EU AI Act: the GPAI obligations enter application on 2 August 2025

On 2 August 2025 the second step of Regulation (EU) 2024/1689 — the AI Act — enters application: the Chapter V obligations for general-purpose model providers (GPAI). Any GPAI model placed on the EU market from that date must comply from day one. Models placed before have until 2 August 2027 to adapt (Art. 111).

Calendar previously covered in IRONHACKERS:

December 2023 — political agreement of the trilogue.
August 2024 — entry into force of the Regulation, with the full staggered application calendar.
February 2025 — Art. 5 prohibitions in application (covered in its dedicated post).

This post focuses on what changes operationally on 2 August for OpenAI, Anthropic, Google, Meta, Mistral, xAI, DeepSeek and any other provider with models accessible from the EU. No alarmism: what the text says, what has been published in the Code of Practice and who has signed.

Reading: analysis of legal text in force plus secondary documents (Code of Practice for GPAI, Commission guidelines). For any binding decision, read the Regulation directly.

Art. 53 obligations — for all GPAI

Every provider of a GPAI model (systemic risk or not, open or closed, EU or non-EU if the model is offered in the EU) has four material obligations:

1. Technical documentation of the model (Art. 53.1.a, Annex XI)

Document kept up to date on the model and made available to the AI Office and national authorities on request. Content from Annex XI:

Intended tasks and tasks the model can execute; modalities; architecture; number of parameters; input/output size; licence.
Training process: type and provenance of data, curation methods, bias mitigation, total estimated compute in FLOPs, training energy consumption.
Testing policy and internal evaluation results.
Relevant metrics for evaluating the model (benchmark accuracy, behaviour under adversarial input, resistance to degradation with perturbation).

The document is not made public; it remains disclosable to the regulator on request.

2. Information for downstream deployers (Art. 53.1.b, Annex XII)

Document the provider delivers to the commercial integrator. What it must contain:

Description of model capabilities and limitations.
Use cases it is designed for and ones it is not.
Data on which it was evaluated, performance metrics, identified biases.
Computational resources required for inference.

The recipient is the deployer building product on the model. The obligation exists because the deployer is responsible for its own compliance (Art. 26) and needs information from the provider to deliver it.

3. Training data summary (Art. 53.1.d)

The obligation with most public anticipation. Sufficiently detailed summary of the content used to train the model, published in accordance with the harmonised template the AI Office has published.

The template requires high-level disclosure of:

Total dataset size (in tokens, examples, or equivalent by modality).
Modalities (text, code, image, audio, video) and proportion of each.
Identified large public datasets by name (Common Crawl, Wikipedia, GitHub, LAION, etc.).
Narrative description of licensed sources, private data, scraped content (including the most relevant domains), user data and synthetic data.

It is not a full BOM, but a more structured narrative summary. Political intent: give copyright holders and data protection regulators enough information to evaluate whether their material appears in the training corpus.

4. Copyright policy (Art. 53.1.c)

Documented policy to identify and respect rights reservations exercised under Art. 4(3) of Directive 2019/790 (CDSM Directive — text and data mining exception). In practice, mechanisms respecting opt-outs such as:

robots.txt with specific disallows for training crawlers.
TDM Reservation Protocol and similar.
C2PA metadata or equivalent markers in content marked as reserved.
Contractual licensing agreements when material is obtained outside scraping.

The policy must be documented and operated effectively; the terms-of-use clause alone is not enough.

Additional Art. 55 obligations — for GPAI with systemic risk

Criterion of Art. 51.2: models trained with >10^25 cumulative FLOPs, or designated as systemic by the Commission via Art. 51.1.b. The Commission Guidelines for GPAI providers published in July 2025 give operational detail on the threshold:

The provider must notify the Commission within two weeks of reasonably foreseeing or exceeding the threshold.
Compute estimation must be accurate to ±30 %, with documented assumptions and error margins.
Accepted methods: GPU/TPU tracking (hardware-based) or architecture-based estimation.
The provider may contest the classification by submitting technical evidence (benchmarks, scaling laws) that its model does not present systemic risk despite exceeding the threshold.

For operational reference: GPT-4 ~2·10^25 FLOPs (Epoch AI estimate), Llama-3.1-405B ~4·10^25, Gemini Ultra ~5·10^25, Claude 3.5 Sonnet roughly below, GPT-4o around 4·10^25. The boundary is not sharp because providers do not publish actual FLOPs — it is third-party estimation.

For those falling under systemic GPAI, in addition to the four under Art. 53:

Model evaluations (Art. 55.1.a)

Evaluations with state-of-the-art methodology, including structured adversarial testing (red teaming, capability evaluations). The referenced protocols are those frontier labs already operate internally — Anthropic’s RSP / Responsible Scaling Policy, OpenAI’s Preparedness Framework, DeepMind’s evals. What changes: the legal duty to document and retain.

Analysis and mitigation of systemic risks (Art. 55.1.b)

Document risks at EU level (CBRN — chemical, biological, radiological, nuclear; offensive cyber; manipulation and disinformation; loss of control; misaligned autonomy) and the mitigation measures adopted.

Reporting of serious incidents (Art. 55.1.c)

To the AI Office and national authorities. No exact deadlines in the Regulation — the Code of Practice operationalises them. Includes use of the model in a serious incident with harm to health, critical infrastructure, fundamental rights or the environment.

Model cybersecurity (Art. 55.1.d)

Adequate level of protection for the model weights and for the physical infrastructure of training and inference. The AI Office has a mandate to coordinate with ENISA on specific guidelines.

Energy tracking (covered in Annex XI under Art. 53)

Applies to all GPAI but with greater scrutiny for systemic ones. Documented training consumption.

The Code of Practice — adequacy decision on 1 August

The AI Office publishes the final version of the Code of Practice for GPAI on 10 July 2025. On 1 August, the European Commission and the AI Board formally endorse it via adequacy decisions. Signing the CoP implies presumption of conformity with the Art. 53 and 55 obligations — it does not exempt from the obligation, but shifts the burden of proving non-compliance to the regulator.

CoP structure — three chapters signable separately:

Transparency Chapter

Operationalises Art. 53.1.a and 53.1.b. Provides a Model Documentation Form — unified form the provider fills with the technical information and the downstream information. Signing binds the provider to:

Keep documentation up to date from placement on market.
Publish what is public and make available what is regulatory on time when requested.
Cooperate with the AI Office.

Copyright Chapter

Operationalises Art. 53.1.c. Concrete measures:

Respect for robots.txt and equivalent TDM opt-out mechanisms.
Identified crawlers (stable, documented User-Agent, non-spoofable).
Exclude from the corpus content marked as reserved by the rightsholder where technically feasible.
Communication channel with rights holders for specific queries.
Behaviour towards obviously pirated content (e.g., known shadow library domains).

Safety and Security Chapter

Operationalises Art. 55. Applies only to providers of GPAI models with systemic risk. Measures:

Documented Safety and Security Framework: assessed threats, capability thresholds, safety mitigations, security measures for weights.
Pre-deployment evaluations with state-of-the-art red teaming.
Incident reporting programme with defined timelines.
Periodic external audits.
Protection of model weights with technical and organisational measures aligned with the Frontier Model Forum baseline and ENISA guidance.

Who signs and who doesn’t — situation on 2 August

By the application date, 26 providers sign the full CoP. The list includes US and European frontier labs, plus specialised providers:

Provider	Origin	Chapters signed
OpenAI	US	Full (Transparency + Copyright + Safety)
Anthropic	US	Full
Google (DeepMind)	US	Full
Microsoft	US	Full
Amazon	US	Full
IBM	US	Full
Mistral AI	FR	Full
Aleph Alpha	DE	Full
Black Forest Labs	DE	Full
Cohere	CA	Full
ServiceNow	US	Full
WRITER	US	Full
(14 others, mostly specialised European)		Full
xAI	US	Safety and Security only
Meta	US	Does not sign
DeepSeek	CN	Does not sign

The two exceptions tell a story.

Meta — does not sign, public statement against the CoP

Meta announces on 18 July 2025, via a LinkedIn post from Chief Global Affairs Officer Joel Kaplan, that it will not sign. Argument: the CoP “introduces a number of legal uncertainties for model developers, as well as measures going beyond the scope of the AI Act”. The sentence operates at two levels — one technical-legal (alleging the CoP is ultra vires with respect to the Regulation) and one political (Meta makes a public gesture of opposition to European regulation, aligned with the US position post-Trump inauguration).

Operational consequence: Meta has to demonstrate compliance with Arts. 53 and 55 via alternative adequate means — without the CoP’s presumption of conformity, the regulator can request specific documentation at any level of detail. The AI Office can more easily start investigations. The procedural burden in any dispute falls on Meta.

xAI — signs Safety and Security only

xAI, founded by Elon Musk, signs only the Safety and Security chapter. Does not sign Transparency or Copyright. For those two, it also operates via alternative adequate means.

Reading: xAI accepts the safety regime (where alignment with frontier labs is operational — evaluations and capability thresholds are already a common language) but rejects the documentary transparency and copyright opt-out obligations. Coherent with its public model of bypassing many reservations of Twitter/X use as a dataset.

DeepSeek and other Chinese providers

DeepSeek does not sign. Nor does any Chinese provider. The AI Office has not published specific action on this. The operational question: which models of Chinese origin are placed on the EU market? Weights are on Hugging Face, accessible to EU deployers, but the formal placement on market when the provider has no EU establishment or representative is an open operational point. Art. 22 requires designating an authorised representative in the EU for providers established outside — without one, the deployer may de facto inherit provider obligations.

Reading for Trust & Safety teams

For a Trust & Safety team responsible for deploying GPAI in product, 2 August introduces three material calendar changes:

Pivot from “internal responsible disclosure” to “regulatable documentation”. The safety evaluations and red teaming already done as part of the RSP / Preparedness Framework become disclosable under Art. 55. The format changes (more structured, in Model Documentation Form), the recipient changes (EU regulatory authority), the content does not change much for whoever was already operating with serious internal frameworks.
Operational copyright pipeline. Opt-out respect stops being “best effort” and becomes a documented policy with metrics. For the deployer building product on GPAI: ask the provider which domains it excludes, how the opt-out operates, what mechanism it has for claim review. Any provider saying “we manage it at process level” without offering concrete documentation is a transferable risk.
“Weights theft” threat model formalised. Art. 55.1.d requires adequate cybersecurity of weights. ENISA and the AI Office will publish guidelines during 2025-2026. The conversation already existing in frontier labs about Security Level 3 / Security Level 4 (Frontier Model Forum baseline) gains regulatory correspondence. For deployers receiving copy of weights for fine-tuning or on-prem, the weight supply chain becomes auditable.

Tensions worth anticipating:

Trade secrets vs regulatable documentation. The Annex XI detail can touch ground providers consider proprietary. The Commission Guidelines clarify that access is on request by authorities, with duty of confidentiality, but the line is thin. Expect public litigation over the scope of disclosable to regulator.
Copyright holders vs scope of training data summary. The template asks for “most relevant domains” — The New York Times and similar have already asked for more detail. There will be pressure during 2025-2026 to expand the template.
DeepSeek and Chinese models in the EU. Does the AI Office pursue action against EU deployers serving DeepSeek-V3 / R1 in product without the provider having a representative? Material for the second half.

What does NOT change on 2 August

Worth bounding:

High-risk systems of Annex III enter general application on 2 August 2026 (Art. 113.b). Until then, the Chapter III obligations on high-risk are guidance, not enforceable.
Products of Annex I (toys, medical devices, vehicles, etc.) with AI component enter on 2 August 2027 (Art. 113.c).
Application of sanctions to GPAI: Art. 101 enters general application on 2 August 2026. During the first year, the AI Office can start investigations and publish findings, but the imposition of fines on GPAI providers is deferred to 2026.
Pre-existing GPAI models (those placed before 2 Aug 2025): deadline until 2 August 2027 to adapt (Art. 111.3). This includes GPT-4, Claude 3.5, Gemini 1.5/2.0, Llama 3, Mistral Large, etc.

References

Official OJEU text — Regulation (EU) 2024/1689: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Arts. 51, 53, 55: https://artificialintelligenceact.eu/article/51/ · https://artificialintelligenceact.eu/article/53/ · https://artificialintelligenceact.eu/article/55/
General-Purpose AI Code of Practice (final text, July 2025): https://code-of-practice.ai/
Commission Guidelines for providers of general-purpose AI models (July 2025): https://digital-strategy.ec.europa.eu/en/policies/guidelines-gpai-providers
AI Office, Code of Practice contents: https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai
AI Office, Signatory Taskforce: https://digital-strategy.ec.europa.eu/en/policies/signatory-taskforce-gpai-code-practice
Latham & Watkins, GPAI Model Obligations in Force and Final GPAI Code of Practice in Place: https://www.lw.com/en/insights/eu-ai-act-gpai-model-obligations-in-force-and-final-gpai-code-of-practice-in-place
Jones Day, European Commission Publishes General-Purpose AI Code of Practice: https://www.jonesday.com/en/insights/2025/08/eu-ai-act-european-commission-publishes-generalpurpose-ai-code-of-practice
WilmerHale, European Commission Releases Mandatory Template for Public Disclosure of AI Training Data: https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/european-commission-releases-mandatory-template-for-public-disclosure-of-ai-training-data
Joel Kaplan (Meta), statement of 18 July 2025 on the CoP: TechCrunch coverage https://techcrunch.com/2025/07/18/meta-refuses-to-sign-eus-ai-code-of-practice/
Euronews, Some 26 tech companies sign up to EU Commission’s AI Code: https://www.euronews.com/next/2025/08/01/some-26-tech-companies-sign-up-to-eu-commissions-ai-code
Previous IRONHACKERS posts: EU AI Act — the 9 December political agreement · EU AI Act in force — operational calendar