7.2 KiB
| type | title | author | url | date | domain | secondary_domains | format | status | priority | tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| source | EU AI Act Articles 51-56, 88-93, 101: GPAI Systemic Risk Obligations and Compulsory Evaluation Framework | European Union / EU AI Act (euaiact.com) | https://www.euaiact.com/article/51 | 2024-07-12 | ai-alignment | legislation | processed | high |
|
Content
Article 51 — GPAI Systemic Risk Classification
A GPAI model qualifies as having systemic risk if it demonstrates high-impact capabilities OR if the Commission designates it as such. Presumption threshold: cumulative training compute exceeding 10^25 floating-point operations (approximately the compute used to train GPT-4 and above). This threshold captures only the most computationally intensive frontier models.
Article 53 — Standard GPAI Provider Obligations
All GPAI providers must: (1) maintain technical documentation of training and testing processes; (2) provide downstream developers with capability/limitation disclosures; (3) establish copyright compliance policies; (4) publish training data summaries. Open-source exception applies EXCEPT for models with systemic risk.
Article 55 — Systemic Risk GPAI Obligations
Providers of systemic-risk GPAI models must: (1) perform model evaluation including adversarial testing in accordance with standardized protocols reflecting state-of-the-art; (2) assess and address systemic risks at EU level; (3) track and report serious incidents without undue delay; (4) maintain cybersecurity protections. Compliance pathways are flexible: codes of practice, harmonized standards, or "alternative adequate means" assessed by the Commission. NOT mandatory independent third-party audit.
Article 56 — Codes of Practice
AI Office facilitates voluntary codes of practice development with industry, academia, civil society. Codes must be ready by May 2025; Commission approved final Code July 10, 2025. Commission may give approved codes binding force via implementing act. If codes prove inadequate by August 2025, Commission may impose binding common rules.
Article 88 — Commission Exclusive Enforcement Powers
Commission receives exclusive powers to supervise and enforce GPAI rules. Implementation delegated to AI Office. National authorities can request Commission assistance when proportionate.
Article 91 — Information and Documentation Requests
AI Office may request GPAI providers to submit compliance documentation or "any additional information necessary for assessing compliance." Commission may also compel access upon scientific panel requests. Structured dialogue may precede formal requests. Procedurally specific requirements for all requests.
Article 92 — Compulsory Evaluation Powers (KEY PROVISION)
The AI Office may conduct independent evaluations of GPAI models in two scenarios: (1) when Article 91 documentation is insufficient for compliance assessment; (2) to investigate union-level systemic risks following qualified alerts from the scientific panel. Powers include: appointing independent experts from the scientific panel; compelling access via APIs, source code, and "appropriate technical means and tools." Providers must comply under penalty of fines. This is a compulsory access mechanism — not voluntary-collaborative.
Article 101 — Fines for GPAI Providers
Maximum fine: 3% of annual worldwide turnover or EUR 15 million, whichever is higher. Applies to violations including: violating regulation provisions, failing to provide requested documents, disobeying measures requested, denying access for Commission evaluations.
Agent Notes
Why this matters: This is the most detailed picture of what the EU AI Act actually creates for GPAI systemic risk models. The key finding is that Article 92 creates genuinely compulsory evaluation powers — not voluntary-collaborative like METR/AISI — but they're triggered reactively (by qualified alerts or compliance failures), not proactively required before deployment. This is a crucial distinction from the FDA pre-market approval model.
What surprised me: Article 92's compulsory access to APIs and source code is meaningfully stronger than I expected based on yesterday's research. The AI Office can appoint independent experts and compel technical access. This moves the EU AI Act closer to AAL-2 (non-reliance on company statements when triggered) but still falls short of AAL-3/4 (deception-resilient, proactive).
What I expected but didn't find: A proactive pre-deployment evaluation requirement. The EU AI Act creates mandatory obligations (Article 55) with binding enforcement (Articles 92, 101) but the evaluation is triggered by problems, not required as a condition of deployment. The FDA analogy fails specifically here — drugs cannot be deployed without pre-market approval; GPAI models under EU AI Act can be deployed while the AI Office monitors and intervenes reactively.
KB connections:
- voluntary safety pledges cannot survive competitive pressure — Article 55 creates mandatory obligations that don't depend on voluntary commitment, but the flexible compliance pathways preserve lab discretion in HOW they comply
- scalable oversight degrades rapidly as capability gaps grow — Article 92's compulsory evaluation powers don't solve the AAL-3/4 infeasibility problem; even with source code access, deception-resilient evaluation is technically infeasible
- technology advances exponentially but coordination mechanisms evolve linearly — the 10^25 FLOP threshold will require updating as compute efficiency improves
Extraction hints: Primary claim: "EU AI Act Article 92 creates the first binding compulsory evaluation powers for frontier AI models globally — AI Office can compel API/source code access and appoint independent experts — but enforcement is reactive not proactive, falling structurally short of FDA pre-market approval." Secondary claim: "EU AI Act flexible compliance pathways for Article 55 allow GPAI systemic risk models to self-certify compliance through codes of practice rather than mandatory independent third-party audit."
Context: This is a synthesis of Articles 51, 53, 55, 56, 88, 91, 92, 101 from the EU AI Act. GPAI obligations became applicable August 2, 2025. The Act is in force globally for any frontier AI models deployed in EU market.
Curator Notes (structured handoff for extractor)
PRIMARY CONNECTION: voluntary safety pledges cannot survive competitive pressure because unilateral commitments are structurally punished when competitors advance without equivalent constraints — EU AI Act's mandatory structure counters this weakness, but flexible compliance pathways partially reintroduce it WHY ARCHIVED: First binding mandatory evaluation framework globally for frontier AI — essential for B1 disconfirmation assessment and the multi-session "governance gap" thesis EXTRACTION HINT: Focus on the Article 92 compulsory evaluation / reactive vs proactive distinction — this is the key structural feature that makes EU AI Act stronger than voluntary-collaborative METR/AISI but weaker than FDA pre-market approval