The definition: model vs. system
The Act distinguishes two things. A general-purpose AI model (Article 3(63)) is the trained model itself. A general-purpose AI system (Article 3(66)) is "an AI system which is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems" — the chatbot product built on the model, for example. Chapter V's obligations attach to the providers of the models.
Provider obligations (Article 53)
Providers of general-purpose AI models must, under Article 53:
- maintain technical documentation of the model, including its training and testing process (Annex XI), available to the AI Office and national authorities on request,
- give downstream providers the information they need to understand the model's capabilities and limitations and to meet their own obligations (Annex XII),
- put a copyright policy in place complying with EU copyright law, including identifying rights reservations under Directive (EU) 2019/790, and
- publish a summary of the training content, following the AI Office's template.
Free and open-source models are exempt from parts of these duties (Article 53(2)) — unless the model poses systemic risk, in which case all obligations apply.
Systemic-risk GPAI (Articles 51 and 55)
A GPAI model is classified as having systemic risk under Article 51 when it has high-impact capabilities — and it is presumed to when the cumulative compute used for training exceeds 10²⁵ floating-point operations (FLOPs), or when the Commission designates it. Providers of systemic-risk models carry additional Article 55 obligations: model evaluations, assessment and mitigation of systemic risks, serious-incident reporting, and cybersecurity protection.
The GPAI rules apply since 2 August 2025. A voluntary General-Purpose AI Code of Practice (published 10 July 2025) helps providers demonstrate compliance across transparency, copyright, and safety and security.
GPAI is not "high-risk" — but your use of it can be
The distinction companies get wrong most often: GPAI is not a risk tier. Whether a system is high-risk is decided by Article 6 and the Annex III use cases — a separate question from the model's generality. A company using a general-purpose tool for an Annex III purpose (screening job applications, for instance) can make that use high-risk and take on deployer obligations, even though the underlying model is "just" GPAI. The full classification logic is in our guide to high-risk AI systems under the EU AI Act, and the deployer duties in the Article 26 explainer.
Is ChatGPT a GPAI model under the EU AI Act?
Models of the ChatGPT, Claude, or Gemini class are general-purpose AI models under Article 3(63), and the products built on them are general-purpose AI systems under Article 3(66). Chapter V's obligations fall on the model providers — while a company deploying such a tool answers for its own use, which is where the high-risk question and the EU AI Act's deployer duties come in.
When did the GPAI rules start to apply?
The general-purpose AI provisions apply since 2 August 2025, as part of the EU AI Act's phased timeline.

