Quick answer

GPAI models with systemic risk face the strictest obligations under the EU AI Act. A model is classified as systemic risk if trained with more than 10^25 FLOPs or designated by the European Commission. Additional obligations include adversarial testing, incident reporting, cybersecurity measures, and energy consumption reporting.

Updated June 2026 · MmowW AI Compliance

EU AI Act Systemic Risk AI Models: When Extra Rules Apply

What Makes a GPAI Model Systemic Risk

The EU AI Act (Regulation (EU) 2024/1689) draws a clear line between standard GPAI models and those that pose systemic risk. Article 55 establishes that a GPAI model is classified as presenting systemic risk when it has high-impact capabilities. The regulation uses two mechanisms to identify these models: a quantitative threshold and a qualitative designation process.

The quantitative threshold is set at 10^25 floating point operations (FLOPs) used in training the model. Any GPAI model trained with cumulative compute at or above this level is automatically classified as presenting systemic risk. This threshold was chosen to capture the most capable frontier models while exempting the vast majority of AI models in deployment.

The European Commission also retains the power to designate a GPAI model as presenting systemic risk based on criteria beyond training compute. These criteria may include the number of registered end users, the degree of market penetration, the extent of cross-border deployment, or other indicators of potential systemic impact. This designation power ensures that a model cannot avoid the systemic risk classification simply by using a different training methodology that happens to fall below the FLOPs threshold.

The 10^25 FLOPs Threshold in Practice

Understanding the 10^25 FLOPs threshold requires context about current frontier model development. As of 2025, models widely understood to exceed this threshold include the GPT-4 family from OpenAI, Google DeepMind's Gemini models, and Anthropic's Claude models. The exact training compute for these models is not always publicly disclosed, but industry estimates and reporting suggest they operate at or above this level.

The threshold is not static. Article 51(2) empowers the European Commission to amend the threshold through delegated acts, taking into account technological developments. As hardware efficiency improves and training costs decrease, models trained with 10^25 FLOPs will become more common. The Commission may choose to raise the threshold to maintain its focus on truly frontier capabilities, or it may keep it constant to bring more models under systemic risk obligations as the technology matures.

For organisations developing large-scale AI models, the FLOPs threshold creates a practical planning consideration. Training runs that approach 10^25 FLOPs should trigger an assessment of systemic risk obligations before the training is completed, not after deployment.

Additional Obligations Under Article 55

GPAI models classified as presenting systemic risk must comply with all baseline GPAI obligations under Article 53 plus a set of additional requirements. These additional obligations are designed to address risks that could affect public health, safety, public security, fundamental rights, or the functioning of society at large.

The first additional obligation is model evaluation. Providers must perform model evaluations in accordance with standardised protocols and tools, including adversarial testing. The purpose is to identify and mitigate systemic risks, including risks related to the generation of harmful content, the propagation of misinformation, or the facilitation of activities that threaten public safety.

The second obligation concerns adversarial testing specifically. Providers must conduct adversarial testing of the model, also referred to as red-teaming, to identify vulnerabilities and failure modes. This testing must be proportionate to the identified risks and must cover a range of potential misuse scenarios.

The third obligation requires providers to track, document, and report serious incidents related to the model to the AI Office and, where relevant, to national competent authorities. A serious incident includes any event that directly or indirectly leads to, or could reasonably be expected to lead to, serious harm to persons, property, or public interests.

Cybersecurity and Energy Reporting

Article 55 imposes two further obligations that reflect growing concerns about AI infrastructure security and environmental impact.

On cybersecurity, providers of systemic risk GPAI models must ensure an adequate level of cybersecurity protection for the model and its physical infrastructure. This includes protections against unauthorised access, model theft, model manipulation, and adversarial attacks on the model's inference capabilities. The cybersecurity requirements recognise that a compromised frontier model could have cascading effects across all downstream applications.

On energy consumption, providers must track and publicly report the energy consumption of the model during training and, where practicable, during inference. This obligation supports the broader EU policy objective of monitoring and reducing the environmental footprint of AI development. The reporting requirement does not impose energy limits but creates transparency that may inform future policy decisions.

These obligations apply in addition to any existing cybersecurity requirements under other EU legislation, such as the NIS2 Directive (Directive (EU) 2022/2555) for operators of essential services.

Codes of Practice for Systemic Risk Models

The EU AI Act provides for codes of practice that specifically address the obligations of systemic risk GPAI model providers. These codes are developed under the facilitation of the AI Office and are intended to provide detailed, practical guidance on how to meet the additional obligations.

The codes of practice for systemic risk models cover areas including the methodology for adversarial testing, the format and frequency of incident reporting, the standards for cybersecurity protection, and the protocols for energy consumption measurement and disclosure. Adherence to an approved code of practice creates a presumption of conformity with the systemic risk obligations, providing legal certainty for providers.

However, if no suitable code of practice exists or if a provider chooses not to adhere to one, the provider must demonstrate compliance through alternative means that achieve an equivalent level of protection. The AI Office may also request that a provider demonstrate compliance directly, regardless of code of practice adherence.

Current Models and Compliance Planning

Several frontier AI models are widely expected to fall within the systemic risk classification when the GPAI provisions become applicable on August 2, 2025. Organisations operating these models should already be developing compliance frameworks that address each of the additional obligations.

Key preparatory steps include establishing internal processes for adversarial testing and red-teaming, creating incident tracking and reporting systems compatible with the AI Office's requirements, conducting cybersecurity assessments of model infrastructure, and implementing energy monitoring across training and inference operations.

Organisations that deploy these models as downstream providers should also prepare for the possibility that systemic risk classification of an upstream model may create additional due diligence requirements for their own AI systems. Understanding the systemic risk status of the GPAI models you integrate is an essential part of compliance planning under the EU AI Act.

The AI Office serves as the primary supervisory authority for GPAI model compliance, including systemic risk obligations. Providers should monitor AI Office communications, participate in code of practice consultations where possible, and maintain open channels of communication with the Office regarding their compliance status.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.