IA 360
Regulatory Framework

AI Act starts requiring transparency from major AI models

As of August 2, providers of general-purpose models must meet new transparency and copyright obligations to market them in the EU. Models posing systemic risks face additional safety requirements.

5 min read Leer en español

Large models that generate text, code, images or audio now face specific legal obligations in the European Union. As of August 2, companies placing new general-purpose models on the European market must document them, publish a summary of their training data and have a policy for respecting copyright.

It is the first time a market the size of the EU has imposed binding rules of this scope on providers of generative AI. The measure affects companies such as OpenAI, Google, Anthropic, Meta and Mistral, but also any company that develops and markets a model that third parties can reuse.

Which models fall under the new rules

The Artificial Intelligence Act, known as the AI Act, defines general-purpose AI models as models that can perform many different tasks and be integrated into other products. A language model capable of writing, summarizing or programming is the most familiar example, although the category is not limited to text.

The European Commission’s guidelines establish a practical presumption: models trained with more than 10^23 FLOP — a measure of computing capacity — and capable of generating language are considered general-purpose models. This is not a quality benchmark or a parameter count; it is intended to identify models with enough capacity to support a wide range of downstream uses.

The obligation falls on the entity that develops or places the model on the market, not on every company that uses an AI tool. A company that integrates a provider’s API into its service will have other responsibilities under the AI Act, depending on the circumstances, but it will not have to disclose how someone else’s model was trained.

Documentation, training data and copyright

Providers will have to supply technical documentation to companies that incorporate their models into applications. The aim is to ensure that those companies understand the capabilities, limitations and terms of use of the system they are integrating.

They must also draw up and maintain a policy for complying with European copyright law. This includes respecting rights reservations that authors, publishers and other rights holders can assert against text and data mining—the legal mechanism at the center of the debate over training generative models.

The third visible obligation will be to publish a sufficiently detailed summary of the content used to train the model. The Commission has released a common template for this purpose. It does not require providers to disclose every file, link or dataset, or to reveal trade secrets, but they must describe the main categories of sources and content used. For researchers, creators and rights holders, that information could make a process that has usually remained opaque more auditable.

Additional requirements for models posing systemic risks

The AI Act establishes a stricter regime for the most powerful models—those that may pose systemic risks. The law presumes that models exceed this threshold once their training involves 10^25 FLOP of computation, although the Commission can designate models based on their capabilities or impact.

Their providers must notify the Commission, assess and mitigate systemic risks, conduct adversarial testing—deliberate attempts to find flaws and dangerous uses—and strengthen cybersecurity. These obligations aim to reduce risks such as enabling cyberattacks, creating harmful content at scale or losing control over especially advanced capabilities.

The Commission and the Member States have also recognized the General-Purpose AI Code of Practice as a voluntary way to demonstrate compliance. Drawn up by independent experts, the code sets out measures on transparency, copyright and safety. Signing up does not eliminate the legal obligations, but it gives companies a common framework and greater legal certainty.

Two timelines for providers

The rules apply from today to models now entering the European market. General-purpose models already on the market before August 2, 2025, have a transitional period and must comply by August 2, 2027.

The date marks a significant shift in global AI competition. The European Union is not deciding how every model in the world is trained, but its market is too important for major providers to ignore. As happened with data protection after the GDPR, European requirements could ultimately influence the documentation and policies companies adopt outside Europe as well.

The system’s effectiveness will now depend on two less visible questions: whether the European AI Office can oversee complex models and whether training-data summaries provide useful information rather than vague formulas. Transparency is no longer a voluntary promise from AI labs; it is becoming one of the conditions for selling generative AI in the EU.

Share this article

This website uses cookies to improve the browsing experience. Cookie policy.