Article 55: Obligations of providers of general-purpose AI models with systemic risk
The article specifies additional obligations for providers of general-purpose AI models with systemic risk. These providers must evaluate models using standardised protocols, assess and mitigate systemic risks, report serious incidents, and ensure cybersecurity. They can adhere to codes of practice (until a harmonised standard is published) or harmonised standards to demonstrate compliance, or demonstrate alternative means of compliance.
1. In addition to the obligations listed in Articles 53 and 54, providers of general-purpose AI models with systemic risk shall:
2. Providers of general-purpose AI models with systemic risk may rely on codes of practice within the meaning of Article 56 to demonstrate compliance with the obligations set out in paragraph 1 of this Article, until a harmonised standard is published. Compliance with European harmonised standards grants providers the presumption of conformity to the extent that those standards cover those obligations. Providers of general-purpose AI models with systemic risks who do not adhere to an approved code of practice or do not comply with a European harmonised standard shall demonstrate alternative adequate means of compliance for assessment by the Commission.
3. Any information or documentation obtained pursuant to this Article, including trade secrets, shall be treated in accordance with the confidentiality obligations set out in Article 78.
Relevant recitals
Other resources
Guidelines on the scope of the obligations for general-purpose AI models