Quick answer

General-purpose AI (GPAI) models are AI models trained on broad data that can perform a wide range of tasks. Under the EU AI Act (Regulation 2024/1689), GPAI providers must comply with transparency obligations including technical documentation, copyright policies, and training data summaries by August 2, 2025.

Updated June 2026 · MmowW AI Compliance

EU AI Act GPAI Models: General-Purpose AI Rules Explained

What Is a General-Purpose AI Model Under the EU AI Act

The EU AI Act (Regulation (EU) 2024/1689) introduces a dedicated regulatory framework for general-purpose AI models. A GPAI model is defined as an AI model that displays significant generality, is capable of competently performing a wide range of distinct tasks, and can be integrated into a variety of downstream systems or applications. This definition captures large language models, multimodal foundation models, and other broad-capability AI systems.

The distinction matters because GPAI models sit at a different point in the AI value chain compared to specific-use AI systems. A GPAI model may be developed by one organisation and then deployed by dozens or hundreds of downstream providers in applications ranging from customer service to medical research. This layered deployment creates unique regulatory challenges that the EU AI Act addresses through a separate set of obligations.

Article 51: How GPAI Models Are Classified

Article 51 of the EU AI Act establishes the classification framework for GPAI models. The classification determines which obligations apply to the provider of the model. All GPAI models are subject to baseline transparency requirements, but models that present systemic risk face additional, more stringent obligations under Article 55.

The classification under Article 51 operates on two levels. The first level captures all GPAI models regardless of capability. Any model that meets the general-purpose definition triggers the baseline obligations. The second level identifies models with systemic risk, primarily through a computational threshold of 10^25 floating point operations (FLOPs) used in training, or through a designation by the European Commission based on other criteria.

This two-tier approach allows the regulation to impose proportionate requirements. Smaller GPAI models face lighter obligations focused on transparency, while the most capable models must meet comprehensive risk management standards.

Provider Obligations Under Article 53

Article 53 sets out the core obligations for all GPAI model providers. These obligations focus on transparency and information sharing rather than on restricting how models are built or deployed.

The first obligation requires providers to draw up and keep up to date technical documentation of the model, including its training and testing process. This documentation must contain information that is sufficiently detailed to allow downstream providers to understand the model's capabilities and limitations.

The second obligation concerns copyright policy. Under Article 53(1)(c), GPAI model providers must put in place a policy to comply with Union copyright law, in particular to identify and comply with reservations of rights expressed by rightsholders under Article 4(3) of Directive (EU) 2019/790 (the Copyright in the Digital Single Market Directive). This means providers must have processes to respect opt-out requests from content creators.

The third obligation requires providers to draw up and make publicly available a sufficiently detailed summary of the content used for training the GPAI model. This summary must follow a template provided by the AI Office and is intended to give rightsholders and the public meaningful insight into training data composition without requiring disclosure of proprietary datasets.

Downstream Provider Obligations

When a GPAI model is integrated into a downstream AI system, the downstream provider takes on its own set of responsibilities. The GPAI model provider must make available to downstream providers the technical documentation and any other information necessary for the downstream provider to comply with its own obligations under the AI Act.

This creates a chain of responsibility. If a downstream provider uses a GPAI model in a high-risk AI system (as classified under Annex III of the AI Act), that downstream provider must be able to demonstrate compliance with the high-risk requirements. To do so, they need adequate information from the GPAI model provider about the model's characteristics, capabilities, and known limitations.

The practical effect is that GPAI model providers must design their documentation and information-sharing practices with downstream compliance in mind. A model provider who fails to provide adequate information may create compliance obstacles for the entire downstream ecosystem.

Codes of Practice

The EU AI Act envisions codes of practice as a primary compliance mechanism for GPAI obligations. The AI Office is tasked with facilitating the development of these codes, working with GPAI model providers, downstream providers, and other stakeholders.

Codes of practice cover the detailed implementation of transparency obligations, copyright compliance procedures, and risk identification methodologies. Adherence to an approved code of practice creates a presumption of conformity with the corresponding regulatory obligations. This means that a GPAI provider who follows an approved code of practice can demonstrate compliance without needing to prove adherence to each obligation individually.

The development process for codes of practice began in late 2024, with initial drafts circulating among stakeholders in 2025. The target is to have functional codes in place by August 2, 2025, when the GPAI provisions become applicable.

Timeline and Distinction from High-Risk AI Systems

The GPAI provisions of the EU AI Act follow a specific timeline. The regulation entered into force on August 1, 2024. The GPAI-specific rules, including Articles 51 through 56, become applicable on August 2, 2025. This gives GPAI model providers a transition period to prepare their documentation, copyright policies, and training data summaries.

It is important to distinguish GPAI obligations from the high-risk AI system requirements in the Act. A GPAI model is not automatically a high-risk AI system. The high-risk classification under Annex III applies to specific AI systems deployed in defined use cases such as biometric identification, critical infrastructure management, or employment decisions. A GPAI model only becomes subject to high-risk requirements when it is integrated into a system that falls within one of those defined categories.

However, a GPAI model classified as presenting systemic risk under Article 55 faces additional obligations that go beyond the baseline GPAI requirements but operate through a different framework than the high-risk system rules. The systemic risk obligations focus on model-level risks rather than application-level risks.

Organisations developing or deploying GPAI models should begin compliance preparation now. The documentation requirements alone demand significant effort, and the copyright compliance obligations may require changes to data collection and training practices. Early engagement with the codes of practice development process offers an opportunity to shape the compliance framework while it is still being defined.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.