any Commission decisions. Article 53 baseline obligations still apply.
We release weights under an Apache 2.0 licence. What obligations remain?
The Annex XI technical-documentation and Annex XII downstream-information requirements are waived. The Article 53(1)(c) copyright-compliance policy and the Article 53(1)(d) training-data summary still apply. If your model is subsequently classified as systemic-risk, all waivers fall away.
We are a US company offering a GPAI API to EU customers. What triggers?
If your model's output is used in the EU, Chapter V applies to you. You must appoint an EU authorised representative under Article 54 before the model is placed on the EU market, and comply with Article 53 from 2 August 2025 (or by 2 August 2027 if your model was on the market before that date).
What is the fine for a GPAI provider who fails to comply?
The Commission can fine up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher, under Article 101. This is separate from the Article 99 penalties applicable to high-risk system providers — both can apply to the same organisation for different breaches.
Does the Digital Omnibus affect GPAI deadlines?
No. The Digital Omnibus (political agreement May 2026) deferred the high-risk Annex III deadlines from August 2026 to 2 December 2027 (stand-alone systems) and 2 August 2028 (Annex I product-embedded systems). Chapter V GPAI obligations were not touched. They have applied since 2 August 2025.
Related guides
- GPAI compliance overview
- Article 53 obligations for GPAI providers
- GPAI systemic risk under Article 51
- Article 6 risk classification tool
- Article 43 conformity assessment
- Article 3 key definitions
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →