Responsible AI Platform
GPAI route under the EU AI Act

General-purpose AI

Articles 51-55 for model providers, integrators and organisations using GPAI

GPAI provider obligations have applied since 2 August 2025. This guide explains when you are a model provider, downstream provider or deployer, which documentation is needed and how GPAI connects with Annex III, Article 50 and Article 4.

Art. 53
Provider duties
Art. 51
Systemic risk
Art. 55
Extra measures
12 min readLast updated: 31 May 2026
GPAI

What is a general-purpose AI model?

A model that can be used broadly across multiple tasks

A general-purpose AI model is an AI model that displays significant generality and can be used for a wide range of distinct tasks. This includes language models, multimodal models, code models and other foundation-model-like building blocks. The AI Act treats the model itself separately from the concrete application in which the model is integrated.

Model

Model level

GPAI focuses on the base model, not only the end application.

Taken

Broadly usable

The model can perform many task types without being fully rebuilt.

Keten

AI value chain

Provider, downstream provider and deployer must be determined separately.

Route

Not the same as high-risk

A GPAI model can be used in a system that later becomes high-risk.

Related articles

Rol

Start by determining your role in the GPAI chain

The obligation depends on what you offer or use

An organisation using a GPAI tool for internal tasks is usually not a GPAI model provider. The provider route becomes relevant when you develop, commission, significantly modify, place on the market or make available a model. If you build a product on a GPAI model, you also need to determine whether you are a downstream provider of an AI system and whether that application falls under Annex III or Article 50.

Prov

GPAI model provider

Develops or places a general-purpose AI model on the market.

Down

Downstream provider

Builds an AI system or product on top of a GPAI model.

Use

Deployer or user

Uses an AI system professionally and must assess governance, training and transparency duties.

Mod

Significant modification

A major modification can change the role allocation.

Related articles

53

Article 53: baseline obligations for GPAI providers

Documentation, downstream information, copyright and training data

Article 53 requires GPAI model providers to maintain technical documentation, provide relevant information to downstream providers, have a policy for compliance with Union copyright law and publish a public summary of training content. Some open-source models benefit from limited exemptions, but not where the model has systemic risk.

Doc

Technical documentation

Training, testing, evaluation, capabilities and limitations.

Info

Information for downstream providers

Sufficient information to assess integration and compliance.

Copyright

Copyright policy

Process for complying with Union copyright law.

Data

Training-content summary

Public summary using the Commission template.

Related articles

55

GPAI models with systemic risk

Articles 51 and 55 add an extra layer

A GPAI model can be classified as a model with systemic risk when it has high-impact capabilities or is designated by the Commission. The AI Act includes a presumption at more than 10^25 floating point operations of training compute. Article 55 then adds obligations for model evaluation, adversarial testing, systemic risk assessment, incident reporting to the AI Office and cybersecurity.

51

Classification

High-impact capabilities or Commission designation.

10^25

Compute presumption

Training compute above 10^25 FLOPs indicates high-impact capabilities.

Test

Model evaluation

Standardised evaluation and adversarial testing.

AI Office

Reporting and cybersecurity

Incidents, corrective measures and protection of model and infrastructure.

Related articles

CoP

General-Purpose AI Code of Practice

Voluntary route to support compliance

The European Commission published the GPAI Code of Practice on 10 July 2025. The code is voluntary, but can help providers show how they meet obligations on transparency, copyright and safety. Providers that do not follow an approved code or harmonised standard need to demonstrate adequate alternative means of compliance.

TR

Transparency

Model Documentation Form and downstream information.

CR

Copyright

Measures around copyright and rights reservations.

SEC

Safety and security

Especially relevant for systemic risk.

EV

Demonstrability

Use the code as an evidence structure, not as a stand-alone checkbox.

Related articles

Route

GPAI next to Annex III, Article 50 and Article 4

For many organisations, GPAI is not the only route

GPAI mainly determines which model and value-chain information must be available. The concrete application remains decisive. A customer-service AI agent may need Article 50 transparency. A model used in recruitment, education, creditworthiness or public services may become Annex III high-risk. And almost every organisation using AI professionally needs to implement AI literacy and internal policy in practice.

Annex III

Annex III

Classify the concrete use case by domain and purpose.

Art. 50

Transparency

Disclose AI interaction, synthetic content, deepfakes or biometric/emotion functionality where needed.

Art. 4

AI literacy

Train staff at the right level and keep evidence.

AVG

GDPR and governance

Connect model information to DPIA, procurement, register and policy.

Related articles

Frequently asked questions about GPAI

Answers for providers, integrators and organisations using GPAI

Ready for your first AI Act route?

Discover which EU AI Act gap your organization should solve first.

500+
Professionals trained
50+
Organizations helped