Strategy & Leadership

The August 2 Deadline: What EU AI Act GPAI Compliance Actually Requires

16 July 2026 EU AI ActGPAIArticle 50Code of PracticeComplianceAugust 2 Deadline
26 days out from the EU AI Act GPAI enforcement date — what activates, the standard vs systemic-risk tiers, Article 50 marking, and the action checklist for downstream providers. Fines up to 3% of global turnover.
Listen to this brief
~2 min · TTS
The August 2 Deadline: What EU AI Act GPAI Compliance Actually Requires
Camiel Notermans
Founder & CEO, ZeroForce

Twenty-six days from now — on 2 August 2026 — the General-Purpose AI (GPAI) provisions of the EU AI Act become enforceable. Every provider that places a frontier-scale model on the Union market from that date onward owes a defined set of obligations. Most enterprise boards have read press summaries; very few have read the technical annexes. This brief is what the annexes actually require.

1. What the August 2 Deadline Actually Activates

From 2 August 2026, the obligations in Article 53, with the systemic-risk overlay in Article 55, apply to every GPAI provider that places a model on the EU market — wherever the provider is headquartered. The February 2025 prohibitions and the August 2025 high-risk-system obligations have already run; the GPAI layer is the last major tranche.

The upstream/downstream line matters: foundation-model providers carry the direct GPAI obligations. Deployers that build downstream applications on a third-party GPAI model are not, in most cases, treated as GPAI providers themselves — but they inherit documentation, marking, and cooperation duties. The cleanest test: if your vendor's contract names you as a "subsequent provider" of a modified GPAI variant, your obligations just changed.

2. GPAI Obligations — Standard vs Systemic-Risk Tiers

The Act creates two tiers. Standard GPAI providers owe the obligations below; "systemic-risk" GPAI providers — models trained with more than 10^25 FLOPs, or otherwise Commission-designated — owe the standard set plus the overlay.

Standard-tier obligations:

Systemic-risk overlay (Article 55):

3. Article 50 Marking and the 10 June 2025 Code of Practice

Article 50 requires providers and deployers of covered AI systems to ensure AI-generated content is machine-readable, markable, and detectable as artificially generated. For GPAI providers this is a real engineering obligation: ship the model with provenance metadata, watermarking capability, and downstream-visible disclosure mechanics.

The Code of Practice published on 10 June 2025 operationalizes Article 50 across three pillars:

Signatories commit to measurable compliance ahead of the August 2 deadline. Providers that did not sign now carry the same obligation without a negotiated safe harbor.

4. Enforcement: Fines up to 3% of Global Turnover

GPAI providers face administrative fines of up to the higher of 3% of global annual turnover or €15 million for non-compliance with the Act's core obligations — meaningfully above the GDPR administrative-fine structure, and without the prior-notice step that GDPR allows.

Regulators: the EU AI Office in Brussels as primary GPAI regulator across all Member States; national market-surveillance authorities for in-market deployers; coordinated action through the European Artificial Intelligence Board.

Public signalling from the AI Office points to first enforcement actions in Q3/Q4 2026, focused on GPAI providers that did not sign the Code of Practice or that ship models missing documentation or markings. Disclosed attention is on the largest non-EU providers in particular.

5. Action Checklist for Downstream Providers

If you build on top of someone else's GPAI model, these are the levers you actually control.

Twenty-six days. The obligation set is finite, the deadline is not, and the regulator has signalled it intends to enforce.

Sources: Regulation (EU) 2024/1689 (AI Act), Articles 50, 53, 55; Annexes XI & XII; GPAI Code of Practice, 10 June 2025; EU AI Office public guidance, 2026.

Further Reading

How does your organization score on AI autonomy?

The Zero Human Company Score benchmarks your AI readiness against industry peers. Takes 4 minutes. Boardroom-ready output.

Take the ZHC Score →
📩 Daily Briefing

Get every brief in your inbox

Boardroom-grade AI analysis delivered daily — written for corporate decision-makers.

Free

Choose what you receive — all free:

No spam. Change preferences or unsubscribe anytime.