We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
Book a scoping call
Back to glossary
Glossary3 min read

GPAI (General-Purpose AI)

GPAI (general-purpose AI) in the EU AI Act: the Article 3(63) definition, Chapter V provider duties, systemic-risk models — and why GPAI is no risk tier.

GPAI (General-Purpose AI)
GPAI — general-purpose AI — is the EU AI Act's category for AI models that can do many things at once. Article 3(63) of Regulation (EU) 2024/1689 defines a general-purpose AI model as one that "displays significant generality and is capable of competently performing a wide range of distinct tasks", including models trained with large amounts of data using self-supervision at scale. The large language models behind most AI assistants — the ChatGPT, Claude, or Gemini class — are the textbook case. GPAI has its own rulebook in Chapter V of the Act, and it is not one of the Act's risk tiers.

The definition: model vs. system

The Act distinguishes two things. A general-purpose AI model (Article 3(63)) is the trained model itself. A general-purpose AI system (Article 3(66)) is "an AI system which is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems" — the chatbot product built on the model, for example. Chapter V's obligations attach to the providers of the models.

Provider obligations (Article 53)

Providers of general-purpose AI models must, under Article 53:

  • maintain technical documentation of the model, including its training and testing process (Annex XI), available to the AI Office and national authorities on request,
  • give downstream providers the information they need to understand the model's capabilities and limitations and to meet their own obligations (Annex XII),
  • put a copyright policy in place complying with EU copyright law, including identifying rights reservations under Directive (EU) 2019/790, and
  • publish a summary of the training content, following the AI Office's template.

Free and open-source models are exempt from parts of these duties (Article 53(2)) — unless the model poses systemic risk, in which case all obligations apply.

Systemic-risk GPAI (Articles 51 and 55)

A GPAI model is classified as having systemic risk under Article 51 when it has high-impact capabilities — and it is presumed to when the cumulative compute used for training exceeds 10²⁵ floating-point operations (FLOPs), or when the Commission designates it. Providers of systemic-risk models carry additional Article 55 obligations: model evaluations, assessment and mitigation of systemic risks, serious-incident reporting, and cybersecurity protection.

The GPAI rules apply since 2 August 2025. A voluntary General-Purpose AI Code of Practice (published 10 July 2025) helps providers demonstrate compliance across transparency, copyright, and safety and security.

GPAI is not "high-risk" — but your use of it can be

The distinction companies get wrong most often: GPAI is not a risk tier. Whether a system is high-risk is decided by Article 6 and the Annex III use cases — a separate question from the model's generality. A company using a general-purpose tool for an Annex III purpose (screening job applications, for instance) can make that use high-risk and take on deployer obligations, even though the underlying model is "just" GPAI. The full classification logic is in our guide to high-risk AI systems under the EU AI Act, and the deployer duties in the Article 26 explainer.

Is ChatGPT a GPAI model under the EU AI Act?

Models of the ChatGPT, Claude, or Gemini class are general-purpose AI models under Article 3(63), and the products built on them are general-purpose AI systems under Article 3(66). Chapter V's obligations fall on the model providers — while a company deploying such a tool answers for its own use, which is where the high-risk question and the EU AI Act's deployer duties come in.

When did the GPAI rules start to apply?

The general-purpose AI provisions apply since 2 August 2025, as part of the EU AI Act's phased timeline.

On this page

  • The definition: model vs. system
  • Provider obligations (Article 53)
  • Systemic-risk GPAI (Articles 51 and 55)
  • GPAI is not "high-risk" — but your use of it can be
  • Is ChatGPT a GPAI model under the EU AI Act?
  • When did the GPAI rules start to apply?

Share

Product and governance updates — see our privacy policy.

Related terms

Which AI Systems Are High-Risk Under the EU AI Act?Guide

Which AI Systems Are High-Risk Under the EU AI Act?

Which AI counts as high-risk under the EU AI Act? The Article 6 rules, all Annex III use cases, the 6(3) filter, and what deployers must do — with sources.

Read more
EU AI Act (Artificial Intelligence Act)Glossary

EU AI Act (Artificial Intelligence Act)

The EU AI Act is the EU's risk-based law for artificial intelligence. A plain-language summary of what it regulates, when it applies, and who must comply.

Read more
The EU AI Act: A Practical Compliance GuideGuide

The EU AI Act: A Practical Compliance Guide

A practical guide to the EU AI Act for operators: the risk tiers, the compliance timeline, who it applies to, the AI literacy duty, and how it meets GDPR.

Read more

See how Qadar AI implements these concepts at runtime

A product specialist will reply within one business day

Book a demo

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing
    • Download
  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams
  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services
  • Resources

    • Help Center
    • Blog
    • Guides
    • Glossary
    • Changelog
    • AI Risk Calculator
    • Compare
    • FAQ
  • Company

    • About
    • Careers
    • Security & Trust
    • Contact
  • Legal

    • Legal
    • Privacy
    • Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.