Hael
Sign inRequest a demo
EU AI Act · Requirements

What is a General-Purpose AI (GPAI) model under the EU AI Act?

Updated 30 June 2026 · 6 min read
Key takeaway
A general-purpose AI (GPAI) model under the EU AI Act is a model trained on broad data that can perform a wide range of tasks and be built into many different applications. Foundation models behind popular AI products are the clearest example. The Act regulates GPAI models separately from the four risk tiers, with a baseline set of obligations and tougher rules for models judged to pose systemic risk.
  • GPAI models are broad, adaptable models (such as foundation models) regulated separately from the four risk tiers.
  • Baseline obligations include technical documentation, downstream information, a copyright policy, and a training-content summary.
  • Systemic-risk GPAI models face extra duties such as evaluation, adversarial testing, and incident reporting.
  • GPAI obligations took effect August 2025, with full compliance for pre-existing models by August 2027.
  • Current as of June 2026. This is general information, not legal advice.

How GPAI is defined

GPAI models are distinguished by their generality: they are not built for one narrow purpose but can be adapted to many. Because they sit upstream of so many products, the Act places obligations on the GPAI provider rather than leaving everything to the downstream developers who build on them.

The baseline obligations

Providers of GPAI models must, among other things:

  • Maintain technical documentation of the model, including its training and testing.
  • Provide information and documentation to downstream providers who integrate the model, so they can meet their own obligations.
  • Put in place a policy to comply with EU copyright law.
  • Publish a sufficiently detailed summary of the content used to train the model, using the template provided by the AI Office.

These obligations took effect on 2 August 2025. Free and open-source GPAI models are exempt from some of these requirements, though they must still meet the copyright and training-summary duties.

Systemic-risk models

A GPAI model can be classified as posing systemic risk, for example where it is trained using computing power above a defined threshold. Providers of systemic-risk models face additional obligations, including model evaluation and adversarial testing, assessing and mitigating systemic risks, reporting serious incidents, and ensuring adequate cybersecurity. These rules apply even to open-source models that cross the systemic-risk threshold.

The Code of Practice

To help providers show compliance, the EU published a General-Purpose AI Code of Practice. It gives a practical route to meeting the GPAI obligations and is a useful reference point for providers working out what good looks like.

What it means for you

If you build a GPAI model, the obligations apply to you directly and have been in force since August 2025 (with a longer transition for models already on the market before that date, who must be in full compliance by 2 August 2027). If you build products on top of someone else's GPAI model, you are usually a downstream provider or deployer: your obligations come from how you use the model and what you build, and you rely on the GPAI provider's documentation to meet them.

Key terms

GPAI
General-purpose AI: a model trained on broad data and adaptable to many downstream tasks.
Foundation model
A large model that serves as a base for many downstream AI products and applications.
Systemic risk
A classification for GPAI models whose scale or capability triggers additional obligations.
Training-content summary
A sufficiently detailed public summary of the content used to train a GPAI model.
Code of Practice
The EU's practical guidance for GPAI providers on meeting their obligations under the Act.

References

Related guides

Keep reading on EU AI Act.

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN