Cambridge Commentary on EU General-Purpose AI Law

Commentary

1. General remarks

1Article 111 AI Act¹ is complementary to Article 113, with both provisions governing the temporal application of the obligations placed on providers by the AI Act. While Article 113 sets out the general rules on the entry into force of the Act and the staggered entry into application of its various chapters and provisions, Article 111 prescribes transitional periods for bringing into conformity certain AI systems and all general-purpose AI (“GPAI”) models that had been lawfully placed on the market before the respective obligations imposed on them have entered into application.

1.1. Structure and overview

2Article 111(1) requires AI systems, other than those falling within the scope of the prohibited practices in Article 5, that (i) are components of the large-scale IT systems governed by the legislation listed in Annex X and (ii) were placed on the market or put into service before 2 August 2027 to be brought into compliance with the AI Act by 31 December 2030.

3Article 111(2) specifies that the AI Act’s obligations concerning high-risk AI systems do not apply to those systems that were placed on the market before 2 August 2026, unless the system’s design has undergone a ‘significant change’ after that date. The provision also prescribes that if a high-risk AI system is intended for use by a public authority, regardless of its placement date, it should be brought into compliance with the AI Act by 2 August 2030.

4Article 111(3) introduces a special transitional rule for the general entry into application of Chapter V with respect to GPAI models referred to in Article 113(b). While Chapter V generally applies from 2 August 2025, Article 111(3) states that providers of GPAI models placed on the market before that date have until 2 August 2027 to comply with the relevant obligations.

5Given that this commentary’s scope is focused primarily on GPAI models,² the central focus of the present analysis is Article 111(3). Accordingly, reference is made to Articles 111(1) and 111(2) only insofar as needed to identify and resolve any tensions between the temporal obligations imposed on GPAI model providers and those applicable to AI systems.

6In light of the above, this analysis begins by situating Article 111(3) within the legislative context of the broader temporal frameworks under the EU’s New Legislative Framework, of which the AI Act is intended to form a part.³ It then compares the New Legislative Framework’s general treatment of products placed on the market before the entry into application of new harmonised rules with the sui generis approach adopted by the AI Act.

7The substantive analysis of Article 111(3) begins with overarching considerations applicable to all obligations imposed on providers of GPAI models placed on the market before 2 August 2025. It clarifies the provision’s legal character and effects through a systematic reading of the AI Act. Given that such models may be modified during the additional transitional period ending on 2 August 2027, either by the initial provider or by downstream actors, the section also pays particular attention to when specific modifications, under the current Commission interpretation, might necessitate immediate compliance with obligations and when the obligations relating to a modified model might continue to benefit from the temporal deferral under Article 111(3).

8Following the overarching considerations, the analysis turns to examining the temporal implications of Article 111(3) for the obligations of GPAI model providers, organised thematically. It begins with a discussion of the fulfilment of the documentation and transparency obligations under Article 53(1)(a) and (b) where the model was placed on the market before 2 August 2025. The section also briefly assesses how the deferral of these obligations affects high-risk AI systems based on GPAI models.

9Thereafter, a significant portion of the analysis deals with the obligations to adopt a copyright compliance policy and to provide a training-content summary under Article 53(1)(c) and (d). The attention afforded to this topic reflects the uncertainty among commentators about how compliance should be ensured when training activities took part before obligations were applicable; namely, whether retraining or unlearning is required and under what conditions. The discussion centres on the temporal implications of rightsholders’ reservations against the use of their works for the purposes of text and data mining, and how the timing of such reservations affects providers’ copyright obligations during the additional transitional period under Article 111(3).

10The discussion then turns to the relationship between Article 111(3) and the obligation under Article 54 for third-country providers of GPAI models to appoint an authorised representative based in the Union. The analysis of Article 111(3) concludes with how the provision’s temporal deferral affects providers of GPAI models with systemic risk that were placed on the market before 2 August 2025. It focuses on three areas of potential tension: (i) when should a provider notify the Commission under Article 52(1) that a GPAI model placed on the market before 2 August 2025 has high-impact capabilities under Article 51(1)(a), (ii) the consequences when a model placed on the market before 2 August 2025 is designated during the transitional period as a GPAI model with systemic risk, and (iii) the consequences when post-market modifications of a GPAI model without systemic risk placed on the market before 2 August 2025 give rise to a GPAI model with systemic risk.

11Finally, the chapter briefly examines how the rules for providers of GPAI models placed on the market before 2 August 2025 interact with Articles 111(1) and 111(2) and highlights potential conflicts in their respective temporal regimes.

1.2. Legislative context

12The AI Act was initially largely set within the context of the New Legislative Framework⁴ which aligns product harmonisation legislation with the reference provisions contained in Regulation (EC) No 765/2008,⁵ Decision No 768/2008/EC,⁶ and Regulation (EU) 2019/1020.⁷ The inclusion of transitional provisions, which ensure the continued lawful marketing of products already placed on the market in conformity with pre-existing harmonised rules or national regulatory measures predating harmonisation, represent a standard and usually straightforward element in the pieces of legislation that form part of the New Legislative Framework. While the AI Act has been categorised by some authors as fitting ‘into the traditional European concept of product safety law’,⁸ this view is largely informed by the initial drafts of the AI Act. The final version of the legislation, however, ‘explicitly combines three EU regulatory approaches, i.e., risk-based, product safety, and rights-based’.⁹ This departure from the AI Act’s product safety genesis, especially in relation to the unique regulatory challenges introduced with the inclusion of GPAI models within the Act’s subject matter scope, has led to a unique approach in the AI Act now in force for models already placed on the market. In short, Article 111 still exhibits some of the product safety logic present in the transitional regimes under other harmonisation legislation of the New Legislative Framework, but it enshrines a largely sui generis approach.

13A review of other legislative acts within the New Legislative Framework¹⁰ reveals that products already placed on the market prior to the entry into application of new or amended obligations are generally fully exempted from the need to comply with those new requirements (i.e. a full grandfather clause).¹¹ This approach is readily explained by the fact that most of these pieces of legislation regulate physical products; requiring modifications to meet new legal standards post-market placement for such products would often be technically impossible without a full withdrawal from the market. Accordingly, the usual approach is either to require the recall of products already placed on the market or, where the safety risk is not sufficiently high, to permit sales until existing stocks are exhausted.¹² However, the latter approach is not appropriate for digital products, which are not constrained by a finite stock of units already placed on the market.

14The Cyber Resilience Act (“CRA”),¹³ which represents the only other legislative measure falling within the current New Legislative Framework that substantially regulates digital products, exhibits notable structural parallels with the AI Act. Both adopt a horizontal framework, apply a risk-based methodology, and embed product safety principles.¹⁴ In the CRA, this means that ‘requirements and obligations combine a more traditional by-design approach, now fully entrenched in EU cybersecurity regulation, with a lifecycle approach, which is not a hallmark of EU product safety legislation’.¹⁵ As explained below, this combination is also reflected in the AI Act’s lifecycle compliance requirements for GPAI models.¹⁶ However, despite these similarities, the CRA’s transitional regime still follows the more conventional New Legislative Framework model whereby products with digital elements already placed on the market prior to the entry into application of the relevant provisions must be brought into conformity only if they have undergone ‘substantial modification’ after that applicability date.¹⁷

15The above approaches follow explicitly from the common transitional architecture of the New Legislative Framework as clarified in the Blue Guide, which represents the European Commission’s guidance on the harmonisation of product rules under the New Legislative Framework.¹⁸ Section 2.10. of the Blue Guide sets out a general rule that a ‘product, which is placed on the market before the end of the transitional period, should be allowed to be made available on the market or put into service’.¹⁹ Thus, the new compliance regime is temporally applicable only regarding those products that are placed on the market following the full entry into application of the relevant obligation.²⁰ This permits the continued making available of those products that have been lawfully placed on the market before applicability without imposing any requirements to bring them into conformity with subsequent harmonised rules. However, in specific circumstances, the Blue Guide does allow authorities to entirely prohibit ‘the making available of such products if this is deemed necessary for safety reasons or other objectives of the legislation’.²¹ But the intermediate approach taken by the AI Act for GPAI models, which requires providers to take the necessary steps to comply with newly applicable rules, is entirely novel to this classic product safety structure.

16This novel approach reflects the AI Act’s evolution within the broader context of the EU’s strategy to regulate emerging technologies in a manner consistent with its established product safety and security framework.²² In its early stages, the legislative design was primarily oriented towards ensuring that AI systems, like other products in the internal market, complied with safety standards, closely mirroring the EU’s general product safety regulatory approach for physical goods.²³ At that time, AI was conceptualised largely as a product component to be regulated within the familiar product safety structures, which is why the initial Commission proposal for the AI Act only concerned AI systems but not the underlying models.²⁴ However, this legislative approach shifted markedly as public attention surged following the release of high-profile GPAI models, which is posited to have directly led to their inclusion within the scope of the AI Act.²⁵

17This shift in public attention, and the corresponding evolution of the AI Act to include GPAI models, resulted in a unique approach to the transitional regime compared to the standard product safety regulatory method. On the one hand, the final and binding version of the GPAI temporal provisions still retain a largely product safety logic in that they require objective, that is, results-based rather than conduct-based, compliance at the time of market placement, whereby ‘a subjective element is not relevant for this supervisory dimension’.²⁶ On the other hand, the fact that the providers of models placed on the market before 2 August 2025 are still expected to ‘take the necessary steps in order to comply’ by the end of the transitional period²⁷ introduces, as suggested above, a sui generis approach to the transitional framework of product safety by mixing product-focused with entity-centered obligations.

2. Substance

2.1. Article 111(3)

2.1.1. Overarching considerations

18Assessed against the Blue Guide framework, Article 113 sets out a conventional transitional period by deferring the entry into application of Chapter V for approximately twelve months following the entry into force of the AI Act.²⁸ Article 111(3), however, adds complexity by specifically delaying the application of obligations regarding models placed on the market before 2 August 2025 until the fixed date of 2 August 2027, rather than delaying them indefinitely as under the majority of other New Legislative Framework instruments.

19Thus, the temporal applicability under Article 111(3) can be interpreted as being two-staged: (i) during the transitional period, there is, in effect, a duty of conduct placed on the provider to take the necessary steps to comply, for which purpose it is to be supported by the AI Office;²⁹ and (ii) on the fixed final date, a result-based obligation arises for the provider, at which point the models placed on the market before 2 August 2025 must comply with the applicable obligations under the AI Act by 2 August 2027.

20While there is no positive obligation for full compliance at any particular intermediate date before 2 August 2027, the question arises as to how compliance actions taken during the transitional period are to be assessed. More precisely, should the adequacy of those actions be evaluated by reference to the applicable rules and the relevant factual situation at the time the provider took the steps to comply or at the fixed date of 2 August 2027?³⁰ Under the former approach, Article 111(3) will be interpreted not as deferring the application under Article 113(b) further, but rather as providing an additional period during which enforcement is delayed against the models placed on the market before 2 August 2025. Such a reading may be supported by Article 111(3)’s focus on ‘necessary steps’ to comply ‘by’ the given date, rather than expressly delaying the entry into application of the full obligations under Chapter V for the models placed on the market before 2 August 2025. Conversely, the provision may be interpreted as representing a lex specialis applicability rule taking precedence over the general applicability contained in Article 113(b), whereby compliance is assessed with reference to the full applicable legal and factual situation on 2 August 2027.

21Considering the different regimes for the various providers that will arise under the first reading depending on the date at which they took their actions to comply, and the general purposes and goals of the transitional regime of the Act, at the time of writing (November 2025) the second reading seems preferable.

2.1.1.1. GPAI models placed on the market before 1 August 2024

22As an overarching consideration, it must also be determined which GPAI models placed on the market before 2 August 2025 fall within the scope of Article 111(3). The AI Act was published in the Official Journal of the European Union on 12 July 2024.³¹ Proceeding from the general rule established in Article 297(1) TFEU³² and restated in Article 113 AI Act, the regulation entered into force on the twentieth day following the date of its publication. Thus, the AI Act entered into force on 1 August 2024.

23Consistent with the principle of non-retroactivity, some authors have suggested that compliance is required only for those models that were placed on the market between 1 August 2024 and 2 August 2025.³³ In short, the principle of non-retroactivity covers situations where a rule is introduced and applied to events which have already been concluded: ‘[t]his can occur either where the date of entry into force precedes the date of publication, or where the regulation applies to circumstances that have been concluded before the entry into force of the measure’.³⁴

24The Court of Justice of the EU (CJEU) has further clarified that:

provisions of Community law have no retroactive effect unless, exceptionally, it clearly follows from their terms or general scheme that such was the intention of the legislature, that the purpose to be achieved so demands and that the legitimate expectations of those concerned are duly respected.³⁵

25The above considerations concerning non-retroactivity point to a conclusion that the AI Act, in general, and Article 111(3), in particular, may impose obligations only in relation to models that were placed on the market after entry into force of the AI Act on 1 August 2024.

26This approach to retroactivity follows from treating the AI Act primarily as a product safety regulation. While all regulatory obligations more generally are ultimately borne by persons (natural or legal), a product safety framework is first and foremost centred on the safety characteristics of the underlying products.³⁶ Specifically, product safety regulation is aimed at preventing design or manufacturing dangers and defects (so-called pre-marketing product safety regulation), supplemented by post-marketing obligations, such as recall orders or requiring certain reporting to authorities.³⁷ As explained above, the New Legislative Framework’s Blue Guide envisions two main approaches to treating products that were already on the market prior to entry into force of new harmonisation rules: either permitting them to remain on the market until available stock depletion or, when safety concerns prevail, ordering a full recall.³⁸ The second case does not, necessarily, offend the concept of retroactivity: if full recall is required for those products placed on the market before the entry into force of the legislative act, the apparent retroactivity of the measure that would be in direct conflict with legitimate expectations can be justified on the public interest ground of ensuring safety per the case law cited above.³⁹

27Conversely, the AI Act’s provisions on GPAI model providers may be understood not only as product safety measures directed at ensuring certain model characteristics, but rather as continuous obligations on the organisation of the entity that has placed a GPAI model on the market. Such a reading can be understood as a sui generis fusion of product safety regulation with what is referred to elsewhere in this commentary as ‘entity regulation’.⁴⁰ The concept of ‘entity regulation’ can be understood as a series of norms that governs the behaviour of entities belonging to a defined class by virtue of a shared characteristic – in this case, entities that have placed a GPAI model on the market or otherwise qualify as providers. Unlike pure product safety obligations imposed on manufacturers, the obligations under this reading do not attach directly to the manufacturing process or the product’s qualities but on the provider’s conduct in relation to the product.⁴¹ Under such a reading, it can be argued that new harmonised legislation which, for the first time, imposes certain organisational obligations on GPAI model providers as a defined entity class, need not rely on the same safety justifications to bind entities that entered the class before the new regulation entered into force (provided they remain within the class after the transitional period).

28For example, under the General Data Protection Regulation (“GDPR”),⁴² which can be considered a form of entity regulation,⁴³ data processors must continuously comply with its requirements, regardless of when they first began processing personal data, for so long as they remain processors.⁴⁴ By analogy, a GPAI model provider, by virtue of placing and continuously offering a model on the market, must meet organisational obligations (e.g. transparency, respect for copyright reservations, and risk assessment and mitigation) after entry into force. Under this interpretation, those obligations would not be treated as retroactive product safety requirements imposed on a model placed on the market before entry into force on 1 August 2024, but as forward-looking obligations on the provider, contingent on its decision to continue offering the model. For this reason, explicit public interest justification may not be necessary to impose these new obligations on the provider after the end of the transitional period. This interpretative approach to treating the AI Act as a sui generis fusion of product safety regulation and the proposed concept of ‘entity regulation’ presents merely a possible option of thinking on the idiosyncratic characteristics of the AI Act compared to other legislative texts in the New Legislative Framework.⁴⁵

29Proceeding from the foregoing, the compliance position of providers of GPAI models placed on the market before 1 August 2024 turns on whether Chapter V of the AI Act is understood as product safety regulation proper or as substantially falling under what this commentary terms ‘entity regulation’.⁴⁶ In the former case, retroactivity is, in principle, prohibited unless the AI Act provides adequate justification. Conversely, if characterised primarily as ‘entity regulation’, imposing obligations on GPAI providers in respect of their models placed on the market before 1 August 2024 seems to not raise the same retroactivity concerns. The practical significance of this question is uncertain given that the pace of GPAI development is such that by 2 August 2027, when providers of GPAI models placed on the market before 1 August 2024 might be required to comply, such models are likely to have limited commercial value.⁴⁷ Nevertheless, where the treatment of models placed before 1 August 2024 is identified as a concern, the present chapter addresses it expressly.⁴⁸

2.1.1.2. Modifications during the transitional period

30An additional consideration that must be taken into account throughout the entire discussion of Article 111(3) AI Act is that of model modifications.

31It is foreseeable that during the extended transitional period provided for in Article 111(3), GPAI models already placed on the market may continue to be fine-tuned, updated, or otherwise modified.⁴⁹ Whilst on the market, modifications to GPAI models may be introduced not only by the original provider but also by downstream actors. This raises the question of how the general temporal applicability of obligations is affected when a model placed on the market before 2 August 2025 is subsequently modified and if this is different depending on whether the initial provider introduced the modifications or they were made by a downstream actor.

32The AI Act’s binding provisions do not set out an express framework governing modifications to GPAI models, unlike the detailed regime in relation to substantial modifications to high-risk AI systems.⁵⁰ In fact, the sole textual reference to GPAI model modifications appears in recital 97 of the AI Act which only addresses modifications by downstream actors, but not changes introduced by the initial provider. Therefore, questions about how obligations are allocated in connection with modifications turn on the interpretation of general concepts in the AI Act, such as when a new model is considered placed on the market and who qualifies as a provider. The Commission’s July 2025 Guidelines on the scope of the obligations for general-purpose AI models established by AI Act (the Guidelines) seek to clarify many of these issues for both initial providers and downstream actors, which are dealt with respectively in Section 2.2. on the lifecycle of GPAI models and Section 3.2 on downstream modifiers as providers of GPAI models.⁵¹ Accordingly, the present discussion of modifications to models placed on the market before 2 August 2025 largely draws on the interpretation of the Guidelines. It should, however, be borne in mind that the Guidelines are non-binding (save on the Commission itself, as explained below) and do not necessarily represent a definitive interpretation of the AI Act.⁵² Such conclusive interpretation may only be given by the CJEU, which may ultimately adopt a different approach to modifications.⁵³

33Nevertheless, although the Guidelines are non-binding on private parties and the courts, the settled case law of the CJEU recognises that such soft-law, interpretive guidance can produce a self-binding effect on the Commission.⁵⁴ In short, upon publication of Guidelines, insofar as the Commission has limited its own interpretative discretion, it is required to act according to its own guidance ‘at the risk of being found to be in breach of general principles of law, such as equal treatment or the protection of legitimate expectations’.⁵⁵ Therefore, the Guidelines can be taken as the de facto applicable interpretation for the time being, and the present analysis proposes alternative readings only when such are considered to materially enhance the analysis.⁵⁶

34The Guidelines differentiate modifications to GPAI models by reference to the entity that has introduced them. In particular, the Commission distinguishes between: (i) modifications by the initial provider (or on its behalf), where modifications that do not involve a new large pre-training run are treated as part of the original model’s lifecycle rather than as a new model,⁵⁷ and (ii) modifications by downstream actors, where the modifier is considered the provider of the modified model if the modification has given rise to a ‘significant change in the model’s generality, capabilities, or systemic risk’.⁵⁸ The differentiated temporal treatment according to this delineation is discussed in detail in the following paragraphs.

35Under the Guidelines, a model’s lifecycle is framed broadly, such that it begins at the start of the large pre-training run, with subsequent developments by or on behalf of the provider forming ‘part of the same model’s lifecycle rather than giving rise to new models’.⁵⁹ Therefore, in the event that modifications are introduced by the initial provider of the model placed on the market before 2 August 2025 during the transitional period of Article 111(3), there is a strong argument that those modifications would need to be assessed within the framework of the obligations placed on the provider during the model’s lifecycle. This interpretation is supported by the Guidelines’ discussion on Article 111(3), which expressly states that the AI Act covers the models placed on the market prior to 2 August 2025 ‘throughout their entire lifecycle’.⁶⁰

36If the introduced modifications do not entail a large pre-training run, which the Commission considers necessary for a modified model to be classified as a new model placed on the market, then those modifications form part of that initial model’s lifecycle.⁶¹ It follows that the obligation of the provider to bring the model into conformity with the requirements of the AI Act under Article 111(3) would apply from 2 August 2027 to the initial model and any subsequently made modifications as part of its lifecycle. This is explained by the fact that those modifications would not amount to a new placing on the market, and thus all obligations regarding the model placed on the market before 2 August 2025 enter into applicability at the same time (i.e. on 2 August 2027).

37It is now necessary to consider the case of a downstream provider that modifies a GPAI model that is already placed on the market. In this scenario, the first step is to assess whether the modified model meets the Guidelines’ criteria to qualify as a new model placed on the market.⁶² Specifically, as stated above the Commission considers a new model to be placed on the market only if the downstream modification has given rise to a ‘significant change in the model’s generality, capabilities, or systemic risk’.⁶³

38In the event the described criteria are not met, no new model has been placed on the market such that the modifications are considered to form part of the original model’s lifecycle. This has two main consequences: (i) a systematic reading of the Guidelines would suggest that the downstream modifier incurs no obligations regarding the modified model at any point in time⁶⁴ and (ii) the initial provider likewise incurs no further obligations if the modification cannot be considered to have been performed on its behalf.⁶⁵ Such a situation may arise, for example, where a downstream modifier performs additional training or fine-tuning to improve a specific capability of the original model for the downstream modifier’s own use case, but this modification does not meet the relatively high thresholds for what is considered a ‘significant change’ under paragraphs 63 and 64 of the Guidelines.⁶⁶ Such a situation would create a regulatory gap, where no actor has obligations under the AI Act with regard to the introduced minor modifications; for example, there would be no obligation placed on anyone to draw up transparency documentation regarding the modification. Where the modification introduced by the downstream entity is, in fact, attributable to the initial model provider, then the temporal applicability rules with regard to a model’s lifecycle set out above would apply.

39If, however, the downstream modification does give rise to a ‘significant change in the model’s generality, capabilities, or systemic risk’,⁶⁷ again two consequences follow: (i) the modified model will be classified as a new model and (ii) at the time of placing it on the market, the downstream modifier is considered the provider of that new model.⁶⁸ If the modified model represents a GPAI model without systemic risk, paragraph 68 of the Guidelines (based on recital 109 of the AI Act) prescribes that the scope of obligations for the modifier shall be limited to the extent of the introduced modification:

the documentation required by Article 53(1), points (a) and (b), AI Act is limited to information on the modification, while the copyright policy required by Article 53(1), point (c), AI Act and the summary of the content used for training required by Article 53(1), point (d), AI Act are limited to the data used as part of the modification.⁶⁹

40As the modified model in this scenario is placed on the market after 2 August 2025, the extended deferral in Article 111(3) would not be applicable to the downstream modifier. Therefore, compliance with the AI Act will be required from the downstream modifier immediately at the time of placing on the market.

41Importantly, given that the obligations are confined to the extent of the introduced modifications, there is a good argument that the downstream modifier must satisfy them even if the initial provider has not yet fulfilled its corresponding obligations. Considering the nature of the obligations under Article 53(1)(a) to (d), as well as Article 54, there is no apparent barrier to, or exemption from, downstream compliance in the absence of compliance by the initial provider. In particular, there is no indication whether in the AI Act or in the currently published Guidelines that the documentation requirements or the copyright requirements in Article 53 when applied to the downstream modifications depend on prior compliance by the upstream initial provider. Rather, the downstream modifier needs to comply with its obligations from the moment it is considered a provider of the modified model. The precise consequences for the different sets of obligations imposed on the providers of models placed on the market before 2 August 2025 are discussed in the relevant sections below.

2.1.2. Documentation and transparency obligations under Article 53(1)(a) and (b)

42Providers who have placed a GPAI model on the market before 2 August 2025 must fully comply with the documentation and transparency obligations contained in Article 53(1)(a) and (b) by 2 August 2027.⁷⁰ The precise substance of these obligations, namely to maintain technical documentation for provision to the AI Office and national authorities under Article 53(1)(a) and to ensure transparency to downstream providers under Article 53(1)(b), is analysed in the chapter on Article 53 of the present commentary and is not repeated here.⁷¹ The current section covers the temporal dimension of those obligations, that is, from which date should the provider of a model placed on the market before 2 August 2025 comply. It only covers the temporal aspects applicable to GPAI models without systemic risk placed on the market before 2 August 2025. The specific obligations applicable to providers of GPAI models with systemic risk placed on the market before 2 August 2025 are discussed in Section 2.1.5..

2.1.2.1. Integration into high-risk AI systems

43Because the models that fall under Article 111(3) are already on the market, they may be freely integrated into AI systems during the additional transitional period until 2 August 2027.⁷² Therefore, there are significant benefits to early compliance with documentation and transparency requirements to improve downstream provider access to the information needed to meet their own obligations.⁷³ However, neither the AI Act nor the Transparency Chapter of the Code of Practice contains any express obligations or incentives to that effect. This situation risks creating compliance difficulties especially for providers of high-risk AI systems placed on the market between 2 August 2026 and 2 August 2027, when the system has been built upon a GPAI model placed on the market before 2 August 2025.⁷⁴

44In particular, in the absence of compliant transparency documentation under Article 53(1)(b) produced by the GPAI model provider, high-risk AI system providers may struggle to meet their own documentation obligations under Article 18 AI Act. More importantly, understanding the underlying GPAI model’s ‘capabilities and limitations’⁷⁵ is essential for high-risk AI system providers to establish an appropriate risk management system under Article 9 AI Act. Without specific transparency carve-outs from the extended transitional period for GPAI models placed on the market before 2 August 2025 in relation to their integration into high-risk AI systems, the resolution of this issue is left entirely to market dynamics.⁷⁶ It seems to have been assumed that high-risk AI system providers will require GPAI model providers to furnish the information necessary for their own compliance as a precondition of integrating the GPAI model in question.

45This market-centric approach creates a supervision challenge in verifying whether providers of high-risk AI systems have fulfilled their obligations, particularly the identification and analysis of risks, their estimation and evaluation (including probability of occurrence), and the adoption of appropriate and targeted risk management measures.⁷⁷ It must be borne in mind that Article 111(3) does not defer the AI Act’s general applicability under Article 113 as regards the AI Office’s supervisory powers (which commence on 2 August 2026).⁷⁸ Rather, it specifically defers the obligations imposed on GPAI model providers that placed models on the market before 2 August 2025.⁷⁹

46Accordingly, while such a GPAI model provider would not be under the obligation to have fully compliant Article 53(1)(a) documentation before 2 August 2027, it seems possible for the AI Office to request whatever documentation and information is available to the provider for the purpose of assisting national authorities under Article 75(3) to verify the compliance of the relevant high-risk AI system.⁸⁰ However, Article 91(1) AI Act limits information requests by the AI Office to (i) ‘documentation drawn up by the provider in accordance with Articles 53 and 55’ and (ii) ‘any additional information that is necessary for the purpose of assessing compliance of the provider’ with the AI Act. The AI Office may not compel the provider to produce documentation beyond its obligations under the AI Act at the time of the request.⁸¹ Therefore, under this reading a provider could refuse to supply the documentation it is not yet required to maintain, and there would be no legal basis for the AI Office to impose a fine (under Article 101 AI Act) in such circumstances. If such a situation arises, the issue is whether the national authority’s inability to verify the high-risk AI system’s compliance, even after seeking assistance from the AI Office, can ground enforcement action against that system provider and, if so, what measures are permissible, including whether recall or market withdrawal of the system may be required. Those questions are out of scope of the present analysis but represent an important research avenue.

2.1.2.2. Modifications to initial model

47When a GPAI model that has been placed on the market before 2 August 2025 gets modified before 2 August 2027, it is necessary to consider when and how the documentation and transparency obligations regarding that modification must be fulfilled. As set out above,⁸² the main delineating consideration is whether the modification has been introduced by the initial provider of the model, including on its behalf, or by a downstream modifier.⁸³

48As explained above,⁸⁴ when modifications are made by or on behalf of the initial provider, the current Commission Guidelines take the view that they form part of the same model’s lifecycle, unless they include a new large pre-training run.⁸⁵ In this context, modifications that do not amount to developing and placing a new model on the market, in principle, require the initial provider to meet its documentation and transparency obligations within the lifecycle framework for the initial model. Specifically, Article 53(1)(a) and (b) require providers to keep technical and transparency documentation for authorities and downstream actors up to date. The Guidelines interpret this as requiring regular updates throughout the model’s lifecycle, including for any modifications that form part of it.⁸⁶ This general interpretation of lifecycle obligations needs to be read together with the Guidelines’ specific interpretation of Article 111(3), which means that models placed on the market before 2 August 2025 enjoy the benefit of that provision throughout their lifecycle before 2 August 2027.⁸⁷ Therefore, a systematic reading of the current Guidelines posits that the provider need not complete updates during the transitional period at the moment each modification is introduced, but must instead ensure that all modifications are appropriately reflected in the documentation the provider is required to prepare under Article 53(1)(a) and (b) by 2 August 2027.

49As also noted above, when the modifications are introduced by a downstream modifier, the Guidelines consider a downstream modifier as the provider of a new model, if the given modifications have given rise to a ‘significant change in the model’s generality, capabilities, or systemic risk’ assessed by reference to the compute used for the modification.⁸⁸ If this criterion is met, the Guidelines deem that a new model has been placed on the market within the meaning of Article 3(9) after 2 August 2025, and therefore the compliance deferral under Article 111(3) is inapplicable to that new model. Nevertheless, recital 109 AI Act and paragraph 68 of the Guidelines state that notwithstanding the Guidelines’ position that a new model has been placed on the market, the downstream modifier’s obligations under Article 53(1)(a) and (b) are limited only to the ‘information on the modification’.⁸⁹ Although such a narrowing of the downstream modifier’s obligations is not explicit in the binding provisions of the AI Act, it is an approach that is reasonable from both a formal legal and practical perspective: downstream modifiers are not in a position to provide sufficiently detailed or accurate information about the initial model, only about the modification they introduced. Therefore, because the downstream modifier is expected to satisfy documentation and transparency obligations only with respect to the modification, there is no legal basis to postpone the downstream modifier’s compliance until the initial provider’s deadline of 2 August 2027. Accordingly, the requisite documentation must be in place at the time of market placement of the modified model by the downstream modifier.

2.1.3. Copyright compliance policy and training-content summary obligations under Article 53(1)(c) and (d)

50The requirement to bring into compliance by 2 August 2027 the GPAI models that have been placed on the market prior to 2 August 2025 has raised the most uncertainty in relation to the copyright obligations placed on providers.⁹⁰ In contrast to the transparency and documentation obligations, which can, at least in principle, be easily prepared after market placement, the copyright-related obligations are tied most closely to the actions taken during the training of the GPAI model. This has raised the question of whether compliance with the requirements of Article 53(1)(c) and (d) before 2 August 2027 requires retraining or unlearning of the GPAI models placed on the market before 2 August 2025. The issue is especially pertinent to the requirement to ensure that the reservations of rights expressed pursuant to Article 4(3) of Directive (EU) 2019/790 (“CDSM Directive”), that is, the so-called text and data mining (“TDM”) opt-outs by rightsholders, have been respected during training.⁹¹

2.1.3.1. (Non-)Existence of obligation to retrain or unlearn

51Some authors have suggested a narrow reading of both the substance of Article 53(1)(c) and its temporal dimensions under Article 111(3).⁹² Such a narrow interpretation suggests that Article 53(1)(c) requires providers primarily to adopt internal policies that prescribe the steps required to respect rightsholders’ TDM opt-outs during training but does not oblige them to retrain or unlearn models that were already placed on the market before 2 August 2025. According to this view, it is sufficient to ensure that only future training is conducted under those policies.⁹³

52By contrast, other authors defend a broader interpretation of the obligation to respect TDM opt-outs and its temporal reach.⁹⁴ On this view, Article 111(3) functions prospectively with respect to the provider’s implementation of the adopted policy and also provides a grace period after which full compliance of the model placed on the market and its training data must be proven. Notably, this view has been espoused by one of the co-chairs of the working group that developed the Chapter on Copyright Policy of the Code of Practice adopted under Article 56 of the AI Act:⁹⁵

Thus, 36 months after the entry into force of the AI Act, all [GPAI model] providers will have to demonstrate that they identified and respected state-of-the-art bot-exclusions when they trained the model and they must draw up and make publicly available a training content summary.⁹⁶

53To be clear, under this wide interpretation, upon the expiry of the transitional period, the provider is under the obligation to fully demonstrate that it has sufficiently identified and respected the reservations on TDM made by rightsholders regardless of where and when the GPAI model was initially trained. It also requires the publication of a training-content summary pursuant to Article 53(1)(d). Such a reading implies backward-looking or after-the-event verification tasks and, if non-compliance is identified, requires the undertaking of technical remedial measures, such as selective retraining or unlearning. This reading raises further interpretive questions, such as whether the state-of-the-art technical measures to respect opt-outs are assessed (i) against the baseline at the time of initial training, (ii) at the time of assessment, or (iii) at the end of the transitional period. It also raises the issue of which reservations must be taken into account; that is, should reservations made after the initial training but before or at the time of the compliance assessment be taken into consideration. Both of those questions are discussed further below.

54On the other hand, the narrow interpretation introduced above is more difficult to reconcile with the purpose of Article 53(1)(c); it goes against the spirit and purpose of the obligation contained within Article 53(1)(c) by reducing it to a formal policy adoption requirement, regardless of its effectiveness. The text of the AI Act itself offers little support for such a narrow reading. Specifically, regard must be had to the text of recital 106, which states that one of the primary aims of the Article 53(1)(c) obligation is to ensure a level playing field between GPAI model providers who performed training in the Union and those operating in third countries where copyright protection for TDM may be weaker. This is also supported by the Code of Practice Chapter on Copyright Policy which states that signatories commit to reproducing and extracting only lawfully accessible copyright content⁹⁷ and to identifying and complying with the expressed rights reservations by copyright holders.⁹⁸ These measures are presented as substantive requirements over and above a merely formal requirement to have an appropriate copyright policy in place.⁹⁹

55Assuming the broader interpretation prevails, obvious practical questions arise, in particular whether and how GPAI model providers can demonstrate that they have fully respected rightsholders’ reservations. The Commission’s interpretation in the current Guidelines reads:

In particular, providers of general-purpose AI models placed on the market before 2 August 2025 are not required to conduct retraining or unlearning of models, where it is not possible to do this for actions performed in the past, where some of the information about the training data is not available, or where its retrieval would cause the provider disproportionate burden. Such instances must be clearly disclosed and justified in the copyright policy and in the summary of the content used for training.¹⁰⁰

56Notably, the Commission’s phrasing is worded negatively; it frames the scope of compliance requirements by referring to the exception rather than what it considers the baseline rule. Implicitly, by focussing on the exceptional circumstances that permit an exemption, paragraph 111 of the current Guidelines indicates that retraining or unlearning is, in principle, necessary to comply with opt-outs if they have not been sufficiently respected at the time of initial training. Yet, the choice to focus on potentially wide exemptions seems to acknowledge the criticism that retraining models already on the market entails substantial financial costs and potential sustainability concerns.¹⁰¹ However, combining the Commission’s lenient approach with what appears to be the imposition of positive obligations on providers, not envisaged in the AI Act itself, creates inconsistencies and potential issues with interpretation and enforcement. The discussion that follows identifies some of the key challenges with applying the interpretation posited by the Guidelines, as it stands at the time of writing (November 2025), and the likely grounds for judicial challenge, whilst acknowledging that the Commission may amend its reading in due course.

57First, by imposing additional disclosure and justification requirements alongside the copyright policy and training-content summary, the approach taken by the Guidelines raises the question of whether the Commission had the competence to establish such additional quasi-obligations through non-binding executive guidance if not sufficiently supported by the legislation’s text. Second, and on a related note, the Guidelines supply no criteria for assessing what constitutes a ‘disproportionate burden’,¹⁰² and none of the exemption criteria are articulated or explored in the binding provisions of the AI Act or even in the recitals. Thus, the Guidelines seem to confer notable discretion on the Commission (not provided for in the AI Act) to assess whether the exemption criteria have been met by a given GPAI model provider. It is foreseeable that this might provide fertile ground for contentious interactions between the Commission and providers and may lead to judicial challenges if the Commission takes enforcement action informed by the Guidelines’ approach. With that said, where a provider relies on those exemptions and the Commission declines to take enforcement action, in addition to the lack of incentive for the providers to challenge the interpretation, there would also be an absence of a reviewable act capable of challenge under Article 263 TFEU for the rightsholders. Thus, without an appropriate vehicle for judicial challenge the Guidelines would continue to represent the de facto authoritative interpretation. As has been explained above, although non-binding on private parties and the courts, according to settled case law the Guidelines can have a self-binding effect on the Commission.¹⁰³ Therefore, the Commission will be expected to respect the exemptions it has articulated in the Guidelines when exercising its enforcement powers under the AI Act or risk a GPAI model provider arguing before the CJEU that the Commission has unlawfully failed to apply its own Guidelines.¹⁰⁴

58However, a situation can be foreseen where a GPAI model provider does not undertake retraining or unlearning to respect relevant opt-outs and also fails to provide sufficient justification in its copyright policy and training-content summary. For the time being, based on the current Guidelines, the sufficiency of the providers’ disclosure and justification is to be assessed by an unclear internal Commission standard and procedure. It seems that, in principle at least, a GPAI model provider’s failure to satisfy the Commission of its disclosure and justification for invoking an exemption could itself ground an enforcement decision, even a sanction in the form of a fine under Article 101 AI Act, rather than a mere absence of confirmation that opt-outs have been respected. In that event, the provider would have a clear incentive and standing to challenge the decision, thereby enabling the CJEU to assess whether the Guidelines’ approach to Article 111(3) is compatible with the AI Act. This judicial challenge scenario, however, still carries non-negligible risks for providers who would be risking that the CJEU overturns the entirety of the Guidelines’ interpretation on excluding retraining obligations, and not only the exemption criteria thereunder.

59The other, and for this reason more practically likely, route to challenge the Guidelines’ interpretations is via a preliminary reference procedure¹⁰⁵ triggered by private actions brought by copyright holders. As discussed in the commentary on Article 53,¹⁰⁶ some authors contend that the obligations set out in the AI Act constitute a Schutznorm, with the consequence that copyright holders derive rights directly from the AI Act to bring damages claims for copyright violations.¹⁰⁷ The notion that the AI Act’s reference to the CDSM Directive yields horizontal direct effect for opt-outs is unsupported by the AI Act’s wording and the general principles of copyright law, and the more orthodox analysis would be that ‘non-compliance does not automatically amount to copyright infringement, although it could still lead to administrative fines under the AI Act’.¹⁰⁸ Moreover, recital 108 suggests that not every individual copyright infringement in training TDM would amount to a violation of the obligation under Article 53(1)(c).¹⁰⁹ Nonetheless, some rightsholders are still likely to attempt this argument, particularly given that current and anticipated litigation against GPAI model providers is primarily concerned with training and output copyright infringements.¹¹⁰ For the purposes of the present analysis, the merits of such private law claims are largely irrelevant; what matters is that their arguments are likely to hinge on a maximalist interpretation of the AI Act, including the obligations on GPAI model providers that fall within the scope of Article 111(3). Any ensuing litigation could result in an authoritative interpretation of Article 111(3) by the CJEU under the preliminary reference procedure of Article 267 TFEU, which might conflict with that of the current Guidelines.

60Judicial review in either of the two potential CJEU pathways described above would need to discuss whether the framing of the temporal transitional obligation contained in Article 111(3), that is as a requirement to ‘take the necessary steps’,¹¹¹ can be read as potentially limiting the scope of compliance only to those actions that are strictly necessary, understood as measures that are not prohibitive or unduly burdensome after carrying out a proportionality test. In such cases, the CJEU will need to decide whether Article 111 confers sufficient executive discretion to the Commission to, in effect, permit a non-compliant GPAI model that is already placed on the market before 2 August 2025 to remain on the market by requiring the provision of justifications in the copyright policy and summary. It is foreseeable that the CJEU may also be asked to determine whether sanctions or other enforcement measures may be based purely on the failure to meet those additional positive quasi-obligations introduced by the (current) Guidelines. By examining this question, even if the CJEU recognises and endorses the discretion of and the additional conditions imposed by the Commission, the court will be in a position to introduce its own proportionality criteria that it deems appropriate for carrying out the assessment of a ‘disproportionate burden’.¹¹² Pending the determination of a judicial review, the range of possible outcomes increases uncertainty regarding the applicable rules to the transitional regime; however, a binding judgment would definitively settle (many if not all of) the questions raised, providing legal certainty, even if it results in narrower or revised exemption criteria to those currently articulated by the Commission in the Guidelines.

61Finally, it should also be established whether models placed on the market between entry into force of the AI Act on 1 August 2024¹¹³ and the entry into applicability of Chapter V on 2 August 2025,¹¹⁴ the training of which, however, occurred before 1 August 2024, would also need to be brought into compliance. In this instance, as noted above, the AI Act follows the product safety logic whereby the date of placing on the market is the operative date for the applicability of obligations.¹¹⁵ Thus, regardless of whether the AI Act applies to GPAI models placed on the market before 1 August 2024, for those models that were placed on the market after that date, the time when training was planned, took place, or was concluded is irrelevant. The legal consequences appear straightforward: those models fall within the scope of Article 111(3) and their providers must, by 2 August 2027, assess compliance of the training data and retrain if non-conformity with opt-outs is established or, alternatively, provide the required justifications under the Guidelines. That said, this approach might conflict with the general principle of legitimate expectations and the related case law, which holds that legitimate expectations are not respected when ‘the measures adopted, although foreseeable, were introduced at a time when they could no longer be taken into account in formulating investment decisions’.¹¹⁶ Providers may argue that when they took the decision to invest in training activities there was no regulation in force, and having to either limit the lifecycle of a model based on such training until 2 August 2027 or to undertake retraining breaches their legitimate expectations. However, private actors’ legitimate expectations are not absolute, and a potential court decision would need to undertake a balancing of competing interests.¹¹⁷ As with GPAI models placed on the market before 1 August 2024, it is arguable whether this issue would have significant practical impact considering the quick pace at which new more capable models are released in order to effectively compete on the market.¹¹⁸

2.1.3.2. Timing of reservations’ expression

62An important issue that arises out of the transitional period for GPAI models already placed on the market concerns timing of the copyright reservations. The temporal effects of TDM opt-outs must be examined in two aspects: (i) as a general point, should only reservations made before the TDM activities had taken place be taken into account or is there an obligation to continuously monitor and respect subsequent opt-outs; and (ii) should the providers of GPAI models already placed on the market before 2 August 2025 take into account all reservations made before 2 August 2027 or only those that were present at the time of training.

63The first question appears largely settled, as discussed below, in favour of taking into account only those TDM reservations that were present at the time of a GPAI model’s initial training. Nevertheless, a brief examination of this discussion is still useful, if for no other purpose than to clarify the imperfect legal situation created by incorporating the private law instrument in Article 4(3) CDSM Directive into the AI Act’s ex ante obligations, and to elucidate the balancing of interests required to make this relationship work within the AI Act’s temporal logic as a public law instrument.

64Establishing the legal consequences of the timing of TDM reservation is more closely connected with interpreting the wording of Article 4(3) CDSM Directive rather than the text of the AI Act. The legislator has chosen to base the public law obligations of GPAI model providers under the AI Act on a reference to the CDSM Directive, rather than introduce AI Act-specific copyright requirements. This fact has been interpreted by some authors to suggest that the delimitation of the scope of the obligation to respect opt-outs has to be based on ‘the minimum content defined by the EU copyright directives’, and national implementing measures are irrelevant.¹¹⁹

65Article 4(3) of the CDSM Directive is silent on the timing of reservations, and the cross-reference in Article 53(1)(c) AI Act also does not provide any limitations or caveats to its scope. While, notably, the Hungarian transposition legislation of the Directive has made it explicit that only ex ante opt-outs (i.e. those made prior to the TDM taking place) are covered,¹²⁰ this national measure does not proceed directly from the minimum harmonisation rule. With that said, the ‘fundamental’ logic of copyright law is focused on ex ante acts by rightsholders when it comes to authorisations, or opt-ins, of use of their works.¹²¹ In the context of use for TDM, the CDSM Directive operationalises the opt-out as a limitation conditioning mechanism available to the rightsholder rather than an exclusive right, meaning that in the absence of a reservation, the rightsholder effectively accepts the ‘“free use” of the proprietary subject matters for TDM purposes by others’.¹²² For GPAI models, this is preferable from a practical perspective: requiring compliance with ex post reservations (i.e. those exercised after the TDM had occurred) would be burdensome for the providers. This has led to the popular conclusion that ‘only ex ante reservations could comply with the fundamental ideas behind reservation of rights’.¹²³

66While this is the prevailing opinion, authors have also warned against a narrow and strict application of the ex ante rule by pointing out different practical considerations, such as the fact that rightsholders often publish their protected works via third-party platforms over which they exercise little control.¹²⁴ This could lead to situations where mining occurs before an effective reservation can be expressed.¹²⁵ Taking into account the suggested goal of the relevant provision of the CDSM Directive to afford broad protection to rightsholders, a more nuanced reading of the CDSM Directive whereby ‘ex post reservations shall not be automatically excluded from the scope of Article 4(3)’,¹²⁶ has some merit.

67However, it seems that this more nuanced reading is more suited to private actions by rightsholders for damages suffered due to a failure to respect their opt-outs rather than enforcement of public law obligations where, in general, the principle of legal certainty takes priority.¹²⁷ This is consistent with the approach adopted in the Copyright Chapter of the Code of Practice, which requires signatories to appropriately ensure that they inform rightsholders of the measures they have adopted ‘to identify and comply with rights reservations expressed pursuant to Article 4(3) of Directive (EU) 2019/790 at the time of crawling’.¹²⁸ The wording used by the Code of Practice confirms the ex ante timing of the reservations in order to affect any given TDM activity by limiting opt-out detection and corresponding measures to the time of TDM, whilst not covering any retroactive detection or removal for ex post expressions of reservations.¹²⁹

68The question of reservations made between initial training and 2 August 2027 has been raised repeatedly in the recent literature discussing the copyright obligations under the AI Act.¹³⁰ However, it has not received the same substantive analysis as the territorial reaches of the obligations related to respecting opt-outs has.¹³¹ One explanation is the uncertainty that was present among authors as to the precise scope of the obligations that providers of GPAI models already placed on the market before 2 August 2025 face as regards copyright.¹³² Before the Guidelines, in the absence of a definitive interpretation as to whether this entailed a requirement to conform the models’ training to the relevant opt-out obligations or simply a forward-facing policy, it remained unclear whether there would be an open question regarding the timing of reservations for the models placed on the market before 2 August 2025. However, since the Guidelines were issued, as discussed in detail above, the debate is now relatively settled towards the more predominant view that, for copyright, Article 111(3), prima facie, requires retraining to cure non-compliant TDM.¹³³ That said, there remains the practical question of the timing of the reservations in those cases where the exemption justifications stated by the GPAI model provider are deemed insufficient by the Commission or where the CJEU decides to disapply or amend in some way the exemptions contained in the Guidelines.¹³⁴

69Following the discussion of the general nature of the provision of Article 111(3),¹³⁵ it is argued that compliance will be assessed by reference to the applicable rules and understanding of the state of the art at the time of the final transitional date (2 August 2027) to conduct a review of whether opted-out copyright works were included in the initial training data. This interpretative approach is based on an expectation that state-of-the-art techniques to review which works had been included in the initial training data may have significantly improved by 2 August 2027. However, even with that reading, it remains uncertain which date is relevant for assessment of whether reservations have been respected in the training: the date on which the training actually took place or the deferral date for compliance, that is, 2 August 2027.

70The first possible reading is that compliance with opt-out obligations is assessed by reference to the date on which the GPAI model was initially trained. In such a situation, 2 August 2027 would only serve as the point by which compliance must be ensured but without setting any additional ex post reservation requirements. Under this reading, providers would not be required to ensure conformity of the model’s training data with the reservations that are present on 2 August 2027. Instead, the provider’s obligation would be assessed at the time of initial training. Accordingly, under this reading, the training data would need to exclude any works for which a reservation within the meaning of Article 53(1)(c) had already been made at the time of initial training. This interpretation is in line with the baseline approach of the Guidelines¹³⁶ because it still requires actual compliance with reservations, but it only applies this requirement for reservations that were present at the time when initial training took place.

71A potential criticism of this approach is that Chapter V, which also contains the explicit reference to the CDSM Directive, entered into application only on 2 August 2025.¹³⁷ It may be suggested that rightsholders, who would have otherwise made reservations following the entry into application of Chapter V, if they are not allowed to opt out during the transitional period, would be effectively prevented to assert their newly established right and avoid their copyrighted works being included in the training data of models placed on the market before 2 August 2025.¹³⁸

72In line with this reasoning, an alternative reading would be that, even though the GPAI model was placed on the market before 2 August 2025, Article 111(3) introduces a legal fiction that, for the purposes of TDM compliance, the model is trained on 2 August 2027. The consequence of this interpretation is that the provider’s obligations are measured against the factual state of reservations on that 2 August 2027 date, meaning that training data would need to exclude all works for which an opt-out was expressed prior to that date. While maximising rightsholder protection, this reading would subject providers of models placed on the market before 2 August 2025 to retroactive and unequal treatment compared to providers placing models thereafter, who only need to respect ex ante reservations, that is, those present at the time of TDM.¹³⁹

73For these reasons, the first reading would provide a higher level of interpretative consistency and seems preferable as it preserves legal certainty and legitimate expectations by avoiding disproportionate retroactive obligations. This reading is also better aligned with the Code of Practice’s demand for compliance at the time of TDM for the purposes of training across models placed on the market at different times, and would be easier to monitor.¹⁴⁰ While it may afford a lower level of protection of rightsholders’ interests at the public law level of the AI Act, the approach seems to strike a sensible balance between competing interests and does not impair rightsholders’ ability to bring private actions for damages.¹⁴¹

2.1.3.3. Modifications to initial model

74The treatment of modifications made during the transitional period to GPAI models placed on the market before 2 August 2025, insofar as they affect providers’ copyright obligations, follows the framework for modifications set out in Section 2.1.1.2. of this commentary. For the purposes of the present discussion, the focus is on subsequent modifications that entail further training after 2 August 2025 of those GPAI models that have been placed on the market before 2 August 2025.

75In the event that such modifications are introduced by or on behalf of the initial provider and they do not lead to the placing of a new model on the market, then, based on the current Guidelines issued by the AI Office, they form part of the lifecycle of the model that was placed on the market prior to 2 August 2025.¹⁴² Considering that the AI Act does not establish rules on the differentiated treatment of training runs that follow the initial large training run, under the current interpretation of the Guidelines, compliance would be deferred until 2 August 2027 for those subsequent training runs completed within the same model’s lifecycle.¹⁴³ The Guidelines adopt a comparatively lenient approach to the retraining of models already placed on the market by permitting providers to forgo retraining upon the provision of adequate justification.¹⁴⁴ However, it is suggested that a different approach would be preferable for subsequent training iterations after 2 August 2025, even when falling within the same model’s lifecycle. This is because, as a matter of policy, such subsequent training runs would be completed after the entry into force and application of the obligations under Chapter V of the AI Act.¹⁴⁵ Thus, GPAI model providers would have had the ability to familiarise themselves with the requirements for respecting appropriately expressed TDM reservations. Therefore, it is suggested that any training activities undertaken following 2 August 2025, regardless of the fact that they would benefit from the deferred applicability under Article 111(3), ought to respect reservations and not benefit from the exemptions contained in the (current) Guidelines.¹⁴⁶

76In addition to the above, initial provider modifications to GPAI models placed on the market prior to the entry into force of the AI Act on 1 August 2024 also need to be considered. Must they be compliant with the Act? As outlined above, the principle of non-retroactivity could be interpreted to suggest that such models, including any modifications to such models, fall entirely outside the AI Act’s scope.¹⁴⁷ Some authors have argued, however, that while this might be the principal case, if such a model was modified following the entry into force of the AI Act, then the latter could apply at least partially to those modifications.¹⁴⁸ This argument is based on the settled case law of the CJEU which states that:

a new rule of law applies from the entry into force of the act introducing it, and, while it does not apply to legal situations that have arisen and become final under the old law, it does apply to their future effects, and to new legal situations.¹⁴⁹

77While such an interpretation seems equitable, it is difficult to reconcile it with the concept of a model’s lifecycle under the current Guidelines, which deems any such modifications as part of the original model.¹⁵⁰ Considering that the initial model was placed on the market before the AI Act entered into force, and is therefore outside its scope, applying the product safety logic would suggest that the later training or modification would likewise also fall outside the scope, since the relevant baseline is always the date of placing on the market.¹⁵¹ However, the AI Act’s temporal logic does not map neatly onto a traditional product safety framework.¹⁵² If, in this instance, the AI Act is understood as primarily concerned with regulating entities rather than products, the apparent contradiction can be resolved and obligations may lawfully attach to the provider conducting the modifications post entry into force, even if the underlying model predates entry into force.¹⁵³ If the initial provider modifications result in a new GPAI model placed on the market, then regardless of when the original model was placed on the market, the provider will be required to fully comply with obligations at the time of the new placing on the market.

78With regard to subsequent training after 2 August 2025 carried out by downstream modifiers, if the modification has resulted in the placing of a new model on the market, then a preferred interpretation of the Guidelines suggests that the modifier must ensure that the modifications comply with applicable copyright obligations at the time of placing on the market and cannot rely on Article 111(3)’s deferral.¹⁵⁴ Where the modification does not result in a new model, no additional obligations arise for the modifier.¹⁵⁵ Further, if such modification cannot be attributed to the initial provider, the AI Act likewise imposes no further obligations on that initial provider.¹⁵⁶ Accordingly, minor subsequent training runs by downstream modifiers could contravene rightsholders’ reservations without offending the AI Act. However, some recourse is available: the public law exclusion does not prejudice rightsholders’ recourse under private law, such as to submit claims for damages.¹⁵⁷

2.1.4. Appointing an authorised representative under Article 54

79In addition to the obligations under Article 53, providers of GPAI models placed on the market before 2 August 2025 that are established in third countries must also ‘appoint an authorised representative established in the Union’ under Article 54(1).¹⁵⁸ Whether and how Article 111(3) may affect this is examined below.

80First, it must be determined whether Article 54 places an ‘obligation’ on GPAI model providers within the meaning of Article 111(3). While the title of Article 53 explicitly refers to the fact that it governs ‘obligations’ of GPAI model providers, the title and text of Article 54 do not contain such an express reference to obligations. However, both Articles 53 and 54 sit within Chapter V, Section 2. AI Act, entitled ‘Obligations for providers of general-purpose AI models’. Moreover, Articles 55(1) and 93(1)(a) unambiguously treat Article 54 as (or containing) an ‘obligation’.¹⁵⁹ This interpretation also aligns with the Commission’s (current) Guidelines.¹⁶⁰ A systematic reading, therefore, confirms that Article 54 constitutes an obligation within the meaning of Article 111(3), which in principle benefits from the temporal deferral contained therein for third-country providers of GPAI models placed on the market before 2 August 2025.

81In this context, it should be examined how the temporal deferral is operationalised considering that Article 54(1) requires the appointment of an authorised representative ‘prior to placing’¹⁶¹ a GPAI model on the Union market. That requirement sits in immediate tension with Article 111(3), which by definition applies only to models already placed on the market. Neither the AI Act nor the Guidelines address this issue. It can be inferred that the purpose of requiring the appointment of a representative prior to the placing on the market in Article 54 is to ensure that the AI Office has an easily accessible and appropriately authorised Union contact point for supervision and monitoring of third-country GPAI model providers immediately from the moment of placing the GPAI model on the market.¹⁶² Therefore, a practical interpretation of Article 111(3) together with Article 54 would posit that a third-country provider whose GPAI model was placed on the market before 2 August 2025 must appoint an authorised representative before 2 August 2027. This is so because this represents the date on which all substantive obligations for that provider would commence their applicability,¹⁶³ and for practical purposes that date can, in effect, be treated as equivalent to the date of market placement.

82With that said, nothing prevents a GPAI model provider from appointing an authorised representative before that date.¹⁶⁴ In fact, such an action is likely to be beneficial for the provider, particularly considering the Commission’s acknowledgment that providers whose models were placed on the market before 2 August 2025 may experience challenges to fulfill their obligations by 2 August 2027,¹⁶⁵ and the stated commitment by the AI Office to support such providers in undertaking the necessary steps for compliance.¹⁶⁶ It can be imagined that such support activities may be extended to a GPAI model provider during the transitional period whether an authorised representative is appointed or not. That said, the presence of an authorised representative in the Union during Article 111(3)’s transitional period is more likely to facilitate engagement and full compliance after 2 August 2027, especially given the representative’s role in verifying compliance with Article 53 (and, where applicable, Article 55)¹⁶⁷ and in cooperating with the AI Office and national competent authorities.¹⁶⁸

2.1.5. Obligations on GPAI models with systemic risk placed on the market before 2 August 2025

2.1.5.1. GPAI models with systemic risk under Article 51(1)(a)

83As a starting point, it is necessary to evaluate how providers of GPAI models with systemic risk placed on the market before 2 August 2025 that have high-impact capabilities under Article 51(1)(a) are to comply with the AI Act. Article 51(2) unambiguously introduces a presumption that models trained with a cumulative amount of computation measured in floating point operations greater than 10²⁵ have high-impact capabilities under Article 51(1)(a).¹⁶⁹ Researchers estimate that some models placed on the Union market before 2 August 2025 have exceeded this threshold.¹⁷⁰ Therefore, two important questions arise with relation to Article 111(3): (i) by which date should providers comply with the additional obligations for GPAI models with systemic risk under Article 55 and (ii) when should a provider notify the Commission of the fact that a given GPAI model has met the high-impact capability thresholds under Article 52(1), first sentence?

84The answer to the first question is reasonably clear: Article 111(3) grants an additional transitional period for compliance with obligations until 2 August 2027. This means that a provider of a GPAI model with systemic risk, classified as such on the basis of the condition under Article 51(1)(a) and placed on the market before 2 August 2025,¹⁷¹ has until 2 August 2027 to comply with the substantive obligations contained in Article 55, in addition to those under Articles 53 and 54.¹⁷² Considering that GPAI models with systemic risk are subjected to additional obligations, particularly the identification, assessment, and mitigation of systemic risks,¹⁷³ precisely because of their expected higher negative impacts relative to GPAI models without systemic risk,¹⁷⁴ the application of this transitional period is difficult to reconcile with the risk profile of those models and also, therefore, the risk-based ethos of the AI Act.¹⁷⁵ Nevertheless, this policy compromise between legal certainty and risk mitigation appears to be a deliberate choice considering that no exclusion from the additional transitional period under Article 111(3) has been introduced for GPAI models with systemic risk.

85The resolution of the second question is not as readily apparent from a literal reading of Article 111(3) alone. As with the discussion above on the interplay between Article 54 and 111(3),¹⁷⁶ the present analysis turns on first determining whether the requirement placed on the provider by the first sentence of Article 52(1) to notify the Commission once the high-impact capability condition is met (or it becomes known that it will be met) constitutes an obligation within the meaning of Article 111(3).

86Initially, one might note that the first sentence of Article 52(1) contains a procedural obligation rather than a substantive one. However, Article 111(3) speaks about ‘obligations’ broadly, and draws no distinction in consequences between the two categories. Therefore, a differentiated treatment of procedural and substantive obligations for providers of GPAI models with systemic risk solely on the basis of the obligations’ different legal character seems to lack concrete justification in Article 111(3).

87That conclusion, however, does not exhaust the inquiry into whether the notification required by the first sentence of Article 52(1) should benefit from the additional transitional period contained in Article 111(3). In particular, it is necessary to consider: (i) the systematic placement of the notification obligation within the structure of the AI Act, (ii) its meaning and legal effects, and (iii) the intended purposes and objectives pursued by that provision. These matters are addressed in that order below.

88Examined systematically, Article 52(1) sits within Section 1. of Chapter V, entitled ‘Classification rules’, whereas the substantive obligations for providers of GPAI models, including for those with systemic risk under Article 55, are placed in Sections 2 and 3 of Chapter V, the titles of which explicitly state that they concern provider obligations.¹⁷⁷ The case law of the CJEU, while not according the same legal effect to titles of sections, chapters and articles as to the operative provisions themselves, has on numerous occasions treated such titles as interpretative aids, particularly for systematic interpretation across provisions included in or excluded from specific sections.¹⁷⁸ The CJEU accordingly has taken into account section and chapter titles unless the legislative act itself states that they are provided solely for ease of reference,¹⁷⁹ which is not the case with the AI Act. Moreover, unlike the content of Articles 53, 54 and 55 which are referred to explicitly within other binding provisions as obligations,¹⁸⁰ no such reference is made in respect to Article 52(1). The systematic placement of Article 52(1), therefore, can support the view that it should not be treated as an obligation within the meaning of Article 111(3).

89With that said, however, regard must be had not only to the grammatical considerations and systematic placement of Article 52(1), but also to its intended meaning and legal effects.¹⁸¹

90The first sentence of Article 52(1) uses the phrase ‘shall notify’, which indicates a positive obligation for the provider. Furthermore, the second sentence of Article 52(1) sets out requirements for the content of the notification, which may be read as specifying the necessary elements for the fulfillment of an obligation. Specifically, the provision requires the provider to collect and include the information that gives rise to the high-impact capability assessment.¹⁸² This can be understood as falling within the concept of ‘necessary steps’ required to comply with an obligation within the meaning of Article 111(3). This interpretation appears also to be shared by the Commission: the (current) Guidelines expressly refer to Article 52(1) as an ‘obligation’ to notify.¹⁸³

91Relatedly, the legal consequences of non-notification include not only that the Commission may designate a GPAI model as having systemic risk under the third sentence of Article 52(1) in lieu of the absent notification,¹⁸⁴ but also that non-notification itself may attract the imposition of a fine under Article 101(1)(a), irrespective of compliance with Article 55.¹⁸⁵ This supports a conclusion that the first sentence of Article 52(1) lays down a distinct obligation producing legal effects independent of, and in addition to, giving rise to the application of Article 55. Under this interpretation, therefore, the first sentence of Article 52(1) should be treated as an obligation under Article 111(3).

92Finally, while keeping in mind the foregoing, it must be considered that Article 52(1), first sentence, contains a specific notification timeline, namely notification two weeks after high-impact capability thresholds are met or it becomes known that they will be met. Whether this entails an obligation to notify even before market placement is a contentious issue.¹⁸⁶ The resolution of that debate bears directly on the interpretation of the relationship between Article 111(3) and Article 52(1), first sentence, insofar as it sheds light on the latter’s intended purpose when contrasted with Article 55.¹⁸⁷

93The (current) Commission Guidelines support the view that a pre-market placement notification is required.¹⁸⁸ Under this reading, GPAI models with systemic risk that are (or will be) placed on the market after 2 August 2025 have to be notified once it becomes reasonably foreseeable for the provider that the high-impact capabilities presumption threshold is likely to be met.¹⁸⁹ This means that notification will be required before the date on which material obligations under Article 55 come into effect (i.e. the market placement date).¹⁹⁰ This pre-market placement notification approach is supported by recital 112, sixth sentence, AI Act which states that early notification is ‘valuable for the AI Office to anticipate the placing on the market of general-purpose AI models with systemic risks and the providers can start to engage with the AI Office early on’.

94If the temporal applicability of the substantive obligations under Article 55 is distinct from the notification obligation for GPAI models with systemic risk placed on the market after 2 August 2025, an argument can be made that an analogous differentiation may be required under Article 111(3) for models placed on the market before 2 August 2025. This is explained by the fact that under this interpretation, the notification requirement pursues a set of objectives separate from and temporally antecedent to the substantive obligations applicable upon market placement. It follows that, by analogy, for GPAI models with systemic risk that have been placed on the market before 2 August 2025, notification under this interpretation should also occur before the Article 55 obligations become applicable on 2 August 2027.

95Precisely how long before 2 August 2027 notification should occur, however, is not easily determinable. Again, looking at GPAI models with systemic risk placed on the market after 2 August 2025, their notification should occur, at a minimum, when it becomes apparent that the high-impact capability thresholds have been met.¹⁹¹ For GPAI models with systemic risk placed on the market before 2 August 2025, however, this moment of reaching the high-impact capability threshold occurred before Article 52(1) even entered into application on 2 August 2025.¹⁹² It could be argued, therefore, that in line with the pre-market placement notification interpretation, notification for those models should occur at the earliest possible moment after entry into application of Chapter V or, in other words, within two weeks after 2 August 2025. Under this interpretation, GPAI models with systemic risk placed on the market before 2 August 2025 need to be notified within that two-week period, whereas the substantive obligations under Article 55 are deferred to 2 August 2027 by virtue of Article 111(3).

96On the other hand, if it is determined that no pre-market placement notification obligation exists in general, then, by the converse analogy, it could be concluded that the notification procedure and the Article 55 substantive obligations cannot be differentiated by reference to their intended purposes.¹⁹³ If, for those GPAI models with systemic risk placed on the market after 2 August 2025, the date of placing on the market is the relevant date for operation of both the procedural notification obligation and the substantive obligations, Article 111(3) affords no basis for treating the obligations differently for models placed on the market before 2 August 2025. Under this interpretation, therefore, both Article 52(1) and Article 55 read in conjunction with Article 111(3) should become applicable concurrently on 2 August 2027.

97While all three possible interpretative considerations analysed above are supported by pre-existing CJEU case law in other areas, the determination as to whether, and the extent to which, weight should be accorded to the systematic placement, the wording and effects, or the intended purposes of a specific provision is determined with regard to the particularities of the question being examined by the court.¹⁹⁴ Attempting to perform this determination on Article 52(1) read together with Article 111(3), here, in the abstract, would be largely speculative and lack utility.

98Regardless of which date is ultimately determined to be applicable to the notification obligation, if the provider of a GPAI model with systemic risk pursuant to Article 51(1)(a) fails to notify, the Commission itself may designate the GPAI model as having systemic risk following the procedure of Article 52(1), third sentence.¹⁹⁵ The designation decision does not change the deferred applicability of the material obligations under Article 55 read in conjunction with Article 111(3) for those GPAI models with systemic risk placed on the market before 2 August 2025 to a date other than 2 August 2027. However, as mentioned above, failure to notify in time (however that is determined) may give rise to a fine on that basis.¹⁹⁶ Further, the designation decision may be accompanied by a penalty for failure to meet material obligations under Article 55 between the deferred date of applicability (2 August 2027) and the later date of the designation decision.¹⁹⁷

2.1.5.2. GPAI model placed on the market before 2 August 2025, classified as a GPAI model with systemic risk under the designation mechanism of Article 51(1)(b)

99Even if a model does not meet the Article 51(1)(a) or 51(2) thresholds, it may still be classified as a GPAI model with systemic risk via Commission decision under Article 51(1)(b) if it has capabilities or an impact equivalent to those set out in Article 51(1)(a) assessed against the designation criteria in Annex XIII.¹⁹⁸

100In light of legal certainty considerations, at the time of writing in September 2025, the Guidelines posit that a provider of a GPAI model with systemic risk so designated under Article 51(1)(b) is required to comply with the specific obligations concerning such models after it has been informed of the designation decision.¹⁹⁹ However, a designation decision does not, in itself, amount to the placing of a new model on the market, rather it only classifies a GPAI model that has already been placed on the market as one possessing systemic risk.²⁰⁰ Therefore, it can be concluded that a designation decision does not alter the date on which the model has been placed on the market, which is the operative date for assessing the applicability of Article 111(3). Consequently, on a systematic reading of Article 111(3) together with Articles 51 and 52, a model placed on the market before 2 August 2025 and designated as a GPAI model with systemic risk during the transitional period must comply with all obligations, including those under Article 55, by 2 August 2027. If designation occurs after 2 August 2027, Article 111(3) no longer provides a deferral even if the model has been placed on the market before 2 August 2025; thus, the provider will be required to comply with its obligations under Article 55 following receipt of the designation decision.²⁰¹

2.1.5.3. GPAI model placed on the market before 2 August 2025, modified into a GPAI model with systemic risk

101Under the current version of the Guidelines, only a new large pre-training run undertaken by the initial provider is treated as placing a new model on the market.²⁰² All other modifications by or on behalf of the initial provider are considered to form part of the lifecycle of the original model.²⁰³ The Guidelines specifically note that different considerations apply when modifications are introduced by downstream actors.²⁰⁴ As already explained above, the Commission’s position is that a downstream modifier places a new model on the market where the introduced modifications result in a ‘significant change in the model’s generality, capabilities, or systemic risk’.²⁰⁵ While this dual approach is largely unproblematic for modifications to GPAI models placed on the market before 2 August 2025 that neither previously exhibited nor subsequently acquired systemic risk, it raises several issues where modifications by the initial provider result in a model that presents systemic risk, considering the importance of timely systemic risk assessment and mitigation.²⁰⁶

102Specifically, the Guidelines’ dual approach according to the identity of the modifier, rather than the nature of the modification,²⁰⁷ leads to a situation where: (i) if subsequent modifications made by the initial provider within the lifecycle of the original GPAI model that did not initially present systemic risk result in the emergence of systemic risk, then compliance with systemic risk-specific obligations is deferred to 2 August 2027, whereas (ii) if the downstream modifier through such subsequent modifications introduced systemic risks in a GPAI model that previously did not present them, compliance is required immediately upon placement of the modified GPAI model with systemic risk. This dichotomy is explained in detail below.

103Modifications by the initial provider that do not include a large pre-training run, despite resulting in the emergence of systemic risk, will be considered by the Commission to represent part of the lifecycle of the initial model that was placed on the market prior to 2 August 2025.²⁰⁸ Therefore, the Commission’s current Guidelines result in Article 111(3) applying to the modified model, such that the original GPAI model provider would be required to meet the specific obligations related to a GPAI model with systemic risk only on 2 August 2027.²⁰⁹

104Conversely, if a downstream entity introduces modifications to a GPAI model that was already placed on the market by an upstream GPAI model provider before 2 August 2025 and those modifications lead to the emergence of systemic risk, then the downstream modifier is deemed the provider of the modified model and must comply with Article 55 without any temporal deferrals.²¹⁰

105The resulting different treatment of modifications giving rise to emergence of systemic risk depending on the entity introducing modifications is difficult to reconcile with the binding provisions of the AI Act, which do not make a distinction between modifications by the initial provider versus a downstream modifier, mainly because they do not regulate modifications to GPAI models at all. Rather, the AI Act’s definitions of ‘provider’,²¹¹ ‘general-purpose AI model’,²¹² and ‘placing on the market’,²¹³ which the Guidelines are expected to follow and interpret when addressing modifications and describing their consequences, operate as unified concepts, without caveats or carve-outs depending on an entity’s position in the value chain.

106One possible interpretative solution is to read the Guidelines as positing that a modification which has met the Guidelines’ ‘significant change’ threshold²¹⁴ does not necessarily entail that a new model, as such, has been placed on the market within the meaning of Article 3(63) read in conjunction with Article 3(9). Rather, by operation of a legal fiction, the modified model is considered placed on the market only for the purposes of imposing the limited obligations on a downstream modifier as set out in recital 109 AI Act.²¹⁵ This reading finds some support in the Guidelines’ phrasing, which states that a ‘modifier becomes the provider of the modified general-purpose AI model’, rather than referring to the occurrence of a new placing on the market.²¹⁶ This possible solution, however, is difficult to reconcile with the Guidelines’ specific approach to downstream modifiers who become providers of a GPAI model with systemic risk.²¹⁷ In this regard, the Guidelines prescribe that a modifier must comply with the full set of obligations applicable to providers of GPAI models with systemic risk rather than a limited set of obligations related only to the introduced modifications,²¹⁸ unlike the approach for modifiers of GPAI models without systemic risk under recital 109.²¹⁹

107Furthermore, this narrow and literal interpretation is not consistent with a systematic reading of the Guidelines’ general approach to downstream modifications. While the Guidelines’ text does not expressly state that a modified model constitutes a new model or a new placing on the market, it repeatedly contrasts original model and modified models.²²⁰ This suggests that the so-called ‘modified model’ is indeed considered a new model or at least a new placing on the market.²²¹ This is supported by the fact that there is no legal basis in the AI Act for imposing obligations on a downstream modifier unless it qualifies as a ‘provider’ under the meaning of Article 3(3). This, in turn, requires that the entity has placed a GPAI model on the market for it to fall within the AI Act’s definition of ‘provider’.

108Therefore, it seems that the tension cannot be resolved through consistent interpretation of the Guidelines alone. As explained in detail above, the Guidelines can produce self-binding effects on the Commission’s exercise of interpretative discretion,²²² which means that despite the apparent inconsistency in the treatment of systemic risk depending on whether it emerges from modifications to a GPAI model without systemic risk placed on the market before 2 August 2025 (i) by or on behalf of the initial provider or (ii) by a downstream modifier, the Commission will likely be obliged to apply its own reading. Under the former scenario, the initial provider will have to comply with the obligations for GPAI models with systemic risk by 2 August 2027; in the latter scenario, the downstream modifier will have to comply upon placing the modified GPAI model with systemic risk on the market. Consequently, only a revision of the Guidelines or a binding interpretation by the CJEU can alter the de facto standing of this interpretation as the applicable one.

2.2. Articles 111(1) and (2)

109Article 111(1) defers the application of obligations to AI systems, which are components of large-scale IT systems and were placed on the market or put into service before 2 August 2027, until 31 December 2030. Considering that any such systems that may be based on a GPAI model placed on the market before 2 August 2025 will need to achieve compliance well after the Article 111(3) deferral for GPAI models has expired,²²³ a discussion on Article 111(1) falls outside the scope of the present analysis.²²⁴

110Article 111(2), first sentence, states that the AI Act is inapplicable to high-risk AI systems placed on the market before 2 August 2026 unless they undergo significant changes in their design after that date. Where such a high-risk AI system is based on a GPAI model placed on the market before 2 August 2025, a temporal tension may arise between the GPAI model provider’s deferred compliance date (2 August 2027) and a potential high-risk AI system provider’s obligation to comply between 2 August 2026 and 2 August 2027 following a significant change to its design in that period. These issues are substantively the same as those discussed in the subsection on documentation and transparency obligations for high-risk systems placed on the market after 2 August 2026 that rely on GPAI models placed on the market before 2 August 2025. Accordingly, these matters are fully addressed there and need not be repeated.²²⁵

2.2.1. Commission proposal to amend Article 111(2) and to add a new Article 111(4)

111Additionally, on 19 November 2025, the Commission published a proposal to amend the AI Act as part of its Digital Omnibus Package aimed at simplifying certain measures of Union digital regulation.²²⁶ The proposal is subject to the ordinary legislative procedure and, at the time of writing (November 2025), it remains uncertain whether (or to what extent) its contents will be adopted.²²⁷ Accordingly, only the main points of the proposal are outlined herein.

112Within its proposal, the Commission states that the general entry into application of the AI Act on 2 August 2026, and, in particular, the application of Sections 1, 2 and 3 of Chapter III AI Act containing substantive obligations for providers of high-risk AI systems, is likely to be impeded by the ‘delayed availability of standards, common specifications, and alternative guidance and the delayed establishment of national competent authorities’.²²⁸ Consequently, the Commission has proposed amendments to Article 113, whereby the application of Sections 1, 2 and 3 of Chapter III AI Act is preconditioned on ‘the adoption of a decision of the Commission confirming that adequate measures in support of compliance with Chapter III are available’.²²⁹ In connection with this, the proposal suggests amending Article 111(2) so that it applies to high-risk AI systems placed on the market before the date of entry into application of the relevant obligations under the amended Article 113,²³⁰ rather than placed on the market before the fixed date of 2 August 2026 as is the case under the enacted version of the Act. If adopted as proposed, these changes are likely to mitigate the potential conflicts, discussed above,²³¹ between the entry into application of obligations for providers of high-risk AI systems based on GPAI models and for providers of those GPAI models. This is because the Commission’s proposal is aimed, in effect, at deferring the applicability date of high-risk AI system obligations. Consequently, even if a high-risk AI system is based on a GPAI model placed on the market before 2 August 2025, which benefits from the additional transitional period under Article 111(3), the obligations of the GPAI model provider to comply by 2 August 2027 are more likely to be satisfied before or at the same time as the obligations of Chapter III begin to apply to the AI system provider under the new proposed Article 113(3)(d).²³²

113Chapter IV AI Act, which contains a single provision, Article 50, and sets out the transparency obligations for providers and deployers of certain AI systems, is unaffected by the proposed amendments to Article 113. Therefore, even if the Commission proposal is adopted, Article 50 would still apply from 2 August 2026. However, the Commission has highlighted a need for providing an additional transitional period to enable providers of AI systems that generate synthetic audio, image, video, or text to comply with Article 50(2) AI Act,²³³ which requires them to ‘ensure that the outputs of the AI system are marked in a machine-readable format and detectable as artificially generated or manipulated’.²³⁴ Accordingly, the proposal suggests adding a new paragraph 4 to Article 111, under which providers of such generative AI systems placed on the market before 2 August 2026 benefit from an additional transitional period to comply with Article 50(2) obligations by 2 February 2027 (6 months from the date of entry into application).²³⁵