On 13.03.2024, the European Parliament adopted the EU Artificial Intelligence Act and introduced the first legal framework to regulate artificial intelligence. As of 02.02.2025, the provision prohibiting unacceptable-risk AI systems has entered into force.

As of 02.08.2025, the specific obligations concerning general-purpose AI models (“GPAI”), as well as the provisions on governance, supervision, oversight and enforcement, have become applicable. The European Commission and the EU AI Office have published guidelines and code of practice for GPAI providers. From this date onwards, member states shall commence the process of designating their national market surveillance authorities, establishing a unified supervisory structure at EU level. As of 2 August, these rules will apply directly to all GPAI models placed on the market after this date, while models placed on the market before that date are expected to achieve full compliance by 02.08.2027.

A provider that retrains an existing GPAI model will be classified as a new GPAI provider if, during the retraining, it expends at least one-third of the computational power used to train the original model, and if the modification leads to a significant change in the model’s overall capabilities, risk profile, or intended purpose. Similarly, revisions that materially alter a model’s functionality or its systemic risk level may also lead to GPAI provider status.

GPAI model providers are subject to comply with certain fundamental obligations under the AI Act. They are required to document in detail all technical aspects of the model’s development, training, testing, and evaluation processes, and to keep such documentation up to date, making it available upon request to both downstream providers and supervisory authorities. In addition, the data used for training must be selected in compliance with intellectual property legislation, and providers are expected to adopt a copyright compliance strategy to prevent potential infringements. Each provider is also expected to establish a copyright policy ensuring that the use of training data complies with intellectual property rights. Furthermore, providers must publish a public summary of the training data sources and methods used and must cooperate with national and EU-level supervisory authorities by providing any information or documentation they may request.

Further details regarding the AI Act can be found here, and detailed information on the prohibition of AI systems posing an unacceptable level of risk can be found here.

Should you have any inquiries, please do not hesitate to contact us.