The EU just clarified the rules for AI models

The European Commission published draft guidelines on 18 July 2025 clarifying key provisions of the AI Act that apply to general-purpose AI (GPAI) models — the large language and multimodal models behind ChatGPT, Claude, Gemini, and the growing stack of open-source alternatives.

What changed?

The guidelines answer questions businesses have been asking: who qualifies as a GPAI provider?

• Transparency first. Document training data, testing procedures, known limitations.
• Documentation requirements. Technical docs kept up-to-date for regulatory review.
• Systemic risk models face heavier scrutiny. Adversarial testing, incident reporting, cybersecurity measures.
• Grace period for existing models. Already on market before Aug 2, 2025? Comply by Aug 2, 2027.

Why this matters for Dutch businesses

If you're integrating an LLM, you're likely a deployer, not a provider. But fine-tune a base model and distribute it? You might now be a provider.

What to do now

1. Map your AI stack. Know which models you use and how they were sourced.
2. Check your contracts. Make sure AI vendors are documenting compliance.
3. Watch August 2nd. GPAI obligations formally take effect.