General-purpose AI (GPAI) models and systems are subject to a tailored and tiered regulatory framework under the AI Act.
GPAI models are defined functionally (e.g. generality in the performance of tasks) and are typically integrated into GPAI systems.
The European Commission, through its AI Office, has sweeping powers to enforce the provisions applicable to GPAI models and systems. These provisions will apply from 2 August 2025 (see also AI Act Timeline).
The AI Office is facilitating the drawing-up of a code of practice on GPAI models by independent experts. The code is expected to set out "commitments to which providers [of GPAI models] may adhere to ensure compliance with their obligations under the AI Act.”
In parallel, the EU executive body opened a consultation until 22 May 2025 in preparation for its upcoming non-binding guidelines, which will aim to clarify the obligations of providers GPAI models.
This cheat sheet by Cullen International provides a summary of the core provisions on GPAI models under the AI Act:
Clients of our European Digital Economy service, can access it directly on our client portal via the following link:
more news
14 July 25
How are EU member states transposing NIS2?
Our benchmark tracks the transposition status of the directive on measures for a high common level of cybersecurity across the EU (NIS2) in the 27 member states. 14 countries adopted national legislation to transpose NIS2.
10 July 25
WhatsApp and other communication apps must allow legal interception in less than half of the EU countries
Our new pan-European benchmark examines national rules of lawful interception obligations for number-independent interpersonal communications service providers, such as WhatsApp.
09 July 25
Countries tighten IoT rules with new security, numbering and device measures
Our Quarterly Regulatory Update on IoT and M2M Services (Q2 2025) highlights how national regulators are shaping the future of IoT and M2M services in areas such as cross-border connectivity, device regulation, and security.