General-purpose AI
Articles 51-55 for model providers, integrators and organisations using GPAI
GPAI provider obligations have applied since 2 August 2025. This guide explains when you are a model provider, downstream provider or deployer, which documentation is needed and how GPAI connects with Annex III, Article 50 and Article 4.
Sources and legal text
GPAI based on Articles 51, 53 and 55
Other AI Act routes
Do not use GPAI as a substitute for classification
What is a general-purpose AI model?
A model that can be used broadly across multiple tasks
A general-purpose AI model is an AI model that displays significant generality and can be used for a wide range of distinct tasks. This includes language models, multimodal models, code models and other foundation-model-like building blocks. The AI Act treats the model itself separately from the concrete application in which the model is integrated.
Model level
GPAI focuses on the base model, not only the end application.
Broadly usable
The model can perform many task types without being fully rebuilt.
AI value chain
Provider, downstream provider and deployer must be determined separately.
Not the same as high-risk
A GPAI model can be used in a system that later becomes high-risk.
Start by determining your role in the GPAI chain
The obligation depends on what you offer or use
An organisation using a GPAI tool for internal tasks is usually not a GPAI model provider. The provider route becomes relevant when you develop, commission, significantly modify, place on the market or make available a model. If you build a product on a GPAI model, you also need to determine whether you are a downstream provider of an AI system and whether that application falls under Annex III or Article 50.
GPAI model provider
Develops or places a general-purpose AI model on the market.
Downstream provider
Builds an AI system or product on top of a GPAI model.
Deployer or user
Uses an AI system professionally and must assess governance, training and transparency duties.
Significant modification
A major modification can change the role allocation.
Article 53: baseline obligations for GPAI providers
Documentation, downstream information, copyright and training data
Article 53 requires GPAI model providers to maintain technical documentation, provide relevant information to downstream providers, have a policy for compliance with Union copyright law and publish a public summary of training content. Some open-source models benefit from limited exemptions, but not where the model has systemic risk.
Technical documentation
Training, testing, evaluation, capabilities and limitations.
Information for downstream providers
Sufficient information to assess integration and compliance.
Copyright policy
Process for complying with Union copyright law.
Training-content summary
Public summary using the Commission template.
GPAI models with systemic risk
Articles 51 and 55 add an extra layer
A GPAI model can be classified as a model with systemic risk when it has high-impact capabilities or is designated by the Commission. The AI Act includes a presumption at more than 10^25 floating point operations of training compute. Article 55 then adds obligations for model evaluation, adversarial testing, systemic risk assessment, incident reporting to the AI Office and cybersecurity.
Classification
High-impact capabilities or Commission designation.
Compute presumption
Training compute above 10^25 FLOPs indicates high-impact capabilities.
Model evaluation
Standardised evaluation and adversarial testing.
Reporting and cybersecurity
Incidents, corrective measures and protection of model and infrastructure.
General-Purpose AI Code of Practice
Voluntary route to support compliance
The European Commission published the GPAI Code of Practice on 10 July 2025. The code is voluntary, but can help providers show how they meet obligations on transparency, copyright and safety. Providers that do not follow an approved code or harmonised standard need to demonstrate adequate alternative means of compliance.
Transparency
Model Documentation Form and downstream information.
Copyright
Measures around copyright and rights reservations.
Safety and security
Especially relevant for systemic risk.
Demonstrability
Use the code as an evidence structure, not as a stand-alone checkbox.
GPAI next to Annex III, Article 50 and Article 4
For many organisations, GPAI is not the only route
GPAI mainly determines which model and value-chain information must be available. The concrete application remains decisive. A customer-service AI agent may need Article 50 transparency. A model used in recruitment, education, creditworthiness or public services may become Annex III high-risk. And almost every organisation using AI professionally needs to implement AI literacy and internal policy in practice.
Annex III
Classify the concrete use case by domain and purpose.
Transparency
Disclose AI interaction, synthetic content, deepfakes or biometric/emotion functionality where needed.
AI literacy
Train staff at the right level and keep evidence.
GDPR and governance
Connect model information to DPIA, procurement, register and policy.
Frequently asked questions about GPAI
Answers for providers, integrators and organisations using GPAI
Ready for your first AI Act route?
Discover which EU AI Act gap your organization should solve first.