Art. 53 EU AI Act: baseline obligations for GPAI providers
Art. 53 sets the baseline obligations that every provider of a general-purpose AI model carries, regardless of whether the model has systemic risk. The provider must keep technical documentation of the model, provide information to downstream providers who integrate it, put in place a policy to comply with EU copyright law, and publish a sufficiently detailed public summary of the content used to train the model. These obligations have applied since 2 August 2025.
The four baseline obligations
Art. 53 applies to every providerproviderThe actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.Open full entry → of a general-purpose AI modelgeneral-purpose AI modelEU AI Act term for a model displaying significant generality and capable of many distinct tasks, typically integrated into downstream systems; carries its own obligation set, with extra duties for models posing systemic risk.Open full entry →. It sets four obligations that exist independently of the systemic-risk classification, and that form the foundation on which the additional Art. 55 obligations build for the small group of systemic-risk models.
Technical documentation. The provider must draw up and keep up to date the technical documentation of the model, covering its training and testing process and the results of its evaluation, in line with Annex XI. This documentation must be made available to the AI Office and national competent authorities on request.
Downstream information. The provider must make information and documentation available to downstream providers who intend to integrate the general-purpose AI model into their own AI systems, in line with Annex XII. This lets a downstream provider understand the model's capabilities and limitations well enough to meet its own obligations under the Act. It is the mechanism that carries model-level information down the value chain.
Copyright policy. The provider must put in place a policy to comply with Union law on copyright and related rights, in particular to identify and respect reservations of rights expressed by rightsholders.
Public training-content summary. The provider must draw up and make publicly available a sufficiently detailed summary of the content used to train the model, using the template provided by the AI Office.
The open-source position
The Act provides a limited exemption for certain free and open-source GPAI models from some of these obligations, specifically the technical-documentation and downstream-information duties, where the model's parameters and usage information are made publicly available under a free and open licence. This exemption does not extend to the copyright policy or the training-content summary, and crucially it does not apply at all where the model has systemic risksystemic riskEU AI Act category for the most capable general-purpose models (presumed above a training-compute threshold), triggering extra duties: evaluations, adversarial testing, incident reporting, cybersecurity.Open full entry →. A systemic-risk model carries the full obligations regardless of how openly it is released.
Timing and the Code of Practice
The Art. 53 obligations became applicable on 2 August 2025. To help providers operationalise them during the period before harmonised standards exist, the AI Office coordinated a General-Purpose AI Code of Practice, published on 10 July 2025. The Code is a voluntary tool: a provider can use it to demonstrate compliance with Art. 53 and 55, but adherence is not itself the legal obligation, and not signing the Code does not exempt a provider from the Act. A provider that does not rely on the Code must demonstrate compliance by other adequate means.
Why it matters
For the organisations that build on foundation models rather than train them, Art. 53 is the reason the model information they need exists at all. The downstream-information duty and the public training-content summary are what let a deploying organisation understand the model underneath its system, which it needs in order to meet its own obligations, particularly where its system is high-risk.
In the GovCompass-7
Art. 53 sits primarily in the transparencytransparencyOpenness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.Open full entry → and explainabilityexplainabilityThe ability to give a meaningful reason for a specific output of an AI system to the people it affects — distinct from transparency, which is disclosure that and how AI is used.Open full entry → and accountabilityaccountabilityThe principle that a named human or organization answers for an AI system's outcomes, through ownership, documentation, audit trails and redress — never the system itself.Open full entry → pillars: it is about documenting the model and making the right information available to the right parties down the value chain.