General-purpose AI models

Chapter V (Articles 51–56) of the EU AI Act regulates general-purpose AI models as a separate regime from AI systems. The obligations sit at the model level, address the GPAI model provider, and are independent of the Article 6 high-risk classification that governs AI systems. Conflating "generative AI" with "high-risk" misreads the Regulation — Chapter V is a parallel framework, not a sub-tier.

This is one of four obligation regimes under the Regulation — see the overview for how Chapter V interacts with Article 5 prohibited practices, Article 6 high-risk, and Article 50 transparency.

Quick decision

• You train and place a general-purpose AI model on the EU market → Article 53 baseline obligations apply (technical documentation, downstream-provider documentation, copyright policy, training-data summary).
• Your model's cumulative training compute exceeds 10²⁵ floating-point operations → the Article 51(2) systemic-risk presumption applies. Notify the Commission under Article 52(1) within two weeks. Article 55 additional obligations stack on Article 53.
• The Commission designates your model as systemic-risk under Article 51(1)(b) → Article 55 applies regardless of FLOPs threshold.
• You release the model under a free and open-source licence → Article 53(2) exempts you from Article 53(1)(a) and (b) (technical doc and downstream-provider doc) but not from Article 53(1)(c) (copyright policy) and (d) (training-data summary). Systemic-risk GPAI under Article 55 does not benefit from the open-source exemption.
• You are a non-EU provider of a GPAI model → designate an authorised representative under Article 54 before placing the model on the EU market. Free-and-open-source GPAI models that meet Article 53(2) conditions are exempt from Article 54 under Article 54(6) — unless the model is systemic-risk under Article 51.
• You integrate a GPAI model into your AI system → you become a system-level provider under Articles 8–15 if the system meets Article 6. The GPAI provider's Article 53 documentation flows downstream — use the Annex XII content to satisfy your own obligations.

TL;DR

• Chapter V is model-level, not system-level. Article 6 high-risk classification is a separate question.
• Article 51(2) presumes systemic-risk when cumulative training compute exceeds 10²⁵ FLOPs. The Commission can also designate under Article 51(1)(b) via Annex XIII criteria.
• Article 53 baseline obligations apply to every GPAI provider: technical documentation (Annex XI), downstream-provider documentation (Annex XII), copyright policy, training-data summary.
• Article 55 additional obligations on systemic-risk GPAI: model evaluation including adversarial testing, systemic-risk assessment and mitigation, serious-incident reporting to the AI Office, cybersecurity.
• Article 56 Codes of Practice are one route to demonstrating compliance with Articles 53 and 55 under Articles 53(4) and 55(2); providers may instead use alternative adequate means subject to Commission assessment. Codes target date is 2 May 2025; Commission may set common rules by implementing act if a Code is not finalised or is found inadequate by 2 August 2025.
• Free-and-open-source exemption under Article 53(2) covers Article 53(1)(a) and (b) only — not copyright policy or training-data summary. Systemic-risk GPAI does not benefit from the open-source exemption.
• Application dates: Chapter V applies from 2 August 2025 (Article 113(b)). GPAI models placed on the market before that date have until 2 August 2027 to comply (Article 111(3)).

AI Omnibus provisional agreement (May 2026)

Status: provisional political agreement, pending formal adoption

On 7 May 2026 the Council presidency and European Parliament negotiators reached a provisional political agreement on the Digital Omnibus on AI (originally proposed by the Commission on 19 November 2025, part of the 'Omnibus VII' simplification package). The deal must still be formally endorsed by the Council and the Parliament and undergo legal/linguistic revision before adoption. This framework page will be updated once the Omnibus is formally adopted. Until then, the existing EU AI Act text remains legally binding.

Relevant to this page:

• AI Office competence clarified — the AI Office would supervise AI systems based on general-purpose AI models when the model and the system come from the same provider, with carve-outs (law enforcement, border management, judicial authorities and financial institutions) where national authorities would remain competent.
• Codes of Practice process — the Omnibus deal is expected to refine the Article 56 Codes of Practice process. The headline Article 53 / 55 obligations themselves are unchanged.

The Chapter V application date of 2 August 2025 is not deferred by the Omnibus deal — it has already been in effect.

Until adopted, the published 2024/1689 Chapter V obligations remain the binding reference.

Primary source

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 — EUR-Lex CELEX 32024R1689 · OJ L, 12.7.2024 · Articles 51–56, Annexes XI, XII, XIII.

Article 3(63) — what counts as a GPAI model

'general-purpose AI model' means an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market;

— Article 3(63), Regulation (EU) 2024/1689

This is the model-level definition. Article 3(66) defines a separate concept, 'general-purpose AI system', as "an AI system which is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems". The system-level rules (Article 6, Articles 8–15) follow the AI-system path; Chapter V follows the model-level path.

Article 51 — classification of GPAI models with systemic risk

A general-purpose AI model shall be classified as a general-purpose AI model with systemic risk if it meets any of the following conditions:

(a) it has high impact capabilities evaluated on the basis of appropriate technical tools and methodologies, including indicators and benchmarks;

(b) based on a decision of the Commission, ex officio or following a qualified alert from the scientific panel, it has capabilities or an impact equivalent to those set out in point (a) having regard to the criteria set out in Annex XIII.

— Article 51(1), Regulation (EU) 2024/1689

Article 51(2) — the 10²⁵ FLOPs presumption

A general-purpose AI model shall be presumed to have high impact capabilities pursuant to paragraph 1, point (a), when the cumulative amount of computation used for its training measured in floating point operations is greater than 10²⁵.

— Article 51(2), Regulation (EU) 2024/1689

The 10²⁵ FLOPs threshold is a rebuttable presumption, not a hard line. A provider above the threshold may submit "sufficiently substantiated arguments" under Article 52(2) to demonstrate that the model does not present systemic risk; the Commission decides.

Article 52 — procedure for designation

Article 52(1) requires the provider to notify the Commission without delay and in any event within two weeks after the Article 51(1)(a) requirement is met or it becomes known that it will be met. The notification includes the information necessary to demonstrate the requirement and may include a reasoned argument that the model does not present systemic risk despite meeting the presumption.

Article 52(4) covers the Commission designation route (Article 51(1)(b)) — the Commission may designate a GPAI model as having systemic risk ex officio or following a qualified alert from the scientific panel, having regard to the criteria set out in Annex XIII. Article 52(5) allows the provider to request a re-assessment based on new concrete reasons if circumstances change. Article 52(6) requires the Commission to publish and keep up to date a list of GPAI models with systemic risk.

Article 53 — obligations for all GPAI model providers

Article 53(1) imposes four core obligations on every GPAI provider, regardless of systemic-risk classification:

Providers of general-purpose AI models shall:

(a) draw up and keep up-to-date the technical documentation of the model, including its training and testing process and the results of its evaluation, which shall contain, at a minimum, the information set out in Annex XI for the purpose of providing it, upon request, to the AI Office and the national competent authorities;

(b) draw up, keep up-to-date and make available information and documentation to providers of AI systems who intend to integrate the general-purpose AI model into their AI systems. Without prejudice to the need to observe and protect intellectual property rights and confidential business information or trade secrets in accordance with Union and national law, the information and documentation shall:

(i) enable providers of AI systems to have a good understanding of the capabilities and limitations of the general-purpose AI model and to comply with their obligations pursuant to this Regulation; and

(ii) contain, at a minimum, the elements set out in Annex XII;

(c) put in place a policy to comply with Union law on copyright and related rights, and in particular to identify and comply with, including through state-of-the-art technologies, a reservation of rights expressed pursuant to Article 4(3) of Directive (EU) 2019/790;

(d) draw up and make publicly available a sufficiently detailed summary about the content used for training of the general-purpose AI model, according to a template provided by the AI Office.

— Article 53(1), Regulation (EU) 2024/1689

Article 53(2) — free-and-open-source exemption

The obligations set out in paragraph 1, points (a) and (b), shall not apply to providers of AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general-purpose AI models with systemic risks.

— Article 53(2), Regulation (EU) 2024/1689

Two careful boundaries:

1. The exemption covers only Article 53(1)(a) (technical documentation) and (b) (downstream-provider documentation). The Article 53(1)(c) copyright policy and Article 53(1)(d) training-data summary still apply.
2. The exemption does not apply to systemic-risk GPAI under Article 51. A model that exceeds the 10²⁵ FLOPs presumption or is designated by the Commission cannot escape Article 53(1)(a)(b) via open-source release.

Article 54 — authorised representatives for non-EU GPAI providers

Providers of GPAI models established outside the Union must, prior to placing the model on the EU market, appoint by written mandate an authorised representative established in the Union. The representative's tasks (Article 54(3)) include verifying that the Article 53 technical documentation has been drawn up, keeping a copy of the documentation available to the AI Office for 10 years after the model is placed on the market, providing requested information to the AI Office, and cooperating with the AI Office and competent authorities.

Article 54(6) FOSS exemption — the Article 54 obligation to appoint an authorised representative does not apply to providers of GPAI models that are released under a free and open-source licence meeting the Article 53(2) conditions, unless the GPAI model is a model with systemic risk under Article 51. A systemic-risk FOSS model still requires an authorised representative.

The Article 54 obligation is distinct from the Article 22 authorised-representative obligation for high-risk AI systems — the two regimes apply independently.

Article 55 — additional obligations for systemic-risk GPAI

In addition to the obligations listed in Articles 53 and 54, providers of general-purpose AI models with systemic risk shall:

(a) perform model evaluation in accordance with standardised protocols and tools reflecting the state of the art, including conducting and documenting adversarial testing of the model with a view to identifying and mitigating systemic risks;

(b) assess and mitigate possible systemic risks at Union level, including their sources, that may stem from the development, the placing on the market, or the use of general-purpose AI models with systemic risk;

(c) keep track of, document, and report, without undue delay, to the AI Office and, as appropriate, to national competent authorities, relevant information about serious incidents and possible corrective measures to address them;

(d) ensure an adequate level of cybersecurity protection for the general-purpose AI model with systemic risk and the physical infrastructure of the model.

— Article 55(1), Regulation (EU) 2024/1689

Article 55(2) allows providers to rely on Codes of Practice within the meaning of Article 56 to demonstrate compliance with Article 55(1) until a harmonised standard is published. The serious-incident reporting duty under Article 55(1)(c) is distinct from the Article 73 serious-incident duty on high-risk AI system providers — different addressees (AI Office vs market-surveillance authorities), different event scope (systemic-risk events at the model level vs serious incidents at the system level).

Article 56 — Codes of Practice

Article 56(1) tasks the AI Office with encouraging and facilitating the drawing up of Codes of Practice at Union level, taking into account international approaches. The Codes cover in particular the Article 53 transparency and downstream-documentation obligations and the Article 55 systemic-risk obligations.

Article 56(2)–(7) governs the process:

• Participation open to all GPAI model providers, with the AI Office and AI Board supporting.
• Relevant national competent authorities may participate.
• Civil-society organisations, academia and other stakeholders may be invited to contribute.
• The Commission may approve a Code through implementing acts and grant it general validity within the Union (Article 56(6)).
• Codes of Practice should be ready by 2 May 2025 (Article 56(9) first sub-paragraph). If by 2 August 2025 a Code of Practice cannot be finalised, or if the AI Office, upon assessment, considers it not adequate, the Commission may provide, via implementing acts, common rules for the implementation of the obligations referred to in Articles 53 and 55 (Article 56(9) second sub-paragraph).

Until a harmonised standard is published (under Regulation (EU) 1025/2012), adherence to an approved Code is one path to demonstrating compliance. Articles 53(4) and 55(2) allow providers to rely on Codes; providers that do not adhere to an approved Code or harmonised standard must demonstrate compliance through alternative adequate means subject to assessment by the Commission.

Chapter V vs Article 6 — model-level vs system-level

The two regimes are distinct and stack when both apply.

Concept	Chapter V (GPAI)	Article 6 (high-risk AI system)
Level	Model	System
Addressee	GPAI model provider	System provider
Trigger	Article 51 (10²⁵ FLOPs or Commission designation)	Article 6(1) Annex I product or Article 6(2) Annex III standalone use
Documentation target	Annex XI (Article 53(1)(a))	Annex IV (Article 11)
Risk-management duty	Article 55(1)(a), (b) for systemic-risk only	Article 9 across the lifecycle
Serious-incident report	Article 55(1)(c) → AI Office	Article 73 → market-surveillance authority
Compliance route	Article 56 Codes of Practice or alternative adequate means under Articles 53(4)/55(2); harmonised standards once published	Article 43 conformity assessment + CE marking
Application date	2 August 2025	Annex III: 2 August 2026 (Omnibus would defer to 2 December 2027); Annex I: 2 August 2027 (Omnibus would defer to 2 August 2028)

A GPAI model integrated into a system whose intended purpose is Annex III high-risk triggers both regimes — the GPAI provider remains subject to Articles 53–55, and the downstream system provider must satisfy Articles 8–15. Article 25 governs how provider obligations transfer if the deployer substantially modifies the system or puts its own name on it.

AI Office and the AI Board

The AI Office (established within the Commission under Article 64) is the central supervisor for GPAI models. Its competences include:

• Monitoring and evaluating Codes of Practice — the AI Office and the AI Board encourage and facilitate the drawing-up of Codes; the Commission approves a Code by implementing act under Article 56(6).
• Receiving Article 55(1)(c) serious-incident reports from systemic-risk GPAI providers.
• Conducting model evaluations (Article 92), requesting information (Article 91), and ordering mitigation measures (Article 93) in respect of GPAI model providers. Article 75 covers assistance between the AI Office and market-surveillance authorities for AI systems based on a GPAI model where the GPAI model and the AI system come from the same provider.

The AI Board (Article 65) supports the consistent application of the Regulation across Member States, including in the context of Codes of Practice.

The provisional Omnibus deal would clarify AI Office competence over AI systems built on a GPAI model when the model and the system come from the same provider, with carve-outs (law enforcement, border management, judicial authorities, financial institutions) where national authorities would remain competent. This is a clarification, not a transfer of competence.

How Modulos operationalises Chapter V

Modulos folds GPAI obligations into the MFF-1 (EU AI Act — app) and OFF-1 (EU AI Act — org) framework templates — there is no separate GPAI template. The scoping questionnaire applies the platform tags Product:GPAIM (general-purpose AI model), ProductProperty:SR (systemic-risk), and SupplyTerms:GPAIMNonFOSS (non-FOSS) to flip the right requirements in or out.

Chapter V requirements map to:

Requirement	Description	OJ Article
MRF-120	GPAIM Classification	Article 51
MRF-121	GPAIM Classification Exemption	Article 52
MRF-122	GPAIM Training Data Summary	Article 53(1)(d)
MRF-123	GPAIM Legal Compliance Strategy	Article 53(1)(c) (copyright policy)
MRF-124	GPAIM Documentation and Downstream Integration	Article 53(1)(a)(b) + Annex XI / XII
ORF-95	GPAIM IPR Compliance Policy (org)	Article 53(1)(c)
ORF-96	GPAIM Cooperation with Competent Authorities (org)	Article 53
ORF-224	GPAIM Documentation Keeping (org)	Article 54
MRF-128	GPAIM EU Representative	Article 54
MRF-130	GPAIM EU Representative Mandate	Article 54(3)
MRF-131	GPAIM EU Representative Duty to Verify Evidence of Compliance	Article 54(3)
MRF-125	GPAIM-SR Evaluation	Article 55(1)(a)
MRF-126	GPAIM-SR Risk Assessment and Mitigation	Article 55(1)(b)
MRF-127	GPAIM-SR Security	Article 55(1)(d)
ORF-97	GPAIM-SR Serious Incident Reporting (org)	Article 55(1)(c)

Operating rules:

• The Article 51(2) 10²⁵ FLOPs classification (MRF-120) is captured at the project scoping stage; the rebuttal under Article 52(2) (if any) is recorded as control-level evidence on MRF-121.
• The Article 52(1) two-week notification to the Commission is the provider's process — Modulos records the notification artefact as control-level evidence on MRF-120; it does not file the notification.
• The Article 53(2) FOSS exemption is reflected via the questionnaire — the SupplyTerms:GPAIMNonFOSS tag is applied to non-FOSS models, and the FOSS-state evidence (licence, parameter publication) is recorded on MRF-124. The Article 53(1)(c) copyright policy (MRF-123, ORF-95) and Article 53(1)(d) training-data summary (MRF-122) still apply to FOSS models.
• The Article 54(6) FOSS authorised-representative exemption is reflected in MRF-128 scoping — systemic-risk FOSS models still require an authorised representative.
• The Article 55(1)(c) serious-incident report to the AI Office (ORF-97) is distinct from the Article 73 serious-incident report on high-risk AI systems (ORF-47 provider side / MRF-49 deployer side, reporting to market-surveillance authorities).
• The Article 56 Codes of Practice path is recorded as control-level evidence on the relevant Article 53 / 55 requirements — no dedicated Codes-of-Practice workflow surface.

Cross-framework mapping (preview)

Concept	EU AI Act Chapter V	Adjacent framework
Model-level transparency	Article 53(1)(a)(b)	NIST AI RMF GenAI Profile MEASURE 2; ISO 42001 Annex A documentation controls
Training-data summary	Article 53(1)(d)	(No direct GDPR analogue; Article 14 GDPR informs personal-data inclusion); ISO 42001 data-management controls
Adversarial testing	Article 55(1)(a)	NIST AI RMF GenAI Profile MEASURE 2.6 / MEASURE 2.7; OWASP LLM Top 10
Systemic-risk assessment	Article 55(1)(b)	NIST AI RMF MAP / MEASURE / MANAGE; ISO 23894
Serious-incident report (model level)	Article 55(1)(c) → AI Office	(Distinct from Article 73 EU AI Act system-level; distinct from Article 33 GDPR personal-data breach)
Cybersecurity for the model and infrastructure	Article 55(1)(d)	ISO 27001 Annex A; NIS2 Article 21
Copyright reservation handling	Article 53(1)(c) + Directive (EU) 2019/790 Art 4(3)	(CDSM Directive transposition in each Member State)

Related pages

EU AI Act overview

Four obligation regimes, classification flow, common misreadings

High-risk AI systems

Article 6 + Annex I / III routing; Articles 8–15 obligations on system providers

Prohibited practices and transparency

Article 5 prohibited practices + Article 50 transparency duties

Roles and responsibilities

Provider, deployer, importer, distributor, authorised representative; Article 25 accidental-provider

Operationalizing in Modulos

OFF-1 + MFF-1 rollout, scoping (including GPAIM / GPAIM-SR / GPAIM:FOSS tags), evidence

Source attribution

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 (the EU AI Act) is published in the Official Journal of the European Union L of 12 July 2024. Verbatim quotes on this page reflect the OJ-published 2024/1689 text. The Council press release of 7 May 2026 announcing the AI Omnibus provisional political agreement and the Commission's Digital Omnibus on AI proposal (COM(2025) 836 final, procedure 2025/0359(COD), 19 November 2025) are descriptive references — neither is legally binding. The AI Omnibus consolidated text, when published in the OJ, will supersede where it amends. Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market is referenced via Article 53(1)(c).

See it in Modulos

Modulos turns EU AI Act Chapter V GPAI obligations into a running compliance program — Article 53 documentation, Article 55 systemic-risk evaluations, and Codes of Practice evidence in one place.

Request a demo

Disclaimer

This page is for general informational purposes and does not constitute legal advice.