Contact Us

EU AI Act GPAI Guidelines: A Closer Look

  • Home
  • EU AI Act GPAI Guidelines: A Closer Look
EU AI Act GPAI Guidelines

On July 18, 2025, the General-Purpose Artificial-Intelligence (GPAI) guidelines were released by the European Commission pursuant to the EU Artificial Intelligence Act (Act), which took effect on August 1, 2024.

While these guidelines are not legally binding, they reflect how the European Commission interprets the Act and provide guidance for future enforcement actions and compliance expectations.

Ronin Legal examines these guidelines and their implications for GPAI providers.

What Qualifies As GPAI

Article 3(63) of the EU AI Act defines GPAI as a model trained on large-scale data using self-supervision. These models show broad capabilities and can handle a wide range of tasks. The model’s use is not limited by how it is placed on the market and can be integrated into many different systems and applications.

Models used only for research, development, or prototyping before market placement are excluded from this definition.

Technical Thresholds

A model qualifies as GPAI if its training compute exceeds 10^23 FLOP and has the ability to generate language, text-to-image, or text-to-video outputs.

Models with training compute exceeding 10^25 FLOP are presumed to have systemic risk, triggering enhanced obligations. The Commission can also designate models as systemically risky on its own initiative or following alerts from the scientific panel.

Who Must Comply

The guidelines cover four key areas: what qualifies as a GPAI model, who is considered a provider placing such models on the market, which providers may be exempt from certain obligations, and how providers must comply with the Act’s requirements.

The AI Act applies to any actor that places a GPAI model on the EU market, regardless of whether they are based within the Union or in a third country. Providers located outside the EU must appoint an authorized representative established within the EU before placing their model on the market.

Timeline and Enforcement

Obligations for GPAI providers will apply starting August 2, 2025. The European Commission, through the AI Office, is responsible for supervising, investigating, enforcing, and monitoring compliance.

Providers who have already placed GPAI models on the EU market before August 2, 2025, have a grace period and must become fully compliant by August 2, 2027. This obligation applies across the model’s entire lifecycle.

Standard GPAI Obligations

All GPAI providers must meet baseline requirements throughout the model lifecycle:

  1. Maintain and update documentation required under the Act
  2. Apply copyright policy to each relevant model (providers may adopt a single policy across all models)
  3. Create a publicly available summary of content used during training
  4. Conduct risk assessments and implement mitigation measures
  5. Apply governance-related risk controls

 

GPAI providers must also maintain technical documentation, share relevant information with downstream providers, and make documentation available to the AI Office and national authorities.

Enhanced Obligations for Systemic Risk Models

Providers of GPAI models with systemic risks must meet enhanced responsibilities. They must continuously assess and mitigate systemic risks, taking appropriate measures throughout the model’s lifecycle. Additionally, cybersecurity protection and physical security must be ensured.

Models meeting the systemic risk threshold trigger additional obligations:

  1. Notify the Commission within two weeks of meeting the threshold
  2. Notify the Commission before completing training if the provider can reasonably foresee the model will meet the criteria (within 2 weeks of such estimation)
  3. If the estimated value does not meet the threshold, closely monitor actual compute usage

 

Providers can submit supporting arguments if they believe their model does not present systemic risks despite meeting the threshold. If the Commission designates a model as systemically risky on its own initiative, providers can challenge the decision by filing a reasoned request for reassessment within six months.

Market Placement Scenarios

“Placing on the market” refers to making a GPAI model available within the EU for distribution or use as part of a commercial activity. The guidelines address different scenarios:

Upstream Provider

Upstream Provider refers to the entity or system that creates and supplies the foundational AI models.

When a GPAI model is developed by an upstream actor and made available for the first time to a downstream actor on the EU market, the upstream actor qualifies as the provider and must comply with GPAI obligations.

Downstream Provider

Downstream provider means a provider, which integrates an AI model, regardless of whether the AI model is provided by themselves or provided by another entity. If a downstream actor integrates a model into an AI system and places that system on the Union market, the downstream actor becomes the provider. However, a downstream actor is only deemed the provider of a modified GPAI model if changes substantially impact the model’s generality, capabilities, or systemic risk.

Third Country Scenarios

When a GPAI model is first made available to a downstream actor outside the EU, the upstream actor is generally treated as the provider if that downstream actor later brings the system into the EU. However, if the upstream actor explicitly excludes the model’s distribution or use in the EU, the downstream actor becomes the provider.

Looking Ahead

These guidelines help harmonize GPAI providers’ obligations under the Act. Providers of GPAI models who choose not to follow a code of practice assessed as adequate must demonstrate full compliance with Chapter V of the AI Act and explain how their chosen measures achieve compliance. This route may increase regulatory scrutiny, as the absence of a standardized code of practice makes it harder for the AI Office to assess compliance. For organisations navigating this complex legal terrain, partnering with an experienced AI law firm can provide critical insight into regulatory expectations and risk mitigation strategies under the EU AI Act.

Authors: Shantanu Mukherjee, Alan Baiju, Akshara Nair

Other Posts

Our Clients

Spektar
Engrail
UltraHuma
WSA
Kelix
Karkinos
Trampoline-1
Power
temple
Konfer-1
Xplorazzi
SBS-1

Awards & Recognitions

Add Your Heading Text Here
Add Your Heading Text Here
Add Your Heading Text Here
Add Your Heading Text Here
Add Your Heading Text Here

Testimonials

My relationship with Ronin Legal and Shantanu has advanced exponentially in a very positive direction in a very short time. The Ronin team is zealous in their partnership with us to advance the mission of our small start-up to become a world leader in neuroscience development. Ronin has taken the lead with review of our legal and technical documents and contracts. They are subject matter experts in general counsel services across our global environment. It is a pleasure to work with a team that is pragmatic and responsive in all circumstances. They are second to none.

Janet Flisak

Executive Director, Clinical Development, Engrail Therapeutics

Shantanu and the team at Ronin have been invaluable partners for our investment firm’s expansion into co-development of specialty pharmaceutical drugs. As we made the transition from more traditional VC investing to direct drug development collaborations, the team at Ronin have utilized their deep domain expertise in cross border pharma to help us set up an effective and compliant structure for our project. I would highly recommend Ronin to any organization in the life sciences space that is looking for legal partners with in depth understanding of the various nuances of this dynamic sector.

Zarvaan Merchant

Managing Director, Spektar Therapeutics

I’ve been very happy with Ronin’s ability to ramp resources up or down depending on what we require in a particular week or month. In addition, the ability to connect with multiple lawyers across jurisdictions quickly (US, UK, UAE, Singapore), help us to assess international law firms and then work with them to get the best legal advice is very appreciated.

Bhuvan Srinivasan

Chief Business Officer, Ultrahuman

Shantanu and the Ronin team have been very pragmatic and responsive business partners, working with Konfer – an agentic genAI product for confident continuous compliance to Regulations. They analysed the state of AI regulation in various countries, and reviewed the EU AI Act and other relevant AI legislation offerings of our product. The team’s ability to align complex legal information to product offerings has been invaluable to us. Ronin Legal has negotiated our business contracts for partnerships. They’re solution-oriented and cost-effective, and I would highly recommend Ronin Legal to startups and tech companies everywhere, and especially those building AI powered businesses.

Debu Chatterjee

CEO, Founder, Konfer.AI.

I have worked with the Shantanu, and his team, for a number of years during which time his insight and acumen have helped us greatly in the negotiation of a number of pharmaceutical licensing agreements and in the formation of new subsidiaries. I thoroughly recommend Ronin Legal to anyone seeking advice and guidance in pharmaceutical deal making.

Damon Smith

Chairman, Altus Group of Companies

Shantanu and team Ronin were meticulous, detailed, persevering and most importantly batting entirely for our side through our seed round fundraise and beyond. They were always approachable, available and balancing principle with pragmatism. I would highly recommend the team for any startup related legal matter.

Abhik Ghosh

Founder, 26 Décor

First of all, of behalf of SIIX Corporation, we wish to congratulate you & team on the launch of your new website!

 

We are very happy to be engaged with you & your professional team on our business venture in India and on establishing our JV initiatives. With your expertise, integrity, and commitment to providing trusted legal guidance, we truly believe to achieve our goals and successfully complete our JV partnership and, to expand our business in India with your support.

Shanmugam Gurusamy

Managing Director, SiiX India Private Limited

Ronin Legal has become an integral part of our deal process. Their solution-oriented mindset, combined with consistently high-quality work and exceptional responsiveness, makes contract negotiations smoother and more efficient. They truly understand our business needs

Dr. Madeha Khan

Working with Shantanu and Ronin Legal has been truly transformative for my startup. From our very first meeting, Shantanu stood out with his approachable manner and deep commitment to understanding my business. He consistently showed genuine interest and empathy, always providing clear, practical advice that’s perfectly tailored to our needs.

 

What truly sets Shantanu and Ronin Legal apart is their unique blend of legal expertise and a true partnership mindset. They deeply understands the challenges of building a startup, cutting through jargon to give advice that’s actually useful and helping us avoid costly mistakes without any pressure. It feels less like a traditional client relationship and more like having a dedicated co-pilot invested in our journey. They have become an invaluable ally, that we trust and depend on.

Tani Tasopoulou

Founder & CEO, OrgDesignWays Consulting

I cannot speak highly enough about the exceptional service provided by Ronin Legal. Their team made what could’ve been a complicated and stressful IP process feel smooth and manageable. From the outset, their team demonstrated a deep understanding of intellectual property law, offering not only expert legal guidance but also a strategic mindset advising on protection of our brand in various regions. They were responsive, thorough, and truly acted as partners in safeguarding our IP assets. Their attention to detail, clarity in communication, and professionalism gave us complete confidence throughout the process thus far. I wouldn’t trust anyone else with our intellectual property.

Karen Liao

The Wrong Gym

Legal updates

UAE Business Regulation Trends 2025: What to Know
August 26, 2025

UAE Business Regulation Trends 2025: What to Know

Google’s $30 Million Settlement and The Coppa: A Closer Look
August 22, 2025

Google’s $30 Million Settlement and The Coppa: A Closer Look

Hey, Who Let the AI In? A Closer Look at the Otter. AI lawsuit
August 22, 2025

Hey, Who Let the AI In? A Closer Look at the Otter. AI lawsuit

View ALL

Stay Updated.

To subscribe to our newsletter, click on the link below

SUBSCRIBE NOW

Copyright © 2025  |  Ronin Legal   |   Website Maintained by Law Strings Management  |  Privacy Policy  |  Cookie Policy  |  Terms of Use

Leave Us A Message

Cookie Consent with Real Cookie Banner