GPAI vs deployer obligations — EU AI Act Chapter V

What counts as a GPAI model

Article 3(63) defines a general-purpose AI model as an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications. AI models that are used for research, development or prototyping activities before they are placed on the market are excluded.

Chapter V applies to models, not to AI systems. A GPAI model becomes a GPAI system when it is integrated into a downstream system or application; at that point Articles 6, 25 to 27 and the rest of the system regime apply.

Application date

Under Article 113(b), the Chapter V obligations apply from 2 August 2025— ahead of the August 2026 default application date for the rest of the Regulation. Models already on the market before 2 August 2025 benefit from a transitional period under Article 111(3).

Article 53 — baseline obligations for every GPAI provider

• Draw up and keep up to date the technical documentation of the model, including its training and testing process and the results of its evaluation, containing at minimum the information set out in Annex XI.
• Draw up, keep up to date and make available the information and documentation needed by downstream AI-system providers to integrate the model and comply with their own obligations, containing at minimum the information set out in Annex XII.
• Put in place a policy to comply with Union law on copyright and related rights, in particular to identify and comply with reservations of rights under Article 4(3) of Directive (EU) 2019/790.
• Make publicly available a sufficiently detailed summary of the content used for training of the GPAI model, according to a template provided by the AI Office.

Providers of GPAI models released under a free and open-source licence that does not allow monetisation are exempt from the technical-documentation and downstream-integration documentation obligations (Article 53(2)), provided certain weights and architecture information is made publicly available and the model is not a GPAI model with systemic risk.

Article 51 — the systemic-risk classification

Under Article 51(1), a GPAI model is classified as having systemic risk if it has high-impact capabilities (those that match or exceed the capabilities recorded in the most advanced general-purpose AI models). Article 51(2) creates a rebuttable presumption that a model has high-impact capabilities when the cumulative amount of compute used for its training, measured in floating-point operations, is greater than 10²⁵ FLOP. The Commission may also designate a model as systemic-risk under Article 51(1)(b) based on equivalent capabilities or impact.

Providers of GPAI models presumed to meet the systemic-risk threshold must notify the Commission without delay under Article 52(1). The notification may include a reasoned argument to rebut the presumption.

Article 55 — add-on obligations for systemic-risk GPAI

• Perform model evaluation in accordance with standardised protocols and tools reflecting the state of the art, including conducting and documenting adversarial testing.
• Assess and mitigate possible systemic risks at Union level, including their sources, that may stem from development, market placement or use.
• Keep track of, document and report to the AI Office and, as appropriate, to national competent authorities, relevant information about serious incidents and possible corrective measures, without undue delay.
• Ensure an adequate level of cybersecurity protection for the model and the physical infrastructure of the model.

Where deployer duties begin

A pure GPAI-model provider faces Chapter V duties. A downstream entity that integrates a GPAI model into its own product or workflow can wear several hats:

• System deployer under Article 26. Using a GPAI-based AI system in the course of professional activity makes the entity a deployer; Article 26 duties (assigning human oversight, monitoring operation against the instructions for use, log-keeping, informing affected workers and persons) apply if the system is high-risk under Article 6.
• Provider under Article 25. A deployer becomes a provider if it (a) puts its name or trademark on a high-risk AI system already placed on the market; (b) makes a substantial modification to a high-risk AI system such that it remains high-risk; or (c) modifies the intended purpose of an AI system, including a general-purpose AI system, in such a way that the resulting system becomes high-risk under Article 6. In case (c) the downstream entity inherits the full provider regime — including conformity assessment under Article 43 and the Annex IV technical documentation.

Practical example for HR-tech: a company fine-tunes a GPAI model so it can score CVs against a job description. The original GPAI provider remains subject to Chapter V; the HR-tech company becomes the provider of the resulting high-risk recruitment AI system under Article 25(1)(c) and Annex III point 4(a), and must run the Annex VI conformity assessment itself.

GPAI Code of Practice

Article 56 directs the AI Office to facilitate the drawing up of a Code of Practice. The first iteration of the General-Purpose AI Code of Practice covers transparency, copyright, and safety and security for systemic-risk providers, and is the principal voluntary route to demonstrate compliance with Articles 53 to 55 pending harmonised standards. Adherence is voluntary but signals good faith to the AI Office.

Penalty exposure

Non-compliance with the GPAI-provider regime is sanctioned under Article 101: the Commission may impose fines on providers of GPAI models of up to 3 % of their annual total worldwide turnover in the preceding financial year or EUR 15 000 000, whichever is higher, on the basis of supervisory action by the AI Office.

Deployer checklist when using a GPAI model

• Vendor confirms whether the model is classified as systemic-risk under Article 51.
• Vendor provides the Annex XII downstream-integration documentation.
• Internal decision-record: is the resulting AI system high-risk under Article 6 / Annex III?
• Article 25 trigger test: does fine-tuning or purpose change reclassify us as provider?
• Article 4 AI literacy coverage extends to staff using the GPAI system.
• Article 50 transparency obligations checked separately (chatbot notice, deep-fake disclosure, AI-generated text marking).

Common misconceptions

• “Chapter V is a deployer regime.” No — Chapter V targets GPAI-model providers. Deployers face the system regime (Articles 26, 27 and 50) and the Article 25 trigger rules.
• “Below 10²⁵ FLOP we have no Chapter V duties.” False if you are the model provider — Article 53 still applies. The 10²⁵ FLOP rebuttable presumption only governs whether you also fall under Article 55.
• “Open-source GPAI is fully exempt.” Article 53(2) exempts open-source GPAI from some documentation duties but not from the copyright-policy and training-content summary obligations, and not from Article 55 if the model has systemic risk.
• “Fine-tuning is not a substantial modification.” A fine-tune that changes intended purpose or behaviour beyond what the provider pre-declared in Annex IV point 2(f) is presumptively a substantial modification under Article 43(4) and may trigger Article 25 reclassification.

Related EU guides

• EU AI Act conformity assessment
• Annex IV technical documentation
• AI literacy obligation — Article 4
• Prohibited AI practices — Article 5
• NIS2 incident reporting timeline

Sources

• Regulation (EU) 2024/1689, Articles 3(63), 25, 26, 27, 50, 51, 52, 53, 54, 55, 56, 101, 111(3), 113(b); Annex XI; Annex XII — EUR-Lex: eur-lex.europa.eu/eli/reg/2024/1689/oj
• European Commission — General-Purpose AI Code of Practice: digital-strategy.ec.europa.eu/en/policies/contents-code-gpai
• European Commission — General-Purpose AI Models Q&A: digital-strategy.ec.europa.eu/en/faqs/general-purpose-ai-models-ai-act-questions-answers