General-Purpose AI (GPAI) Model Compliance Template
Obligations checklist for providers of general-purpose AI models, including foundation models and those with systemic risk (>10²⁵ FLOPs training compute).
Quick Answer
GPAI model providers must maintain Annex XI technical documentation, publish training data summaries, and — for models with systemic risk — conduct adversarial testing and report incidents to the EU AI Office.
Compliance Checklist (8 items)
Penalty if not compliant
Up to €15 million or 3% of global annual turnover for GPAI obligations; up to €30 million / 6% for systemic-risk model violations.
Frequently Asked Questions
What is a general-purpose AI model under the EU AI Act?
A GPAI model is trained on large amounts of data using self-supervision at scale, displays significant generality, and can competently perform a wide range of distinct tasks regardless of how it was placed on the market.
What triggers "systemic risk" classification for a GPAI model?
A model is presumed to have systemic risk when trained with more than 10²⁵ floating-point operations (FLOPs). The AI Office may also designate models as systemic risk based on their actual or reasonably foreseeable impact.
Do GPAI obligations apply to open-source models?
Open-source GPAI models benefit from reduced obligations (mainly copyright policy and documentation summaries), unless they present systemic risk — in which case full systemic-risk obligations apply regardless of licence.
Need this turned into a real document?
Our compliance sprint service delivers production-ready documents tailored to your organisation in 5–15 business days. A senior compliance specialist reviews every document before delivery.