In this guide
- What is general-purpose AI (GPAI)?Definition, provider obligations and what deployers need to know.
Key facts
| Definition | Models that can perform a wide range of tasks and be integrated into many systems |
|---|---|
| Examples | Large language models and other foundation models behind tools like chatbots |
| In force | GPAI provider obligations have applied since 2 August 2025 |
| Provider duties | Technical documentation, information for downstream users, and a copyright and training-data policy |
| Systemic risk | The most capable models carry extra risk-assessment, security and reporting duties |
| Code of Practice | A voluntary EU tool (transparency, copyright, safety and security) to show compliance |
What counts as general-purpose AI?
GPAI is a model that displays significant generality and can competently perform a wide range of tasks, then be integrated into many different downstream systems — large language models are the obvious example. The Act regulates the model layer, separately from the specific AI systems built on top of it. See what is GPAI?
Obligations for GPAI providers
Providers of GPAI models must maintain up-to-date technical documentation, provide information and documentation to downstream providers who integrate the model, put in place a policy to respect EU copyright law, and publish a sufficiently detailed summary of the content used for training. These duties have applied since 2 August 2025.
GPAI with systemic risk
The most capable models — those with high-impact capabilities — are classed as posing systemic risk and carry additional obligations: model evaluations and adversarial testing, systemic-risk assessment and mitigation, incident tracking and reporting, and cybersecurity protection.
The GPAI Code of Practice
The European Commission published a General-Purpose AI Code of Practice covering transparency, copyright, and safety and security. It is voluntary, but signing up gives providers a clear route to demonstrate compliance with their obligations. Models placed on the market before 2 August 2025 have until 2 August 2027 to comply.
What GPAI means for deployers
Most organisations are deployers of GPAI, not providers: you use a tool built on someone else's model. Your duties flow from how you use it — transparency where people interact with AI, supplier due diligence on the provider, and high-risk obligations if your use is high-risk. Knowing which role you hold is the starting point.
Frequently asked questions
What is general-purpose AI (GPAI)?
A model that can perform a wide range of tasks and be integrated into many systems — large language models are the main example.
What obligations do GPAI providers have?
Technical documentation, information for downstream users, an EU copyright policy, and a public summary of training-data content.
When did GPAI obligations start?
They have applied since 2 August 2025; models placed on the market before that date have until 2 August 2027 to comply.
What is systemic-risk GPAI?
The most capable models, which carry extra duties: evaluations, adversarial testing, systemic-risk mitigation, incident reporting and cybersecurity.
Is ChatGPT a GPAI model?
The underlying model is general-purpose AI; the provider holds GPAI obligations, while your use of the tool makes you a deployer.
Related guides
Sources
Last updated 19 June 2026.