Answer a few questions and get an instant verdict: are you a general-purpose AI model provider, and which obligations apply to you?
Educational tool. Does not constitute legal advice. Consult a qualified professional for any compliance decision.
What is a GPAI provider?
A general-purpose AI model (GPAI) is a model trained on large amounts of data, capable of performing a wide range of distinct tasks. Article 53 of EU Regulation 2024/1689 imposes specific obligations on companies that develop, substantially modify, or distribute such models under their own name. The most common legal trap: fine-tuning an existing model can shift a company's status from deployer to GPAI provider.
Source: EU Regulation 2024/1689, Art. 51-55 (General-purpose AI models); Annex XI (technical documentation); Annex XIII (systemic risk indicators); GPAI Code of Practice, 10 July 2025.
Frequently asked questions about GPAI status
What is a general-purpose AI model (GPAI) under the AI Act?+
A general-purpose AI model (GPAI) is defined in Art. 3§44 of the AI Act as an AI model that is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks, and that can be integrated into a variety of downstream systems or applications. This includes large language models (LLMs), multimodal models, image generation models, and any foundation model with a generalist purpose.
Does fine-tuning an open-source model make me a GPAI provider?+
Yes, if the modification is substantial. Art. 25§2 of the AI Act specifies that when a provider substantially modifies a GPAI model, they are considered the provider of the modified model and take on all corresponding obligations. A fine-tune that significantly changes the model's general capabilities or behaviour (new skills, new domains, alignment changes) is generally considered substantial. A minor style or tone adjustment on a very specific domain may be out of scope — but the boundary remains case-by-case and legally uncertain.
What is GPAI systemic risk?+
GPAI models with systemic risk (Art. 51§1) are models whose capabilities or market impact exceed critical thresholds. The presumption of systemic risk is triggered automatically when training compute exceeds 10^25 FLOPs (Annex XIII §1), or when the model is made available to at least 10,000 business users established in the Union (Annex XIII §2). Other indicators include reach, advanced multimodal capabilities, performance on key benchmarks, use in critical infrastructure, and high degree of autonomy. These models are subject to the enhanced obligations of Art. 55.
What are the obligations of a GPAI provider without systemic risk?+
A standard GPAI provider (without systemic risk) is subject to Art. 53 obligations: (1) establish and keep up to date technical documentation for the model (Annex XI), (2) publish a sufficiently detailed summary of the training data used, (3) implement and publish a copyright compliance policy (Art. 53§1(c)), and (4) inform downstream providers who integrate the model into their own AI systems. These obligations apply from the moment the model is made available in the European Union.