GPAI (General Purpose AI)
Generally accessible AI models under Articles 53–55 EU AI Act
TL;DR
General Purpose AI (GPAI) within the meaning of Article 3(63) EU AI Act refers to AI models that, by virtue of their significant general capabilities, can be used for a wide range of tasks. Examples: ChatGPT, Claude, Gemini, LLaMA. Provider obligations under Articles 53–55 have applied since 02 August 2025. Where systemic risk is present (≥10²⁵ FLOPs of training compute): additional obligations under Article 55.
What is GPAI (General Purpose AI)?
GPAI models are subject to three pillars of obligations under the GPAI Code of Practice (finalised 10 July 2025):
- Transparency: training data summary (Article 53(1)(d)), model card, documentation for downstream providers
- Copyright: EU copyright compliance, observance of opt-outs, robust internal policy
- Safety & Security (GPAI with systemic risk only): model evaluation, adversarial testing, incident reporting, cybersecurity
Threshold for 'systemic risk' (Article 51): ≥10²⁵ FLOPs of cumulative training compute. Currently (2026), this only captures frontier models (GPT-4-class, Claude Opus, Gemini Ultra).
Practical example
Practical consequences for SMEs acting as deployers of GPAI: - Using ChatGPT: you are a deployer, not a provider — no direct GPAI obligations - However: AI literacy under Article 4 (mandatory since 02/2025) - For Annex III use cases (HR, recruiting): additional high-risk obligations from 12/2027 Those who build their own RAG systems on top of a GPAI API and distribute them under their own name: substantial modification → become a provider.