General-purpose AI (GPAI) models and systems are subject to a tailored and tiered regulatory framework under the AI Act.
GPAI models are defined functionally (e.g. generality in the performance of tasks) and are typically integrated into GPAI systems.
The European Commission, through its AI Office, has sweeping powers to enforce the provisions applicable to GPAI models and systems. These provisions will apply from 2 August 2025 (see also AI Act Timeline).
The AI Office is facilitating the drawing-up of a code of practice on GPAI models by independent experts. The code is expected to set out "commitments to which providers [of GPAI models] may adhere to ensure compliance with their obligations under the AI Act.”
In parallel, the EU executive body opened a consultation until 22 May 2025 in preparation for its upcoming non-binding guidelines, which will aim to clarify the obligations of providers GPAI models.
This cheat sheet by Cullen International provides a summary of the core provisions on GPAI models under the AI Act:
Clients of our European Digital Economy service, can access it directly on our client portal via the following link:
more news
06 February 26
The DNA explained: deadlines set for copper switch-off, but with exceptions
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers copper switch-off.
06 February 26
The DNA explained: no major overhaul of SMP access rules
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers SMP access rules.
05 February 26
Revised Cybersecurity Act (CSA2) - mechanism to restrict high-risk ICT suppliers in critical sectors
Cullen International published an analysis of the proposed provisions to restrict high-risk suppliers (HRS) under the revised Cybersecurity Act (CSA2) delivered by the European Commission on 20 January 2026.