GPAI Compliance Under the EU AI Act: What You Actually Have to Do

Chapter V of Regulation (EU) 2024/1689 — the GPAI framework — has been in force since 2 August 2025. This is not a forward-looking obligation. It is live. If your organisation trained a general-purpose AI model, or if you built a product on top of one, this guide explains which rules apply to you and which do not.

The GPAI chapter answers one of the most misunderstood questions in EU AI Act compliance: am I the GPAI provider, or am I the company building something on top of one? The answer determines almost everything. Get it wrong and you either over-engineer obligations that are not yours, or miss the ones that are.

What GPAI Means — and What It Is Not

A general-purpose AI model is defined in Regulation (EU) 2024/1689 as an AI model trained on large amounts of data at significant computational scale, displaying significant generality, and capable of performing a wide range of distinct tasks. The defining quality is breadth: the model was not built for one job.

GPAI is a separate, cross-cutting regulatory category — not a fifth risk tier alongside unacceptable, high, limited, and minimal risk. Do not let anyone tell you that a GPAI model is automatically high-risk. The GPAI chapter (Articles 51–56) regulates the model itself. The risk-tier framework (Articles 5 and 6) regulates what the model is used to do downstream.

A language model sitting on a server is not classified under the risk tiers. The customer-service chatbot you build with it might be limited-risk under Article 50. The credit-decisioning tool you build with it is high-risk under Article 6 and Annex III point 5(b). Those are classifications of the downstream system, not of the model.

Two Audiences, Two Very Different Situations

The GPAI chapter speaks to two groups of people, and the obligations fall almost entirely on one of them.

If you trained and released the model, you are a GPAI model provider under Article 3(3). The full Article 53 baseline applies to you, and if your training compute crossed 10²⁵ floating-point operations, the Article 55 systemic-risk layer applies on top.

If you built a product using a third-party GPAI model's API or weights, you are a downstream provider or deployer. You are not subject to Articles 51–55. Your obligation is to classify the system you built by what it does — under Articles 5, 6, and 50 — and to use the documentation the GPAI provider gives you to inform your own compliance.

The dividing line is real but has one important trap, covered below.

---

Part 1: If You Are a GPAI Model Provider

You develop and release a foundation model — whether through an API, a commercial licence, or open weights. Here is what the law requires.

Article 53: The Baseline Obligations for All GPAI Providers

Every GPAI model provider, regardless of model size, must do four things.

Maintain Annex XI technical documentation. This is not the same as the Annex IV documentation required for high-risk AI systems. Annex XI covers the model's general description, intended use cases and known limitations, training data sources and methodology, training compute in FLOPs, model architecture and parameters, training and evaluation methodology, and known risks. The AI Office can request this documentation at any time.

Provide Annex XII information to downstream providers. Anyone building on your model needs enough information to comply with their own EU AI Act obligations. Annex XII sets the floor: intended use cases, restrictions on use, known biases and limitations, and material needed for downstream providers to implement Article 9 risk management and Article 13 transparency disclosures. The model cards, usage policies, and system cards that reputable GPAI providers already publish are the practical form of this duty — the difference is that the Act makes them mandatory.

Implement and document a copyright compliance policy. This means having a documented approach to copyright obligations in training data, including honouring opt-outs from rights holders under Article 4 of Directive 2019/790 (the Text and Data Mining exception). Vague procedural statements will not be enough; you need evidence of the steps taken.

Publish a sufficiently detailed training data summary. "Trained on internet data" does not satisfy Article 53. The summary must cover data types, sources, and processing methodology in enough detail to allow meaningful understanding of what shaped the model's capabilities and potential biases.

Article 51: The Systemic-Risk Threshold

A GPAI model is presumed to have systemic risk if cumulative training compute exceeds 10²⁵ FLOPs. The European Commission may also designate specific models on qualitative grounds — model capabilities, user reach, downstream dependency — regardless of compute figures.

The 10²⁵ threshold matters because it determines whether Article 55 applies. Most companies training AI models are nowhere near it. If you are, you almost certainly know.

Article 52: The Notification Procedure

When a GPAI provider has reason to believe that the training compute for a new model will exceed 10²⁵ FLOPs, Article 52 requires notification to the AI Office before the model is placed on the market. The Commission may then require a conformity assessment or impose conditions. This is the procedural gate before systemic-risk models go live.

Article 55: Systemic-Risk Provider Obligations

If your model crosses the threshold — or is designated by the Commission — the following apply on top of the Article 53 baseline.

Model evaluation. Conduct adversarial testing (red-teaming) and other evaluations before release and after significant updates, documented against standardised protocols. The AI Office may run its own evaluations; providers must cooperate.

Systemic risk assessment. Document the risks — probability of harm, severity, breadth, reversibility, critical-infrastructure dependencies — and update the assessment when the model materially changes.

Risk mitigation measures. Implement technical safeguards, usage restrictions, and red-line policies proportionate to identified risks.

Incident reporting. Serious incidents are reported directly to the AI Office — not to national market surveillance authorities (that route is for high-risk AI providers under Article 73). A serious incident includes cases where the model contributed to significant harm or where an incident reveals an unexpected systemic risk.

Cybersecurity protections. Protect model weights, training infrastructure, and deployment APIs against adversarial manipulation and model extraction.

Article 54: Authorised Representatives

GPAI providers established outside the EU that make models available in the EU must designate an authorised representative in the EU — the GPAI-specific counterpart to Article 22 for high-risk providers. The representative is the contact point for the AI Office.

Article 56: The Code of Practice

Article 56 provides for Codes of Practice developed under AI Office facilitation, with input from providers, researchers, civil society, and downstream stakeholders. Compliance with an applicable Code creates a presumption of compliance with the corresponding GPAI obligations. The AI Office has been running the development process since 2025, and providers should track the drafts and engage in consultation.

If you choose not to follow a Code, you must demonstrate compliance with the underlying obligations through other means acceptable to the AI Office.

Article 101: Fines on GPAI Providers

GPAI-specific enforcement is by the European Commission, not national authorities. Under Article 101, the Commission may impose fines on GPAI providers of up to €15 million or 3% of total worldwide annual turnover, whichever is higher, for breaches of Articles 53 and 55. This is a separate penalty track from Article 99, which applies to high-risk system obligations.

Open-Source GPAI: Reduced but Not Zero Obligations

Open-source GPAI models — where weights are publicly released under a sufficiently open licence — benefit from reduced obligations. Article 53(2) exempts qualifying open-weight releases from the Annex XI technical-documentation and Annex XII downstream-information requirements. The copyright compliance policy (Article 53(1)(c)) and the training-data summary (Article 53(1)(d)) still apply to every GPAI provider regardless of licence type. The exemption disappears entirely if the model carries systemic risk: if training compute exceeds 10²⁵ FLOPs, the full Article 53 and Article 55 stacks apply.

Timing: When GPAI Obligations Apply

Chapter V has applied since 2 August 2025. GPAI models already on the market before that date have until 2 August 2027 to comply. The Digital Omnibus agreement of May 2026, which deferred the Annex III high-risk deadline to 2 December 2027, does not touch Chapter V. The GPAI timetable is unchanged.

---

Part 2: If You Are a Downstream Provider or Deployer

Most companies reading this guide are not GPAI model providers. They build products and services using foundation model APIs or open weights supplied by someone else. For this group, the key insight is that Articles 51–55 are not your direct concern — but what you build very much is.

You Classify the System You Build, Not the Model

Classify the AI system you develop and deploy by its intended use, running Articles 5 and 6 in sequence.

First: does the system do something prohibited under Article 5? Subliminal manipulation, real-time remote biometric identification in public spaces for law enforcement, social scoring by public authorities, emotion recognition in workplace or education settings — if yes, it cannot be deployed regardless of the model underneath.

Second: does the system fall into an Annex III category? Recruitment and screening (point 4(a)), creditworthiness assessment (point 5(b)), employment allocation and monitoring (point 4), educational admission (point 3) — these trigger the full high-risk stack: Articles 9–15, 17, 43, 47, 48, 49, 72, and 73. Deadline for stand-alone Annex III systems: 2 December 2027 under the Digital Omnibus.

Third: is the system customer-facing in a way that triggers Article 50 transparency requirements? If your product interacts with natural persons who might not know they are talking to an AI, Article 50(1) applies from 2 August 2026.

Running a high-risk application on top of a GPAI model does not reduce your obligations. It does not transfer them to the GPAI provider either.

Using the Annex XII Documentation Package

The GPAI provider's Annex XII information is the input to your own Article 9 risk management exercise — not a substitute for it. A company building a high-risk AI application on a GPAI model API should: obtain and retain the current Annex XII package from the model provider; feed it into your Article 9 risk management system as a documented input; run your own conformity assessment for the downstream system (Annex VI internal self-assessment for most Annex III uses; Annex VII notified-body route for biometric systems under point 1); and generate your own Annex IV technical documentation. You cannot cite the GPAI provider's Annex XI as your technical file.

Assuming the GPAI provider's compliance covers your application is the most common and most consequential mistake in this space.

The Article 25 Trap: When You Become the GPAI Provider

Article 25 governs role shifts. A distributor, importer, or deployer becomes the provider — with the full provider obligation stack — if they put their name or trademark on an AI system, substantially modify it, or change its intended purpose.

The same applies to GPAI. If you rebrand a GPAI model as your own or substantially modify it (fine-tuning that changes the model's general capabilities), you may become the GPAI model provider. At that point, the Article 53 baseline — and if compute crosses 10²⁵ FLOPs, Article 55 — shifts to you. Fine-tuning that produces a narrowly specialised system likely does not create a new GPAI model; instruction-tuning at scale that produces a broadly capable general-purpose model is more likely to trigger GPAI provider status. If the question is live for your organisation, assess it before release.

---

How Confir Helps

Confir records GPAI model dependencies as part of its AI system intake — which GPAI models the system relies on, which Annex XII information has been obtained, and whether any fine-tuning or modification creates an Art 25 role-shift question.

For downstream providers, Confir's rule-based classification engine applies Articles 5 and 6 against the system you build, not the model you use, producing a deterministic finding on risk tier and role. The same intake → same output, every time, with the rule that fired shown explicitly. For companies operating both a GPAI model and downstream systems built on it, compliance tracks are managed separately.

Confir is on the roadmap to extend GPAI workflow coverage to Article 53/55 in full. The current release records GPAI dependencies and classifies downstream systems.

---

Related guides

• Article 51: Systemic-risk classification for GPAI models
• Article 52: Procedure and notification for systemic-risk GPAI
• Article 53: Baseline obligations for all GPAI providers
• GPAI systemic risk: what the 10²⁵ FLOP threshold means
• Foundation model compliance: the downstream provider's path

---

Frequently Asked Questions

Does the GPAI chapter apply to us if we only use a model API?

No. Using a model through an API makes you a downstream provider or deployer of your own AI system, not a GPAI model provider. Articles 51–55 apply to the entity that trained and released the model. Your obligation is to classify the system you build by its use — potentially high-risk under Article 6 or limited-risk under Article 50 — and to obtain the Annex XII documentation package from the model provider to inform your own risk management.

GPAI compliance was supposed to start in August 2025 — what about the Digital Omnibus delay?

The Digital Omnibus agreement of May 2026 deferred the Annex III high-risk deadline for stand-alone systems to 2 December 2027. It did not affect Chapter V. GPAI model obligations applied from 2 August 2025, and models already on the market before that date must comply by 2 August 2027. Those dates are unaffected.

How does the 10²⁵ FLOP threshold work if we fine-tuned someone else's model?

If your fine-tuning was minor and the base model is broadly capable, the relevant compute figure may be the base model's cumulative training compute — meaning the threshold could already be crossed even if your own compute contribution was small. If the fine-tune was substantial enough to produce a new general-purpose model, the combined compute likely counts. This requires a careful technical assessment; the AI Office's guidance on compute measurement is the starting point.

What are the penalties for GPAI non-compliance?

Fines on GPAI model providers are imposed by the European Commission under Article 101 — not by national authorities and not under Article 99. The ceiling is €15 million or 3% of total worldwide annual turnover, whichever is higher. For an organisation that is both a GPAI provider and a provider of high-risk downstream systems, both Article 101 and Article 99 can apply simultaneously to separate violations.

Does following the Code of Practice (Article 56) replace compliance with Articles 53 and 55?

No. The Code of Practice creates a presumption of compliance — it operationalises the regulatory requirements. Compliance with the Code is the expected practical route, but it does not replace the underlying legal obligations. If the Code is not yet finalised or you choose an alternative approach, you must still satisfy Articles 53 and 55 directly and demonstrate this to the AI Office.

Can a GPAI model itself be classified as high-risk under Article 6?

No. The risk-tier classification under Articles 5 and 6 applies to AI systems built for specific purposes — it does not apply to GPAI models at the model level. A GPAI model may be integrated into a downstream AI system that is high-risk, but the high-risk classification attaches to that downstream system and the obligations fall on whoever develops and deploys it, not on the GPAI model provider qua model provider.

---

Last reviewed: 1 June 2026.