On August 1, 2025, Meta’s Chief Global Affairs Officer Joel Kaplan posted a statement refusing to sign the EU AI Act’s GPAI Code of Practice. He called it “legally ambiguous” and said it “goes far beyond the scope of the AI Act.” xAI signed only the safety and security chapter, calling the copyright provisions “clearly over-reach.”
Twenty-four other companies signed. Amazon, Anthropic, Google, IBM, Microsoft, OpenAI, Mistral AI, Cohere, Aleph Alpha, and fifteen more. The Code was finalized on July 10, 2025, the Commission endorsed it, and a Signatory Taskforce was formed in February 2026 to guide implementation.
Meta’s refusal changed nothing about its legal obligations. Articles 53 and 55 of Regulation (EU) 2024/1689 apply to every GPAI provider placing models on the EU market, whether or not they signed the Code. What Meta lost was a seat at the table where interpretive guidance is being shaped, and the “good faith” treatment the AI Office extends to signatories during the initial enforcement period.
This split reveals the deeper reality of GPAI regulation under the EU AI Act. The obligations themselves are clear enough. What is not clear is how they apply in the grey zones: when fine-tuning makes you a new provider, what copyright compliance means for models trained on data collected years ago, and what information you actually owe the companies building high-risk AI systems on top of your model.
What Counts as a GPAI Model?
Art. 3(63) defines a general-purpose AI model as one “trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks.” If a model can generate language, images, or video and was not built for a single narrow purpose, it is almost certainly GPAI.
Two thresholds matter, and most coverage conflates them.
The July 2025 Commission Guidelines (C(2025) 5045 final) set 10^23 FLOPs of training compute, combined with generative modality, as an “indicative criterion” that a model qualifies as GPAI. This is not a binding presumption. It is weaker language than the earlier Working Paper proposed, and it is aimed primarily at helping downstream actors assess whether a model they are using or modifying falls under GPAI rules.
The second threshold is in the Act itself. Art. 51(2) sets 10^25 FLOPs of cumulative training compute as a rebuttable presumption of systemic risk. Models above this line face a second, heavier layer of obligations on top of the baseline.
Named models that likely exceed the systemic risk threshold include GPT-4, Claude Opus, Gemini Pro and Ultra, and Llama 4. The exact number of providers above 10^25 FLOPs is approximately eleven worldwide, according to Epoch AI data. But the threshold is becoming less meaningful as algorithmic efficiency improves. DeepSeek demonstrated high capability with substantially less compute, raising the question of whether FLOPs alone are a durable measure of systemic risk.
The Two Tiers of Obligation
Tier 1: Every GPAI Provider (Art. 53)
All providers placing a GPAI model on the EU market must comply with four obligations. These have been enforceable since August 2, 2025.
| Obligation | What It Means | Source |
|---|---|---|
| Technical documentation | Architecture, training methodology, evaluation results per Annex XI | Art. 53(1)(a) |
| Downstream information | Enough info for high-risk AI deployers to comply with their obligations, per Annex XII | Art. 53(1)(b) |
| Copyright compliance | Comply with EU copyright law, including TDM opt-outs under Directive 2019/790 Art. 4 | Art. 53(1)(c) |
| Training data summary | Publicly available description of training data content, using AI Office template | Art. 53(1)(d) |
Tier 2: Systemic Risk (Art. 55, in addition to Tier 1)
Models above 10^25 FLOPs, or designated by the Commission based on a Scientific Panel alert, must also comply with:
| Obligation | What It Means | Source |
|---|---|---|
| Model evaluation | Standardized and adversarial testing (red-teaming) before deployment and ongoing | Art. 55(1)(a) |
| Risk assessment | Systemic risks including misuse, critical infrastructure threats, societal impact | Art. 55(1)(b) |
| Incident reporting | Serious incidents reported to AI Office without undue delay | Art. 55(1)(c) |
| Cybersecurity | Adequate protection for model weights, training infrastructure, and deployment | Art. 55(1)(d) |
Providers can contest the systemic risk presumption by demonstrating the model lacks “high-impact capabilities” per Annex XIII. First rebuttal at notification. Reassessment available six months after initial designation. The AI Office must respond within defined timeframes, but no formal designation or rebuttal has been publicly reported as of April 2026.
Penalties for non-compliance: up to EUR 15 million or 3% of global annual turnover, whichever is higher.
The Open-Source Question
The open-source exemption under Art. 53(2) is narrower than much of the open-source community believes.
GPAI models released under a qualifying free and open-source licence are exempt from two of the four baseline obligations: technical documentation (Art. 53(1)(a)) and downstream information sharing (Art. 53(1)(b)). They are not exempt from copyright compliance or the training data summary. And the exemption disappears entirely if the model crosses the systemic risk threshold.
A licence qualifies if it permits use, access to model parameters, modification, and redistribution. It loses qualification under any of these conditions: non-commercial use restrictions, research-only limitations, user-size thresholds, or mandatory commercial licensing for certain uses.
More subtly, a model loses its open-source status through monetization. Dual licensing with a commercial tier, charging for access to model weights, imposing hosted-access fees that create functional dependency, or conditioning access on personal data processing for commercial benefit all disqualify the exemption. This catches a significant portion of the “open-source” AI ecosystem, where many models are released under permissive licences but monetized through hosted API access.
The open-source exemption is a partial exemption from two of four baseline obligations. It is not a free pass. For the full analysis — including which models actually qualify, how the AI Act definition compares to OSAID, and three compliance scenarios — see our Open Source AI deep dive.
Grey Zone 1: When Fine-Tuning Makes You a Provider
This is the hardest practitioner question in GPAI compliance and no competitor provides a definitive answer, because no definitive answer exists.
Art. 25 of the AI Act addresses modifications to AI systems, including GPAI models. The July 2025 Guidelines introduced what has become known as the 1/3 FLOP criterion: “an indicative criterion for when a downstream modifier is considered to be the provider of a general-purpose AI model is that the training compute used for the modification is greater than a third of the training compute of the original model” (Guidelines paragraph 63).
This is an indicative criterion in non-binding guidelines, not a hard threshold in the regulation itself. It applies only to downstream actors modifying someone else’s model, not to the original provider updating their own.
The practical implications are significant. Fine-tuning Llama with 1% of its original training compute almost certainly leaves Meta as the GPAI provider. Fine-tuning with 40% of the original compute may make the fine-tuner a new GPAI provider with full Art. 53 obligations, including documentation, copyright compliance, and a training data summary.
The Guidelines do not address whether cumulative modifications over time count toward the 1/3 threshold. A company that fine-tunes a model repeatedly in small increments could theoretically cross the threshold without any single modification being large enough to trigger it.
API providers present another grey zone. The model developer (OpenAI for GPT-4, Anthropic for Claude) is the GPAI provider. A cloud platform merely hosting the model without modification is not. But platforms offering fine-tuning-as-a-service occupy uncertain ground: the platform modifies the model on behalf of the customer. Which entity is the provider?
The 1/3 FLOP criterion is a useful heuristic. But it exists in a guideline, not a regulation. Until the Commission issues binding guidance or a court rules, every fine-tuner above a trivial modification level is making a legal judgment call about their own regulatory status.
Grey Zone 2: What Copyright Compliance Actually Means
Art. 53(1)(c) requires GPAI providers to comply with EU copyright law, specifically the Text and Data Mining framework in Art. 4 of Directive 2019/790. The Code of Practice’s copyright chapter elaborates: establish a copyright policy, crawl only lawfully accessible content, respect machine-readable opt-outs (robots.txt), and designate a contact point for rights-holder complaints. The AI Office template requires providers to list the websites from which they sourced the most training data.
The first appellate court test came on December 10, 2025, when the Hamburg Higher Regional Court ruled in Kneschke v. LAION (Case 5 U 104/24). Robert Kneschke, a photographer, sued LAION for including his copyrighted images in the LAION-5B training dataset. The court held that LAION’s use was covered by the TDM exception for scientific research under Section 60d of the German Copyright Act (implementing Art. 3 of the DSM Directive). Pre-processing for AI training qualifies as TDM. But critically, the court found that Kneschke’s TDM opt-out was invalid because it was not machine-readable. General terms of use and human-readable disclaimers are insufficient. Only machine-readable signals like robots.txt qualify.
This ruling confirms that training on publicly available copyrighted content can be lawful under the TDM exception, but the exception has conditions. Machine-readable opt-outs must be respected. The court allowed further appeal to the BGH (Federal Court of Justice), leaving open questions about burden of proof and what qualifies as “machine-readable.”
For GPAI providers, the practical question is harder than the legal framework suggests. Most large language models were trained on data collected before robust opt-out mechanisms were widely deployed. Retroactive compliance with opt-outs that did not exist at the time of data collection is technically impossible for already-trained models. The regulation requires prospective compliance. But what about the model weights that already encode the influence of copyrighted data collected without opt-out respect?
This is why xAI called the copyright chapter “clearly over-reach” and Meta cited it as a reason not to sign the Code. The legal obligation is clear. The practical path to compliance for pre-existing models is not.
Grey Zone 3: The Downstream Information Gap
Art. 53(1)(b) requires GPAI providers to share information and documentation sufficient for downstream providers to comply with their own obligations. Annex XII specifies the categories: model capabilities, known limitations, risks, and integration guidance.
Neither the Act nor the Code of Practice specifies the format, the completeness standard, or the minimum level of detail for this information. A company building a high-risk hiring tool on GPT-4 needs to know about the model’s biases, its training data characteristics, and its limitations in order to complete its own conformity assessment under Art. 43. What exactly must OpenAI provide?
Current practice varies wildly. Some providers publish detailed model cards with evaluation results, known failure modes, and recommended use cases. Others provide usage policies and system prompt documentation. The depth and format are entirely provider-determined. Art. 89 gives downstream providers the right to lodge complaints with the AI Office if they believe upstream GPAI providers are not meeting their information obligations, but this enforcement mechanism has not been tested.
The downstream information gap is where the GPAI framework (Chapter V) meets the high-risk AI framework (Chapter III), and neither side has a template for the handoff. This will be one of the first areas where the AI Office’s enforcement powers, which activate on August 2, 2026, are likely to be tested through downstream provider complaints.
The Code of Practice: What Signing Means
The GPAI Code of Practice was finalized on July 10, 2025, after three drafts over nine months and input from over 1,000 stakeholders. The Commission and AI Board endorsed it via Adequacy Decisions on August 1, 2025. Twenty-four companies signed. A Signatory Taskforce, chaired by the AI Office, was formed in February 2026 to facilitate coherent implementation.
The Code has three chapters. Chapter 1 (Transparency) covers technical documentation and downstream information sharing. Chapter 2 (Copyright) addresses TDM compliance, training data summaries, and rights-holder engagement. Chapter 3 (Safety and Security) covers model evaluation, risk assessment, incident reporting, and cybersecurity for systemic risk models.
Its legal status requires precision. The Code is voluntary and not legally binding. Compliance with the Code serves as evidence of meeting Art. 53 and 55 obligations, but it does not create a formal presumption of conformity in the way that harmonised standards would under Art. 40. The Commission has the power to issue an implementing act giving the Code general validity under Art. 56(6), but has not done so as of April 2026.
Non-signatories face “greater regulatory scrutiny” according to the Commission. Signatories receive “good faith” treatment during the initial enforcement period. In practical terms, signing the Code buys two things: a clearer evidentiary position if the AI Office investigates, and a seat on the Signatory Taskforce where interpretive guidance is being developed.
Signing the Code is not legally required. Not signing may be legally unwise.
How Enforcement Will Work
The AI Office is the sole enforcer for GPAI obligations under Art. 88. National market surveillance authorities enforce high-risk AI system obligations. This is a cleaner split than many EU regulatory frameworks, where overlapping jurisdiction creates confusion.
On March 12, 2026, the Commission published a draft implementing regulation (Reference: Ares(2026)2709234) detailing the procedural mechanics of GPAI enforcement for the first time. Public consultation ran until April 9, 2026, with formal adoption planned for Q2 2026. The regulation covers how the AI Office will conduct investigations, access model weights and source code, engage independent experts (subject to 12-month conflict-of-interest lookback), and calculate fines. It includes the power to take interim measures before formal proceedings, including provisional market suspension.
Three enforcement routes exist. The AI Office can investigate on its own initiative. Downstream providers can lodge complaints under Art. 89 when they believe a GPAI provider is not meeting information obligations. And the Scientific Panel of independent experts can issue “qualified alerts” when a model poses a concrete identifiable risk under Art. 90.
Full enforcement powers activate on August 2, 2026. From that date, the AI Office can issue binding information requests, order model modifications, and impose fines of up to EUR 15 million or 3% of global turnover. Enforcement extends to models placed on the market before August 2025 starting August 2, 2027.
No GPAI fines have been issued. But the enforcement machinery is being assembled.
EU vs. the World: How Other Jurisdictions Handle Foundation Models
The EU is not the only jurisdiction regulating foundation models, but it is the most prescriptive. A quick comparison:
| Jurisdiction | Approach | Mandatory? | Foundation Model Rules | Enforcement |
|---|---|---|---|---|
| EU | GPAI Chapter (Art. 51-55) | Yes | Two-tier: baseline + systemic risk. Code of Practice. | AI Office (fines up to 3% turnover) |
| US | EO 14110 (Oct 2023) + voluntary commitments | Partially | Reporting for dual-use models >10^26 FLOPs to Commerce Dept | Commerce Dept (reporting, not fines) |
| UK | AISI voluntary framework | No | Frontier model safety testing. No legal obligations. | None (voluntary participation) |
| China | Generative AI Measures (2023) | Yes | CAC registration, content review, training data rules, algorithm filing | CAC (content removal, service suspension) |
| South Korea | AI Basic Act (2026) | Yes | “High-impact AI” includes foundation models. Safety standards. | PIPC + sector regulators |
The EU’s approach is the most structured: two tiers, explicit compute thresholds, a voluntary Code with enforcement consequences, and a dedicated enforcement body. The US relies more heavily on voluntary commitments and reporting requirements without binding obligations for most providers. The UK has chosen not to legislate at all, relying on its AI Safety Institute for voluntary frontier model testing. China’s approach is mandatory but focused on content control rather than safety evaluation. South Korea’s AI Basic Act creates a framework similar in ambition to the EU’s but with enforcement still being operationalized.
What to Do Now
A classification and action checklist for model providers:
Step 1 — Determine if you are a GPAI provider. Does your model competently perform a wide range of distinct tasks? Was it trained with more than approximately 10^23 FLOPs? Is it placed on the EU market or does its output reach EU users? If yes to all three, you are likely a GPAI provider.
Step 2 — Determine your tier. Was the model trained with 10^25 FLOPs or more? Has the Commission designated it based on a Scientific Panel alert? If yes, you are in the systemic risk tier with additional obligations under Art. 55.
Step 3 — Check the open-source exemption. Are weights, parameters, and architecture genuinely open? Is the licence free of commercial restrictions, user-size limits, or research-only clauses? If yes, you are exempt from documentation and downstream information obligations. You are not exempt from copyright compliance or training data summaries. And the exemption disappears entirely at the systemic risk threshold.
Step 4 — Check fine-tuning status. Did you modify someone else’s GPAI model using compute equivalent to more than one-third of the original training compute? If so, you may be a new GPAI provider with full baseline obligations. Document your compute usage.
Step 5 — Evaluate the Code of Practice. Signing brings good faith treatment from the AI Office, a seat on the Signatory Taskforce, and clearer evidentiary positioning. Not signing means demonstrating compliance through alternative means under greater scrutiny.
Step 6 — Prepare for August 2, 2026. The AI Office gains full enforcement powers on that date. Documentation, training data summaries, copyright policies, and downstream information sharing mechanisms should be in place. If your model is systemic risk, model evaluations, risk assessments, and incident reporting procedures must be operational.
Sources
Official Sources
- EU AI Act (Regulation (EU) 2024/1689) — EUR-Lex
- Commission GPAI Guidelines C(2025) 5045 final — Published July 18, 2025
- GPAI Code of Practice (final) — Published July 10, 2025
- Draft GPAI enforcement implementing regulation — Ares(2026)2709234, March 12, 2026
- EDPB Opinion 28/2024 on AI models and personal data — Adopted December 17, 2024
Case Law
- Kneschke v. LAION, OLG Hamburg, Case 5 U 104/24 — December 10, 2025. First appellate ruling on TDM exception for AI training data.
Analysis
- Latham & Watkins: GPAI Model Obligations and Final Code of Practice — September 2025
- Quinn Emanuel: Client Alert on GPAI Obligations — March 25, 2026
- Hugging Face: EU AI Act and Open Source — August 2025
- Orrick: GPAI Guidelines Analysis — August-September 2025
Last reviewed: April 8, 2026. This article reflects the regulatory landscape as of the review date. The GPAI enforcement implementing regulation is in draft (public consultation closed April 9, 2026). No GPAI enforcement actions have been issued.
Disclaimer: This content is for informational purposes only and does not constitute legal advice. Organizations should consult qualified legal counsel for compliance planning. Reg Intel is not a law firm and does not provide legal services.
Compare: EU vs UK
For the comprehensive comparison across twelve dimensions — structural divergence, risk classification, the 19 UK regulators vs the EU AI Office, enforcement penalties, the Data (Use and Access) Act 2025, AISI vs the EU AI Office, and a five-step dual-market compliance baseline — see EU vs UK AI Regulation: Precaution vs Innovation Compared (2026).
Compare: EU vs China
For the global keystone comparison across twelve dimensions — algorithm filing vs conformity assessment, content moderation conflicts, asymmetric extraterritoriality, enforcement philosophy, and a five-step dual-market compliance baseline — see EU vs China AI Regulation: Two Systems, Two Philosophies (2026).
Compare: EU vs South Korea
For the global keystone comparison across twelve dimensions — high-impact vs high-risk classification, mandatory vs voluntary conformity, KRW 30M vs €35M penalties, Korea’s innovation chapter, and a five-step dual-market compliance baseline — see EU vs South Korea AI Act: High-Impact vs High-Risk Compared (2026).