From August 2, 2026, the European AI Office has direct enforcement powers over providers of general-purpose AI (GPAI) models. GPAI obligations have been in force since August 2, 2025. The final GPAI Code of Practice was published July 10, 2025. Adherence creates a presumption of conformity but does not guarantee immunity from enforcement.
GPAI Code of Practice: Commission Enforcement Begins August 2, 2026
What happened
General-purpose AI model obligations under Chapter V of the EU AI Act took effect on August 2, 2025. Providers have had one year to comply. On August 2, 2026, the European AI Office — established within the European Commission — gains full enforcement powers over GPAI model providers.
The AI Office is unique in the EU AI Act enforcement structure: while Member State authorities handle most AI Act enforcement, the AI Office has direct, EU-level enforcement authority over GPAI models specifically.
What GPAI providers must have in place
All providers of GPAI models must have completed the following by August 2, 2025 (already in force):
- Technical documentation (Article 53): Complete documentation of the model, including training and testing processes and evaluation results, following the requirements of Annex XI
- Downstream provider information (Article 53): Documentation enabling downstream AI system providers to understand capabilities, limitations, and comply with their own obligations
- Copyright compliance (Article 53): A policy to comply with EU copyright law, including publicly available summaries of training data content
- Registration: Registration of the GPAI model in the EU database
Additional requirements for systemic risk models
GPAI models with systemic risk — those trained with more than 10^25 FLOPs of computation or designated by the Commission — must additionally:
- Perform model evaluation including adversarial testing
- Assess and mitigate systemic risks
- Track, document, and report serious incidents
- Ensure adequate cybersecurity protection
What to do now
- Self-assess against the Code of Practice. The three-pillar Code (Transparency, Copyright, Systemic Risk) provides the benchmark. Adherence creates a presumption of conformity
- Verify technical documentation is complete. Annex XI specifies minimum content. The AI Office will review this first in any investigation
- Confirm downstream provider documentation. Your customers who build AI systems on your model must have what they need for their own compliance
- Prepare for oversight requests. The AI Office can request information, conduct evaluations, and require corrective measures. Have a designated contact and response process ready
Assess your GPAI compliance status.
Free AI Act Readiness Check Covers GPAI obligations, transparency, and moreThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Published June 17, 2026 by Sawai Gyoseishoshi Office, Hiroshima, Japan.