Art. 55 EU AI Act: obligations for systemic-risk GPAI providers
Art. 55 sets the additional obligations that apply only to providers of general-purpose AI models with systemic risk, on top of the baseline Art. 53 obligations. These providers must evaluate the model using state-of-the-art protocols including adversarial testing, assess and mitigate systemic risks at Union level, report serious incidents to the AI Office without undue delay, and ensure an adequate level of cybersecurity for the model and its physical infrastructure. This is the regime for the small group of frontier models.
The four additional obligations
Art. 55 applies on top of, not instead of, Art. 53. A providerproviderThe actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.Open full entry → whose model is classified as systemic risksystemic riskEU AI Act category for the most capable general-purpose models (presumed above a training-compute threshold), triggering extra duties: evaluations, adversarial testing, incident reporting, cybersecurity.Open full entry → under Art. 51 carries the baseline obligations and these four additional ones.
Model evaluation and adversarial testing. The provider must perform model evaluation in accordance with standardised protocols and tools reflecting the state of the art, including conducting and documenting adversarial testing of the model with a view to identifying and mitigating systemic risks. This is the obligation to actively probe the model for dangerous capabilities and failure modes, not merely to document what it does in normal use.
Systemic-risk assessment and mitigation. The provider must assess and mitigate possible systemic risks at Union level, including their sources, that may arise from the development, placing on the market, or use of the model. This is a continuous risk-management duty operating at the level of society and the Union market, not only at the level of an individual deployment.
Serious-incident reporting. The provider must keep track of, document, and report, without undue delay, to the AI Office and as appropriate to national competent authorities, relevant information about serious incidents and the corrective measures taken to address them.
Cybersecurity. The provider must ensure an adequate level of cybersecurity protection for the model and for the physical infrastructure of the model, recognising that a frontier model is itself a high-value target.
How compliance is demonstrated
Because harmonised standards for these obligations did not exist when they took effect, the AI Office coordinated the safety and security chapter of the General-Purpose AI Code of Practice to give operational meaning to terms such as state-of-the-art evaluation. The Code translates the Art. 55 obligations into concrete measures: red-teaming, capability evaluations against benchmarks, jailbreak-resistance testing, misuse-potential analysis, and a structured risk-management process triggered at major deployment decisions. The Code is voluntary. A provider can use it to demonstrate compliance, but a provider that does not sign it must show that it meets the Art. 55 obligations by other adequate means. Adherence to the Code is not conclusive evidence of compliance, and compliance with the Act is mandatory whether or not a provider relies on the Code.
Timing and enforcement
The Art. 55 obligations became applicable on 2 August 2025. The Commission's enforcement powers over GPAI providers, including formal requests for information, the ability to require mitigation measures, and administrative fines, begin on 2 August 2026. The gap between the two dates is a deliberate transitional period during which providers are legally bound while the AI Office builds up its supervisory capacity and the Code is operationalised. The Digital Omnibus agreed in May 2026 reinforced the AI Office's central supervisory role over general-purpose AI but did not postpone these obligations: unlike the high-risk system deadlines, the GPAI obligations have applied since August 2025 and remain in force.
Why it matters
Most organisations will never be subject to Art. 55 directly, because training a model above the systemic-risk threshold is far beyond the reach of all but a handful of providers. The relevance is structural. The foundation models that ordinary organisations build on are provided by exactly the companies Art. 55 binds, which means those models are subject by law to systematic safety evaluation, adversarial testing, and incident reporting. Art. 55 is the provision that places a safety obligation at the top of the value chain, where the most capable models are made.
In the GovCompass-7
Art. 55 reaches across several pillars. Its core is the security and robustnesssecurity and robustnessThe principle that an AI system resists attack, manipulation and adversarial or unexpected input. The vectors include data poisoning, model extraction, membership inference and prompt injection; the controls are ML security testing and a hardened data-and-model pipeline.Open full entry → and safety and reliability pillars, through the adversarial testing, risk mitigation, and cybersecurity duties. The incident-reporting duty connects to accountabilityaccountabilityThe principle that a named human or organization answers for an AI system's outcomes, through ownership, documentation, audit trails and redress — never the system itself.Open full entry →, and the model-evaluation obligation supports transparencytransparencyOpenness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.Open full entry → about what the most capable models can do.