The provisions of the EU Regulation on Artificial Intelligence (AI Act) start to come into force in stages and we are now approaching another important milestone. On 2 August 2025, further regulations will start to apply that will affect the activities of entities developing and making AI systems available, in particular the so-called General Purpose AI (GPAI) models. These models play a key role in the AI value chain, often providing the foundation for solutions developed by others. The new obligations may therefore affect not only the original suppliers of these models, but also the organisations that modify or integrate them in their products. 

What are GPAIs and who should prepare? 

In a nutshell, GPAIs are AI models that are not just designed for one specific application, but can be used for many different tasks. Examples of GPAI include large language models (e.g. GPT, Claude), generative models for creation of graphics (e.g. DALL-E, Midjourney) or models used in no-code/low-code tools. 

In accordance with the definition in the AI Act, a GPAI provider is any entity that develops or commissions the development of such a model and places it on the EU market. Marketing can take various forms, from publishing of model files, to making it available in a repository, to commercial access via an API. 

The regulations also cover entities that modify the existing model and make its revised version available, the so-called downstream modifiers. Moreover, an organisation that integrates its own GPAI model into a marketed AI system can be considered as its supplier. 

On the other hand, an entity that merely integrates someone else’s GPAI model into its own product is not considered as a model provider – unless it modifies the model and makes it further available as its own. 

What obligations will come into force on 2 August 2025? 

Pursuant to Articles 53-55 of the AI Act, the obligations that will become effective from August include: 

  1. preparing and making available the technical documentation of the model, 
  1. publication of summary of the datasets used to train the model, 
  1. implementing measures to ensure compliance with EU law, including copyright law. 

In the case of GPAI models with “systemic risk” (e.g. very large), the obligations are more stringent. These include, but are not limited to: risk assessment, independent security tests and oversight of the impact on fundamental rights. 

Draft guidelines and code of practice 

On 22 April 2025, the European Commission published the draft GPAI guidelines (GPAI Guidelines Consultation). It contains interpretative proposals for the application of the provisions on GPAI. Although this is only a draft version, the document can provide initial indications that can serve as a reference for planning the implementation of compliance measures. 

In addition, the final code of practice for GPAI, developed with industry input, is to be published in May or June 2025, which will further assist organisations in meeting their obligations. 

What will happen to models already available on the market? 

The AI Act provides an important relief for GPAI models that were marketed before 2 August 2025. For them, the new obligations will not have to be applied retroactively, e.g. to data used for earlier training. This means that suppliers will not be required to re-train or “de-train” such models to comply with the new regulations. 

2 August 2025 is an important date for the entire AI ecosystem in the EU. If your organisation uses GPAI in its products, this is the last moment to assess your role in the supply chain and check that the processes you have in place comply with the upcoming requirements.