nexalign

Glossary term

GPAI / Foundation Models

Also: General-Purpose AI Models

General-purpose AI models under EU AI Act Art. 51-56. Obligations from August 2025: technical documentation, info for downstream providers, copyright policy, training data summary. Systemic-risk models additionally need model evaluation, adversarial testing, incident tracking.

GPAI providers: OpenAI (GPT-4o, o1), Anthropic (Claude), Google (Gemini), Meta (Llama), Mistral, Cohere, Alibaba (Qwen), DeepSeek, Microsoft (Phi). Systemic-risk models = typically >10^25 FLOPs training compute.

Obligations for all GPAI: technical documentation (Annex XI), info for downstream (Annex XII), EU copyright policy, training-data summary.

Additional obligations for systemic risk: standardised model evaluation, adversarial testing, tracking, reporting to the EU AI Office on serious incidents, appropriate cybersecurity. EU Commission maintains a list of systemic-risk models.

Related terms

EU AI Act

World's first comprehensive AI law. Four risk classes: prohibited, high-risk, limited (transparency)

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited

GDPR Art. 32 TOMs

Technical and organisational measures to ensure a level of security appropriate to the risk when pro

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for

BCM

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI

BSI C5

Cloud audit catalogue of the German BSI that defines minimum security baseline and transparency duti

← All termsBook a demo →