Annex XIII AI Act
Criteria for the designation of GPAI models with systemic risk
Official text
Criteria for the designation of general-purpose AI models with systemic risk referred to in Article 51 For the purpose of determining that a general-purpose AI model has capabilities or an impact equivalent to those set out in Article 51(1), point (a), the Commission shall take into account the following criteria:
(a) the number of parameters of the model;
(b) the quality or size of the data set, for example measured through tokens;
(c) the amount of computation used for training the model, measured in floating point operations or indicated by a combination of other variables such as estimated cost of training, estimated time required for the training, or estimated energy consumption for the training;
(d) the input and output modalities of the model, such as text to text (large language models), text to image, multi-modality, and the state of the art thresholds for determining high-impact capabilities for each modality, and the specific type of inputs and outputs (e.g. biological sequences);
(e) the benchmarks and evaluations of capabilities of the model, including considering the number of tasks without additional training, adaptability to learn new, distinct tasks, its level of autonomy and scalability, the tools it has access to;
(f) whether it has a high impact on the internal market due to its reach, which shall be presumed when it has been made available to at least 10 000 registered business users established in the Union;
(g) the number of registered end-users.
ELI: http://data.europa.eu/eli/reg/2024/1689/oj ISSN 1977-0677 (electronic edition)
////////////////////////$(document).ready(function(){generateTOC(true,'', 'Top','false');scrollToCurrentUrlAnchor();});
Source: EUR-Lex, Regulation (EU) 2024/1689 — text reproduced verbatim.
📬 AI Act Weekly
Get the most important AI Act developments in your inbox every week.
SubscribeFrequently asked questions
What does Annex XIII of the AI Act regulate?
Annex XIII describes the criteria the European Commission uses to determine whether a GPAI model poses systemic risk, under Article 51. These criteria determine whether additional obligations apply.
Which criteria determine if a GPAI model has systemic risk?
Seven criteria: (a) number of parameters, (b) dataset quality/size, (c) amount of compute for training, (d) input/output modalities and state-of-the-art thresholds, (e) benchmarks and evaluations, (f) internal market impact (10,000+ business users), and (g) number of registered end-users.
Is there a threshold for the number of parameters?
Annex XIII lists number of parameters as a criterion (point a), but does not set a fixed threshold. Article 51(1)(a) does mention a threshold of 10^25 FLOP of compute for training as a presumption of systemic risk.
When is a model presumed to have systemic risk?
Article 51(2) provides that a model is presumed to have systemic risk if cumulative compute for training exceeds 10^25 FLOP. The Commission may adjust this threshold through delegated acts.
Does the number of users count for systemic risk?
Yes, point f states that high impact on the internal market is presumed when the model has been made available to at least 10,000 registered business users in the EU. Point g also references the number of end-users.
Are multimodal models more likely to be systemic risk?
Annex XIII, point d, specifically mentions input/output modalities (text-to-text, text-to-image, multimodal) as a criterion, with state-of-the-art thresholds per modality. Multimodal capabilities can therefore contribute to the classification.
Who determines whether a model has systemic risk?
The European Commission determines this based on the criteria in Annex XIII and Article 51. The provider may also self-declare that their model has systemic risk. The 10^25 FLOP threshold creates a legal presumption.
What are the consequences of systemic risk classification?
Providers of GPAI models with systemic risk must comply with additional obligations: model evaluation, adversarial testing, incident reporting to the AI Office, and adequate cybersecurity protection (Article 55).