Initial screen for a non-EU GPAI provider

This sample non-EU GPAI initial screen report shows the practical first step for a US-based generative AI provider making its large language model available to EU customers via API. It classifies exposure as a potential GPAI provider, surfaces the authorised representative question, identifies gaps in documentation, and lists targeted evidence requests. The workflow begins with structured classification and artifact gathering — not immediate overhaul or panic. GPAI provider obligations (technical documentation, downstream information, copyright policy, and training-content summary) have applied since 2 August 2025. Non-EU providers must appoint an authorised representative in the Union before placing a GPAI model on the market.[1][2]

This example follows the operational flow used in our tools: role screening first, then concrete next actions. It is not legal advice, nor a guaranteed classification. Use it to understand the shape of real outputs.

Current law status (May 2026) GPAI model obligations under the EU AI Act entered into application on 2 August 2025 for models placed on the market after that date. Providers of models placed on the market before 2 August 2025 have until 2 August 2027 to comply. Non-EU providers must appoint an authorised representative established in the Union before placing a GPAI model on the market (Article 54). Enforcement powers strengthened from 2 August 2026. These rules are in force; open-source models may qualify for exemptions from certain obligations unless they present systemic risk. No proposal-stage delays alter the core provider classification or authorised-representative requirements currently in effect.[3]

A US-headquartered AI company develops and offers a powerful generative large language model through a cloud API. European businesses subscribe to the API, integrate it into customer-facing chat tools, content generators, and internal workflows. The model was trained with compute well above the indicative 10²³ FLOP threshold, displays significant generality across tasks, and can generate coherent text for a wide range of uses. No EU legal entity exists. Contracts are governed by US law but services are actively marketed and used in the Union.

Similar situations arise for a LatAm AI API company whose multimodal model (text-to-image and language generation) is sold into European markets through resellers and direct enterprise contracts. In both cases, the non-EU provider must determine whether it qualifies as “provider” placing a general-purpose AI (GPAI) model on the Union market and what immediate evidence collection is required.[4]

The initial screen reassures teams that compliance work starts with clear questions about role, placement, and existing artifacts rather than assuming full systemic-risk obligations from day one.

The screen evaluates four core questions that determine GPAI provider exposure. It highlights what currently points toward obligations, what remains unclear, and which documents would resolve ambiguity. The goal is pragmatic classification: confirm whether the company develops or places a GPAI model, whether an authorised representative is required, and what documentation and downstream support packages already exist or must be created.

Initial screen findings

This table mirrors the output format users receive after uploading contracts, model cards, and usage data to the scanner. It turns legal concepts into concrete artifact requests.

1. Representative question — Confirm no EU entity exists and begin the process of appointing an authorised representative established in the Union. This must occur before further active placement activities. Document the appointment and mandate.

1. Documentation requests — Prioritise creation or updating of technical documentation (including training process and evaluation results) and the sufficiently detailed summary of training content. These are core obligations that the AI Office may request.

1. Market-placement clarification — Map exactly how the model reaches EU users (direct API, resellers, open repositories). Gather contracts, marketing materials, and usage analytics to support the classification that the company is a provider placing the model on the Union market.

1. Downstream information readiness — Prepare and test information packages that downstream AI system providers need to understand capabilities, limitations, and how to comply with their own transparency or high-risk obligations. This reduces friction in the value chain and demonstrates good-faith compliance.

These actions focus on evidence collection and role confirmation first. Most companies in this position already hold significant internal records; the screen organises them into submission-ready form.

• Treating API or cloud access as “not placing on the market” — official guidelines clarify that making a GPAI model available through APIs counts as placement.[5]
• Delaying the authorised representative appointment until enforcement notices arrive. Article 54 requires it before placing the model on the market.
• Assuming open-source licensing automatically exempts all obligations. Exemptions do not apply to models with systemic risk and still require the training-content summary in many cases.
• Confusing provider and deployer roles. The US/LatAm company developing and offering the model is typically the provider; EU customers integrating it are usually deployers.
• Waiting for a perfect training-data summary instead of starting with the official template and iterating. Early publication of a sufficiently detailed summary is expected.
• Ignoring downstream information duties. Providing only marketing materials instead of structured technical and limitation data leaves customers unable to comply.

Avoiding these mistakes keeps the process orderly and evidence-focused.

Ready to generate your own non-EU GPAI initial screen? Upload contracts, model cards, or usage logs to the Evidence Scanner for a personalised classification and artifact list. Teams using the full workspace also track updates to guidelines and prepare EU SEND submissions in one place. See how it fits your workflow — no certification or legal advice provided.

Frequently asked questions

Is this a definitive legal classification? No. This sample (and the tool output it reflects) provides an operational screening based on current guidelines and the information supplied. Only competent authorities or ultimately the Court of Justice of the European Union can issue definitive interpretations. Use it to prioritise evidence gathering and internal discussions.

What is the first document we should prepare? Most non-EU GPAI providers should start with the sufficiently detailed summary of training content (using the Commission template) alongside a clear record of compute used and high-level technical documentation. These directly address two immediate obligations and feed into authorised-representative and downstream information work. The scanner can help identify the exact gaps in your existing materials.

Sources

• Guidelines for providers of general-purpose AI models (European Commission)
• Guidelines on obligations for GPAI providers FAQ (European Commission)
• General-Purpose AI Models Q&A (AI Office)
• Article 54 guidance on authorised representatives (AI Act Service Desk)

All legal anchors drawn from official EU sources current as of April 2026. This page is updated to reflect the law in force; proposed changes (if any emerge) will be explicitly labeled in future revisions.