Key facts
- Format: one-page PDF briefing for non-technical deployer audiences.
- Explains why your deployer duties apply even when the model is a third party's.
- Covers GPAI provider obligations, systemic-risk models and the Code of Practice.
- Includes questions to ask your GPAI vendor before and during deployment.
- Free to download — pairs with the GPAI guide.
What is the GPAI deployer briefing?
It is a short, non-technical briefing for organisations that use general-purpose AI models — most obviously large language models like those behind popular AI chat tools — without having built the model themselves. Being a deployer rather than the provider does not remove your obligations under the EU AI Act; this briefing sets out what still applies to you.
Who is it for?
Any organisation integrating a third-party GPAI model into its products or workflows, and anyone who needs to explain to leadership why 'we didn't build the model' doesn't mean 'we have no obligations'.
What the briefing covers
What counts as GPAI. Models trained on broad data that can perform many tasks and be integrated into many systems.
Provider obligations. Technical documentation, training-data summaries, a copyright policy and transparency to downstream deployers — obligations that sit with the model provider, not you.
Your obligations as deployer. Transparency and human-oversight duties still apply, and can be more demanding if the GPAI model is used inside a high-risk system.
Systemic-risk models. Very capable GPAI models above defined thresholds face extra obligations like evaluations and incident reporting.
Vendor questions. What to ask a GPAI provider about documentation, evaluations, acceptable use and Code of Practice status.
How to use it
Use it to brief non-technical stakeholders on why GPAI use still carries obligations, and pair it with the vendor questions when running due diligence — see the vendor due diligence questionnaire. If your GPAI-based tool feeds into a high-risk use case, check the high-risk AI obligations checklist as well.
Frequently asked questions
What is general-purpose AI (GPAI)?
AI models trained on broad data that can perform many tasks and be integrated into many systems, such as large language models.
What obligations apply to GPAI providers?
Technical documentation, training-data summaries, a copyright policy, and transparency to downstream deployers.
When did GPAI rules start applying?
GPAI model obligations have applied since 2 August 2025, with governance and enforcement building through 2026.
What must deployers of GPAI know?
Your obligations as a deployer — transparency and human oversight — still apply even when the underlying model belongs to a third party.
Is a popular AI chat assistant a GPAI model?
The underlying model is GPAI; its provider holds GPAI obligations, and you hold deployer duties when you use it.
How does GPAI relate to high-risk AI?
A GPAI model integrated into a high-risk use case can pull the overall system into high-risk obligations.
What should buyers ask GPAI vendors?
For documentation, evaluations, acceptable-use terms, data provenance and Code of Practice status.
Related pages
Sources
Last updated 19 June 2026.