On 2 August 2025 the second wave of requirements under the EU AI Act came into force, targeting general purpose Artificial Intelligence model providers and setting operational expectations for EU and member state oversight bodies. The provisioned rules focus on GPAI models, defined as models capable of performing a wide variety of tasks across multiple applications. Models placed on the market from that date must meet Chapter V obligations, while models already in circulation have until August 2027 to adapt to the new regime. The change marks a significant next step in the EU´s interpretation and application of the act, even though many businesses may not be directly affected immediately.
Obligations differ depending on whether a GPAI model is distributed under an open or closed license, but common duties emerge. Providers must prepare technical documentation for regulators, make specific information available to downstream users, adopt an AI copyright policy, and publish a public summary of training data. Systems designated as ´systemic´ GPAI, a category tied to the use of significant computing power and broad societal reach, face stricter controls and enhanced transparency obligations. The rules therefore seek to balance information access, user awareness, and accountability across a spectrum of model types and licensing arrangements.
Full enforcement powers will follow a staged timetable. The European Commission will gain authorities to demand information, conduct evaluations, order model removals from the market, and impose fines of up to 3% of global turnover or €15 million, but those enforcement tools will not be operational until 2 August 2026. Parallel to these powers, the act requires creation of key EU-level entities including the AI Office, the European Artificial Intelligence Board, and the scientific panel of experts, as well as national competent authorities in each member state. The EU has advanced the setup of central oversight bodies, yet many member states lag in building domestic enforcement structures.
That uneven rollout raises concerns about inconsistent application across jurisdictions once enforcement begins. For business leaders the immediate priorities are assessing whether their models qualify as GPAI, mapping license status and downstream use, preparing technical documentation, and planning for public training data summaries and copyright policies. The new regime asks for practical operational changes now and promises stronger supervisory action later; companies that start preparing early will reduce the risk of divergent enforcement impacts across the EU.
