The package of documents for enforcement of the AI Act is published, tied to the entry into application of obligations of general-purpose AI model providers
As the provisions of the AI Act gradually enter into application, it is important to understand the different mechanisms of their enforcement, which are being prepared in parallel.
Section 2 of Chapter V of the AI Act lays down harmonised rules for providers of general-purpose AI (GPAI) models, including obligations applicable to all providers of GPAI models, and additional risk assessment and mitigation requirements for those of the most advanced GPAI models posing systemic risks. Those rules will apply as of 2 August 2025.
On July 18, the European Commission (“Commission”) published Guidelines on the scope of obligations for providers of general-purpose AI (GPAI) models under the AI Act[1]. The aim is to clarify key provisions of the EU AI Act applicable to GPAI models, in light of their imminent entry into application on 2 August 2025. The Guidelines are complementary to other documents from the broader enforcement package: the Code of Practice and the Template for the summary of training data.
While not legally binding, these guidelines set out the Commission’s interpretation and application of the AI Act, which will guide its enforcement actions. Therefore they should facilitate providers’ compliance with their obligations and contribute to the effective implementation of the AI Act. These guidelines clarify the scope of the obligations and to whom they apply. The guidelines focus on four key topics:
- General-purpose AI models
- Providers of general-purpose AI models
- Exemptions from certain obligations
- Enforcement of obligations
[1] https://digital-strategy.ec.europa.eu/en/library/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act.
The General-Purpose AI (GPAI) Code of Practice is a guiding document for compliance with the AI Act, published on July 10, 2025, as part of a package of documents tied to the entry into application of the AI Act provisions that regulate GPAI models. The Code is prepared on the basis of Article 56 of the AI Act, by independent experts in a multi-stakeholder process, designed to help industry comply with the AI Act’s obligations for providers of GPAI models. On August 1, 2025, the Commission and AI Board approved the code via Adequacy Decisions.
Although not legally binding, GPAI model providers can rely on the Code of Practice to demonstrate compliance with imposed obligations, until a harmonised standard is published (AI Act, Article 53(4)). GPAI models providers, who voluntarily sign it, can show they comply with the AI Act by adhering to the Code. Signing the Code is done by completing the Signatory Form and sending it to the indicated AI Office internet address.[1] However, accepting to adhere to the Code does not constitute conclusive evidence of compliance with the obligations under the AI Act.[2]
The specific objective of this Code is also to enable the AI Office to assess compliance of providers of GPAI models who choose to rely on the Code. Providers of GPAI models, who do not adhere to the Code of practice, have to prove compliance with their obligations to the Commission by alternative adequate, possibly more burdensome and time-consuming means.
The Code consists of three chapters: Transparency, Copyright, and Safety and Security.[3] The first two, Transparency and Copyright, apply to all GPAI model providers. The third, Safety and Security chapter, only applies to providers of GPAI models with systemic risk. The Code determines a total of 12 commitments – one in each of the first two chapters and 10 in the Safety and Security Chapter, as well as corresponding measures for fulfilling these commitments.
[1] https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai.
[2] Code of Practice for GPAI Models, the Transparency Chapter, Objectives, page 3.
[3] https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai.
In parallel to the Code of Practice process, the AI Office has also developed a template on the sufficiently detailed summary of training data that general-purpose AI (GPAI) model providers are required to make public, according to Article 53(1)d) of the AI Act. Providers of all GPAI models placed on the Union market must fulfil this obligation, including providers of GPAI models released under free and open-source licenses[1], in so far as the models fall within the scope of the AI Act[2] .
The Template is annexed to the Explanatory Notice[3], published on 24 July 2025, and aims to provide a common minimal baseline for the information to be made publicly available in the Summary of Training Content for GPAI models. The template for the summary of training data is closely linked to the providers’ obligations in relation to transparency and copyright that have been detailed out in the Code of Practice.