Chapter V — Articles 51–55
What is a GPAI Model?
A General-Purpose AI model is any model trained using more than 10²³ floating-point operations (FLOPs) capable of generating language, image, or video outputs. If your model can perform a wide range of tasks across different domains — rather than one specialised function — it almost certainly qualifies.
Specialised models used exclusively for transcription, image upscaling, weather forecasting, or gaming are excluded, provided they lack general capabilities beyond their specific domain.
Who is the Provider?
Provider status follows market placement, not development. If your organisation places a GPAI model on the EU market — regardless of who built it — you are the provider and carry the compliance obligations.
Uploading a model to a hosted repository does not transfer provider status. If a downstream actor incorporates your GPAI model into their AI system and places it on the EU market, they become a system provider — but your obligations as the original GPAI provider remain.
Core Obligations (Articles 53–54)
All GPAI providers must:
- Maintain and update technical documentation throughout the model lifecycle, from pre-training through post-market modifications
- Provide downstream providers with sufficient information about the model’s capabilities, limitations, and intended use
- Publish a training data summary using the AI Office template
- Maintain a copyright compliance policy covering training data
- Cooperate with the AI Office and national competent authorities upon request
- Submit documents via the EU SEND platform for confidential exchange with the AI Office
These obligations apply from the start of the pre-training run — not from market placement.
Systemic Risk Classification (Article 51)
A GPAI model is classified as posing systemic risk if its training compute meets or exceeds 10²⁵ FLOPs, or if the Commission designates it as having equivalent impact based on capability evaluations, number of users, scalability, or access to tools.
Providers must notify the Commission within two weeks of reasonably foreseeing or reaching this threshold.
Additional Obligations for Systemic Risk Models (Article 55)
If your model meets the systemic risk threshold, you must additionally:
- Conduct model evaluations using standardised protocols
- Assess and mitigate systemic risks throughout the model lifecycle
- Report serious incidents to the AI Office and national authorities
- Ensure cybersecurity of model infrastructure and weights
The GPAI Code of Practice, published in July 2025 and endorsed by the Commission and AI Board, provides a voluntary compliance pathway for providers to demonstrate adherence to Articles 53 and 55. Signatories gain legal certainty and reduced administrative burden compared to demonstrating compliance through alternative means.
Open Source Exemptions
Open-source GPAI providers benefit from limited exemptions. They are not required to provide technical documentation to downstream providers or the AI Office. However, the training data summary and copyright policy requirements apply regardless of open-source status.
If an open-source model poses systemic risk, full systemic risk obligations apply — the open-source exemption does not extend to Article 55.
Modification Thresholds
Not all modifications to a GPAI model create new provider obligations. A downstream actor becomes the new GPAI provider only if the compute used for modification exceeds one-third of the compute used to train the original model.
If modifying a systemic-risk GPAI model — regardless of compute used — full systemic risk obligations apply to the modifier.
Does your GPAI model meet these obligations? Technical documentation, training data summaries, copyright policies, and systemic risk assessments all require evidence. Grecta generates your GPAI compliance framework automatically — classified to your specific model, continuously monitored, with engineering-level steps for every gap identified.
Apply this to your GPAI model — free, no credit card →
