EU AI Act Article 50 transparency obligations apply 2 August 2026 — soon days left. Check your exposure →

GPAI · Updated 19 June 2026

What is general-purpose AI (GPAI)?

General-purpose AI (GPAI) means models — such as large language models — that show significant generality and can be used for many different tasks and integrated into many systems. The EU AI Act sets specific obligations for GPAI providers, with extra duties for the most capable models that pose systemic risk.

By Spencer Welch — founder of AI Act Ready (Immersible Ltd), advising UK and EU businesses on EU AI Act compliance, ISO/IEC 42001 and AI governance.

Key facts

Definition: models that can perform a wide range of tasks and be integrated into many systems.
Examples: large language models and other foundation models behind tools like chatbots.
GPAI provider obligations have applied since 2 August 2025.
Provider duties: technical documentation, downstream information, an EU copyright policy and a training-data summary.
The most capable models carry extra systemic-risk duties; a voluntary Code of Practice supports compliance.

What counts as general-purpose AI?

GPAI is a model that displays significant generality and can competently perform a wide range of tasks, then be integrated into many different downstream systems — large language models are the obvious example. The Act regulates the model layer separately from the specific AI systems built on top of it.

What obligations do GPAI providers have?

Providers of GPAI models must maintain up-to-date technical documentation, provide information and documentation to downstream providers who integrate the model, put in place a policy to respect EU copyright law, and publish a sufficiently detailed summary of the content used for training. These duties have applied since 2 August 2025.

What is GPAI with systemic risk?

The most capable models — those with high-impact capabilities — are classed as posing systemic risk and carry additional obligations: model evaluations and adversarial testing, systemic-risk assessment and mitigation, incident tracking and reporting, and cybersecurity protection.

What is the GPAI Code of Practice?

The European Commission published a General-Purpose AI Code of Practice covering transparency, copyright, and safety and security. It is voluntary, but signing up gives providers a clear route to demonstrate compliance. Models placed on the market before 2 August 2025 have until 2 August 2027 to comply.

What does GPAI mean for deployers?

Most organisations are deployers of GPAI, not providers: you use a tool built on someone else's model. Your duties flow from how you use it — transparency where people interact with AI, supplier due diligence on the provider, and high-risk obligations if your use is high-risk. See our GPAI guide.

Frequently asked questions

What is general-purpose AI (GPAI)?

A model that can perform a wide range of tasks and be integrated into many systems — large language models are the main example.

What obligations do GPAI providers have?

Technical documentation, information for downstream users, an EU copyright policy, and a public summary of training-data content.

When did GPAI obligations start?

They have applied since 2 August 2025; models placed on the market before that date have until 2 August 2027 to comply.

What is systemic-risk GPAI?

The most capable models, which carry extra duties: evaluations, adversarial testing, systemic-risk mitigation, incident reporting and cybersecurity.

Is ChatGPT a GPAI model?

The underlying model is general-purpose AI; the provider holds GPAI obligations, while your use of the tool makes you a deployer.

Does GPAI affect most businesses as providers or deployers?

As deployers — most organisations use tools built on GPAI rather than training and supplying the models themselves.

Related pages

Sources

Last updated 19 June 2026.