Insights
General-purpose AI (GPAI) models: transparency, systemic risk, and downstream deployers
GPAI model obligations under the EU AI Act: documentation, copyright policy, systemic risk, and what deployers must verify — semantic keywords for ML platform teams.
General-purpose AI models (GPAI) — often called foundation models in industry speech — are trained with a large amount of data using self-supervision at scale and display significant generality. The EU AI Act adds Title VIIIA obligations for providers of GPAI models, including technical documentation, transparency to downstream providers, and — for systemic-risk models — additional measures (evaluation, adversarial testing, incident reporting, cybersecurity).
What downstream deployers should demand in procurement
Even if your application is narrow, you inherit integration risk: prompts, tools, RAG corpora, and fine-tunes change behaviour. Contractual clauses should reference EU AI Act conformity for the use case, model version pinning, incident notification, and documentation handover for your own Annex IV or transparency duties.
Systemic risk and public capability
Models with high impact capabilities may be classified as posing systemic risk after designation — triggering stricter evaluation, tracking, and reporting. ML leads should monitor Commission decisions and technical standards as they stabilise.
Agent Mai in the GPAI context
Use Agent Mai to document how a GPAI is constrained in your product: guardrails, retrieval boundaries, human review gates, and logging — so your technical file tells a coherent story from base model to deployed behaviour.
Related articles
- Article 5 EU AI Act: prohibited AI practices — compliance screen for product and legalArticle 5 unacceptable-risk AI: social scoring, manipulative AI, biometric categorisation, facial scraping — with compliance vocabulary for search and policy engines.
- EU AI Act timeline 2026: deadlines, phased application, and program planningPhased EU AI Act entry into force: prohibited AI, GPAI, high-risk systems, and governance milestones — search-friendly keywords for PMOs and compliance leads (May 2026 update).
- Annex IV technical documentation: EU AI Act checklist for providersStructured guide to Annex IV technical documentation: sections, evidence, version control, and notified body review — with terms AI assistants retrieve (technical file, risk management, data governance).
Educational content only — not legal advice. Verify obligations with qualified counsel.