If your company is integrating or modifying General-Purpose AI (GPAI) models trained with more than 10²³ FLOP of compute into your AI products or services, the following steps can help you navigate your obligations under the EU AI Act:
1️⃣ Create a Use Case Inventory
Maintain an up-to-date inventory of all AI systems containing GPAI models. Document key details such as licensing information, estimated training compute (FLOP), to confirm whether each model exceeds the 10²³ FLOP (GPAI) or 10²⁵ FLOP (systemic risk) thresholds. FLOP estimates for widely used models are available in public registries; for others, ask your technical team to calculate them in line with the GPAI guidelines.
2️⃣ Assess gaps and setup policies in your AI Act Governance framework
Based on the AI Act, Code of Practice and GPAI guidelines, setup policies to be applied to each GPAI model, in order to determine your obligations. As most downstream providers do not train models from scratch, focus efforts on the obligations related to integrating or modifying a GPAI model, based on the thresholds defined in the GPAI guidelines.
3️⃣ Update Use Case Prioritization
Integrating or modifying GPAI models may trigger different levels of compliance obligations. Update your use case prioritization and approval process to reflect this new complexity, taking into account the model’s origin, compute threshold, and extent of modification.
4️⃣ Execute and Monitor Compliance Policies
Apply your policies consistently each time your AI engineers want to develop, integrate, or modify a GPAI model. Ensure evidence of compliance is generated and retained. Based on your organization’s risk appetite, consider setting up multiple lines of defense: Development teams, ethical AI or responsible AI officers, external audits or third-party validations.
5️⃣ Upskill your workforce
Depending on your obligations, define and execute proper AI literacy training for the AI user, AI system developers and deployers.
