GPAI Provider Obligations – Art. 53
Obligations for ALL GPAI Model Providers
Since 2 August 2025, GPAI model providers must:
- Prepare and maintain technical documentation (Annex XI)
- Provide information and documentation to downstream providers (Annex XII), so they can understand the model and fulfil their obligations
- Comply with copyright directive — establish a policy for the protection of copyright
- Publish a summary of training data (according to the EU AI Office template)
Additional Obligations for Systemic Risk (Art. 55)
Providers of GPAI models with systemic risk must additionally:
- Conduct model evaluations (including adversarial testing)
- Assess and mitigate systemic risks
- Report serious incidents to the AI Office
- Ensure cybersecurity of the model
Open-Source Exception
GPAI models under a free and open licence (parameters, architecture, and usage publicly accessible) need only fulfil points 3 and 4 — unless they present systemic risk.
Relevance for BAUER GROUP
| Question | Answer |
|---|---|
| Is BAUER GROUP a GPAI model provider? | No |
| Do Art. 53/55 apply to BAUER? | No — they apply to the model providers (Anthropic, OpenAI, etc.) |
| What must BAUER GROUP verify? | Whether the GPAI providers used fulfil their obligations (due diligence) |
| Does BAUER GROUP become a provider? | Only if a GPAI-based system is placed on the EU market under its own name as a high-risk system |