The implementation of the EU AI Act with a focus on general-purpose AI models

Transition from legislation to implementation

The European Union has entered a new phase in the governance of AI, moving from the legislative adoption of the Artificial Intelligence Act (AI Act) towards its practical implementation. This particular phase places particular emphasis on obligations of providers of general-purpose AI (GPAI) models, reflecting the increasing role of such systems in the broader digital ecosystem.

The AI Act, adopted in 2024, establishes a comprehensive legal framework for AI within the EU. It introduces a risk-based approach that classifies AI systems into categories ranging from minimal risk to unacceptable risk, with corresponding regulatory requirements.

According to the official text of the regulation, the framework is designed to ensure that AI systems placed on the market in the Union are ‘safe and respect existing law on fundamental rights and Union values.’

While earlier discussions around the Act focused on its legislative negotiation and scope, the current phase centres on how its provisions will be applied in practice.

General-purpose AI models within the AI Act

A key element of this implementation phase concerns general-purpose AI models. These models, which can be integrated into a wide range of downstream applications, occupy a distinct position within the regulatory framework.

The AI Act defines general-purpose AI models as systems that can be used across multiple tasks and contexts and may ‘serve a variety of purposes, both for direct use and for integration into other AI systems.’

That positioning reflects the broad applicability of these models, particularly in areas such as natural language processing, content generation, and data analysis.

The Act also recognises that the widespread deployment of such models may have implications beyond individual use cases, particularly when integrated into high-risk systems.

Obligations for providers of GPAI models

The European Commission, together with the European AI Office, has begun outlining expectations for compliance with provisions related to general-purpose AI.

According to official EU materials, providers of GPAI models are required to ensure that technical documentation is drawn up and kept up to date.

The regulation specifies that providers should ‘draw up and keep up-to-date technical documentation of the model,’ ensuring that relevant information is accessible for compliance and oversight purposes. In addition, transparency obligations require providers to make certain information available to downstream deployers.

The intention of this is to support the responsible integration of GPAI models into other systems.

Distinction between GPAI and systemic-risk models

The AI Act introduces a distinction between general-purpose AI models and those considered to pose systemic risk.

Models that meet specific criteria, such as scale, capability, or deployment level, may be classified as having a systemic impact.

For such models, additional obligations apply, including requirements related to evaluation, risk mitigation, and reporting. The European Commission has indicated that further guidance will clarify how systemic risk thresholds are determined, including through delegated acts and technical standards.

Role of the European AI Office in implementation

The European AI Office, established within the European Commission, plays a central role in supporting the implementation of the AI Act.

Its responsibilities include contributing to the consistent application of the regulation, coordinating with national authorities, and supporting the development of methodologies for compliance.

According to the European Commission, the AI Office is tasked with ‘ensuring the coherent implementation of the AI Act across the Union.’ The Office is also expected to contribute to the development of benchmarks, testing frameworks, and guidance documents that support both regulators and providers.

Phased implementation timeline

The implementation of the AI Act is structured as a phased process, with different provisions becoming applicable over time.

That phased approach allows stakeholders to adapt to the regulatory requirements while enabling authorities to establish enforcement mechanisms.

Provisions related to general-purpose AI models are among the earlier elements to be operationalised, reflecting their central role in the current AI landscape.

The European Commission has indicated that additional implementing acts and guidance documents will be issued as part of this process.

Coordination with national authorities

While the European AI Office plays a coordinating role at the EU level, enforcement remains the responsibility of national authorities within member states.

The AI Act establishes mechanisms for cooperation and information-sharing to support a harmonised approach across the European Union.

National authorities are expected to work closely with the AI Office and the European Commission to oversee compliance and address emerging challenges.

Stakeholder engagement and technical guidance

The implementation phase also involves engagement with a range of stakeholders, including industry actors, civil society organisations, and technical experts.

Also, the European Commission has initiated consultations and workshops to gather input on practical aspects of implementation, such as documentation standards and risk assessment methodologies.

The following process supports the development of operational guidance applicable across sectors and use cases.

Interaction with the EU digital regulatory framework

The AI Act forms part of a broader EU digital policy framework that includes instruments such as the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and the Digital Markets Act (DMA).

These frameworks address different aspects of the digital ecosystem, including data protection, platform governance, and market competition.

The relationship between the AI Act and these instruments is expected to be clarified further during implementation.

International context: OECD and UN approaches

The governance of general-purpose AI models is also being addressed at the international level.

The OECD AI Principles state that AI systems should be ‘robust, secure and safe throughout their entire lifecycle,’ and emphasise accountability for their functioning.

At the UN level, the Global Digital Compact process addresses issues related to transparency, accountability, and oversight of digital technologies, including AI.

The listed initiatives provide non-binding guidance, in contrast to the legally binding framework established by the EU AI Act.

Ongoing development of technical standards

The development of technical standards is an important component of the implementation process.

The European Commission has indicated that it will work with standardisation organisations to develop specifications related to documentation, evaluation, and risk management.

These standards are expected to support the practical application of the AI Act’s provisions.

From regulatory framework to regulatory practice

The current phase of the EU AI Act marks a transition from legislative design to regulatory practice.

For providers of general-purpose AI models, this involves preparing to meet obligations related to documentation, transparency, and risk management. For regulators, the focus is on ensuring consistent application of the rules across member states, supported by coordination mechanisms and guidance from the AI Office.

The implementation process is expected to evolve as further guidance is issued.

Conclusion

The European Union’s AI Act is entering its implementation phase, with a particular focus on general-purpose AI models.

That phase involves translating the regulation’s legal provisions into operational requirements, supported by guidance from the European Commission and the AI Office.

The development of technical standards, coordination mechanisms, and compliance frameworks will play a central role in this process. As implementation progresses, further clarification is expected through additional guidance and regulatory measures, contributing to the operationalisation of the EU’s approach to AI governance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!