EU AI Act Open-Source Exemptions: Where They Stop

The EU AI Act does give open-source releases real breathing room — but the exemption has hard edges that catch developers and companies off guard. This page maps those edges precisely. For a general introduction to how the Act treats open-source models, see Open-source models and the EU AI Act. The question here is more specific: can you actually rely on the exemption for what you intend to do? In many cases, the answer is no.

---

What the Exemption Actually Gives You

Two separate provisions extend relief to open-source releases, and they work differently.

For AI systems — Article 2(12): An AI system released under a free and open-source licence is out of scope for most of the Regulation, provided it is not placed on the market or put into service as a high-risk system (as defined in Article 6 and Annex III) and does not qualify as a prohibited system under Article 5. The practical effect is that a general-purpose open-source model distributed for developers to use as they choose sits largely outside the Act's reach. The provider of that raw model does not, by default, have to produce Article 11 technical documentation, run a conformity assessment under Article 43, or register the system under Article 49.

For GPAI models — Article 53(2): General-purpose AI model providers who release under a free and open-source licence are relieved of two specific obligations: the Annex XI technical documentation requirement (which covers training methodology, parameters, architecture, and training data) and the Annex XII transparency information that GPAI providers must pass downstream to companies building on their models. This is the open-source GPAI carve-out — narrowly scoped to those two duties from Article 53.

Those are genuine concessions. They are not a clean exit from the Act.

---

Six Things the Exemption Does Not Cover

1. Article 5 prohibited practices — always banned

No licence type removes the Article 5 prohibitions. Biometric categorisation based on sensitive characteristics, manipulation of vulnerable groups, social scoring by public authorities, real-time remote biometric identification in public spaces, predictive policing based solely on profiling, untargeted facial scraping, and emotion recognition in workplaces and educational institutions — these are banned outright since 2 February 2025. Building any of these into an open-source release creates liability regardless of the licence. The ceiling: €35 million or 7% of total worldwide annual turnover, whichever is higher (Article 99(3)).

A licence does not protect you from consequences of a prohibited use if you placed the model on the market knowing its foreseeable application.

2. High-risk deployment obligations under Annex III and Annex I

The Article 2(12) exemption disappears the moment an open-source system is put into service for an Annex III purpose. Annex III covers eight high-risk areas: biometric identification systems; AI in critical infrastructure; education and vocational training; employment and worker management (recruitment, screening, promotion, task allocation, monitoring); access to essential services (creditworthiness, health and life insurance pricing, emergency services, public benefits); law enforcement; migration, asylum and border control; and the administration of justice and democratic processes.

Deploy an open-source model for any of those purposes — HR screening, credit scoring, border-document verification — and you are the provider of a high-risk AI system. The full obligation stack applies: risk management (Article 9), data governance (Article 10), technical documentation under Annex IV (Article 11), record-keeping (Article 12), transparency to deployers (Article 13), human oversight (Article 14), accuracy and cybersecurity (Article 15), and a conformity assessment under Article 43. You must also register the system under Article 49.

The same applies to Annex I: open-source AI embedded as a safety component in a product governed by EU product-safety legislation inherits the high-risk route via Article 6(1), with an integrated conformity assessment and an application date of 2 August 2028.

Non-compliance: €15 million or 3% of total worldwide annual turnover (Article 99(4)). Deadline for stand-alone Annex III systems: 2 December 2027 under the Digital Omnibus agreed in May 2026.

3. Article 50 transparency obligations for chatbots and deepfakes

Article 50 applies from 2 August 2026, open-source or not. Deploy a chatbot using an open-source LLM that can interact with natural persons in real time and users must be informed they are talking to an AI (Article 50(1)). Generate synthetic audio, video, or text intended to represent real persons and deepfake disclosure applies (Article 50(4)). Use emotion-recognition or biometric-categorisation technology and the assessed person must be informed (Article 50(3)). Breach: up to €15 million or 3% of worldwide annual turnover (Article 99(4)).

4. Systemic-risk GPAI — the Article 53(2) carve-out evaporates

Article 53(2)'s relief for open-source GPAI providers has an explicit carve-out: it does not apply to models presenting systemic risk. Under Article 51, a GPAI model is presumed to present systemic risk if it was trained using compute exceeding 10²⁵ floating-point operations. The AI Office may also designate lower-compute models based on capability assessments.

For open-source releases that meet or approach that threshold, Article 55 duties apply in full: model evaluation (including adversarial testing), risk mitigation measures, incident reporting to the AI Office, and cybersecurity safeguards. The copyright policy and training-data summary from Article 53(1)(c) and (d) also survive — see below. There is no open-source exception to systemic-risk obligations. Several frontier open-source releases are already in this territory, and the AI Office has discretion to extend it further.

5. Copyright policy and training-data summary — always apply to GPAI providers

Article 53(2) carves out Annex XI and Annex XII from the GPAI provider's duties for open-source models. What it does not carve out is Article 53(1)(c) and (d): the requirement to maintain a copyright compliance policy (covering text-and-data mining under EU law) and the obligation to publish a sufficiently detailed summary of the training data used.

These two duties apply to every GPAI provider regardless of licence type. If you release a GPAI model open-source, you still need a documented copyright policy and a public training-data summary. The AI Office's codes of practice are developing the expected level of detail, but the legal obligation exists today — GPAI Chapter V has applied since 2 August 2025.

6. Downstream deployers who fine-tune or rebrand become providers

Article 25 governs responsibility shifts. A deployer or distributor who fine-tunes an open-source model and releases it under their own name, substantially modifies it, or changes its intended purpose, becomes the provider of the resulting system — with the full Article 9–15 obligation stack and the Article 43 conformity assessment for high-risk use cases.

A company that takes Llama, fine-tunes it on medical records, and offers it as a clinical decision-support tool is the provider of a high-risk AI system. The underlying model's open-source licence is irrelevant to that classification.

---

The Licence Definition Is Contested

The Act does not define "free and open-source licence" anywhere in Regulation (EU) 2024/1689. The AI Office has not yet published binding guidance on which licences qualify. This matters because several prominent licences used for foundation models contain field-of-use restrictions, commercial-use limits, or "responsible AI" clauses that restrict how the model may be deployed.

A licence that prohibits certain commercial uses, requires attribution in a way that constrains rebranding, or conditions use on compliance with external norms may not satisfy the plain meaning of "free and open-source" — a term that, in the software tradition, requires freedom to use, study, modify, and distribute for any purpose. Models released under the Llama 3 community licence (which restricts use by companies above a certain user count) and some variants of the Creative Commons non-commercial licences are examples where the qualification is genuinely uncertain.

If you are relying on the Article 2(12) or Article 53(2) exemption, the first step is to verify that the licence your model uses would actually qualify. If it has use restrictions, the safer position is to treat the exemption as unavailable and assess your obligations as if you were a standard provider.

---

Decision Checklist: Can I Rely on the Open-Source Exemption?

Work through these in order. A single "no" in the first three questions removes the exemption entirely.

1. Does the system do anything listed in Article 5? If yes, the prohibition applies regardless of licence. Stop and assess whether the system can be released at all.

2. Is the system being put into service for an Annex III purpose? If yes, the Article 2(12) exemption does not apply. You are a provider of a high-risk AI system and the Articles 9–15/43/49 stack applies.

3. Is the system a safety component of an Annex I product? If yes, same conclusion as above, with the 2 August 2028 deadline.

4. Does the system interact with natural persons (chatbot) or generate synthetic media? If yes, Article 50 transparency obligations apply from 2 August 2026. Confirm disclosure mechanisms are in place.

5. Is the model a GPAI model trained with more than 10²⁵ FLOPs, or has the AI Office designated it as systemic-risk? If yes, Article 53(2) relief does not apply; Article 55 duties apply in full.

6. Even if not systemic-risk: are you a GPAI provider? If yes, Article 53(1)(c) and (d) — copyright policy and training-data summary — apply regardless.

7. Are you fine-tuning, rebranding, or changing the intended purpose of someone else's open-source model? If yes, Article 25 may make you the provider of the resulting system. Assess as a provider from that point.

8. Does the licence you are relying on contain field-of-use or commercial restrictions? If yes, it may not qualify as "free and open-source" for the purposes of the Act. Obtain legal advice before treating the exemption as available.

If you reach this point with all answers pointing to reliance on the exemption, the remaining obligation is to ensure your intended use genuinely stays within the exemption's scope as your system evolves — fine-tuning for a new use case, or a commercial deployment at scale, can shift your position quickly.

---

How Confir Helps

Determining where the open-source exemption ends is exactly the kind of scoping question Confir's classification engine handles. The intake asks about the model's licence, the intended use case, the Annex III and Annex I categories it may touch, and how the system is being put into service — then applies the Act's classification rules deterministically to identify which obligations attach. If the exemption holds, the tool shows a minimal obligation set. If it stops applying — because of an Annex III use, a systemic-risk GPAI designation, or an Article 25 role shift — the full obligation stack surfaces immediately.

The engine is rule-based and reproducible: same inputs, same output, every time. That predictability matters when you are deciding whether to release a model, add a deployment use case, or fine-tune for a new application.

---

Frequently Asked Questions

Does releasing a model under an open-source licence automatically exempt it from the EU AI Act?

No. The exemption under Article 2(12) only applies to AI systems not put into service as high-risk systems under Annex III or Annex I, and not used for Article 5 prohibited purposes. The moment you deploy the model for an Annex III use — employment screening, credit assessment, or any other listed purpose — the high-risk obligation stack applies in full. The licence affects your obligations as the original model distributor; it does not exempt the system once someone deploys it for a high-risk purpose, and it does not exempt you if you are the one making that deployment.

I'm building a product on top of an open-source LLM. Am I the provider or the deployer?

You are the provider of the product you are building and shipping under your name (Article 25). The GPAI model obligations — Annex XI tech docs, Annex XII downstream information — stay with the foundation model's vendor, and the open-source carve-out under Article 53(2) may reduce what that vendor owes. But your product is classified by what it does. If your product performs an Annex III function, you carry the high-risk provider obligations regardless of the underlying model's licence.

Does the open-source exemption apply to systemic-risk GPAI models?

No. Article 53(2) explicitly states that the relief from Annex XI and Annex XII duties does not extend to GPAI models presenting systemic risk. Models trained above the 10²⁵ FLOP threshold are presumed systemic-risk under Article 51. Those models must comply with Article 55: adversarial testing, risk mitigation, incident reporting to the AI Office, and cybersecurity measures — regardless of whether they are released open-source.

What transparency obligations still apply to an open-source chatbot?

Article 50 transparency obligations apply from 2 August 2026 and are not conditional on the model's licence. If you deploy a chatbot capable of real-time interaction with natural persons, you must inform users they are talking to an AI (Article 50(1)). If the system generates deepfakes or synthetic representations of real people, disclosure is required (Article 50(4)). The Article 50 obligations are independent of whether the system is high-risk, and the open-source status of the underlying model does not change that.

We fine-tuned an open-source model for internal HR use. Do we have provider obligations?

It depends on whether you are placing the resulting system on the market or putting it into service under your own name or trademark, substantially modifying it, or deploying it for a purpose different from the original. If you have fine-tuned and deployed the model for employee recruitment or screening decisions — an Annex III point 4 use case — and done so under your organisation's authority, you are the provider of a high-risk AI system under Article 25. The full Article 9–15, 43, and 49 obligation stack applies from 2 December 2027.

Which open-source licences actually qualify for the exemption?

The Act does not define "free and open-source licence" and the AI Office has not yet published binding criteria. The traditional definition requires freedom to use, modify, and distribute for any purpose without restriction. Licences that restrict commercial use, cap user counts, or condition use on compliance with external norms may not qualify. If you are relying on the exemption, have the licence assessed before assuming it applies.

---

Related guides

• Open-source models and the EU AI Act
• GPAI model obligations under Article 53
• Article 5: prohibited AI practices
• High-risk AI systems: Annex III explained
• Article 25: responsibilities along the value chain
• Article 50: transparency for limited-risk AI
• Article 6 high-risk AI classification
• Deployer obligations under Article 26