Regulating LLMs: What the EU AI Act Means for Providers of Generative AI Systems

Hi there,

The Giskard team hopes you're having a good week!

We are excited to announce the release of our new white paper, Regulating LLMs: What the EU AI Act Means for Providers of Generative AI Systems. It provides a deep dive into the EU AI Act, the world's first legally binding AI law, and its implications for businesses involved in the development and deployment of AI systems.

This executive guide is designed to help business leaders, compliance officers, and regulation affairs professionals understand the implications of the EU AI Act for companies deploying AI systems.

?? Download the white paper

The EU AI Act and its implications

The EU AI Act is a legislation that aims to create a safe and regulated environment for AI development and use. It introduces a risk-based approach to AI regulation, with penalties for non-compliance ranging from €7.5 million or 1% of global revenue up to €35 million or 7% of revenue, leading to severe consequences for businesses.

With the EU AI Act set to become law in 2026, businesses have a limited window of opportunity to prepare for compliance. The legislation includes a 24-month grace period after it enters into force, but given the complexity of the requirements, companies have already started their compliance journey.

Key requirements for business under the EU AI Act

Businesses must understand their obligations under the new legislation to ensure compliance and mitigate risk.

In the white paper, we'll explore the requirements for providers of General-Purpose AI (GPAI) models and downstream AI system providers, and how these requirements apply to different business scenarios.

Requirements for providers of GPAI models

The Act introduces a separate, two-tier regulatory framework for foundation models, also known as General-Purpose AI (GPAI) models. The requirements for GPAI models vary based on their risk classification, with more stringent obligations for models with "systemic risk."

Providers of all GPAI models, including open-source models, must comply with a minimum set of requirements, such as preparing technical documentation, respecting EU copyright law, and providing a summary of the training data used. Additional obligations for "systemic risk" models include model evaluation, risk assessment, incident reporting, and cybersecurity measures.

Our white paper provides a detailed analysis of these requirements, helping you understand what they mean for your business.

Requirements for downstream AI System providers

A GPAI system is defined as a AI system that integrates a GPAI model and is capable of serving a variety of purposes, both for direct use as well as for integration into other AI systems. For example, ChatGPT would be classified as a GPAI system, and the GPAI model behind it would be the LLM GPT-4 or GPT-3.5.

Downstream providers of these systems will have to comply with requirements for AI systems according to their associated risk.

The white paper explores different scenarios involving GPAI model providers and GPAI system providers, such as when a provider creates a GPAI system using a model from another provider, or when a provider fine-tunes an existing GPAI model. It also covers the transfer of responsibilities in cases where a third party modifies or rebrands a high-risk AI system.

Ensuring compliance with the EU AI Act

As the AI landscape evolves, so do the challenges of ensuring compliance and mitigating risk. Giskard's holistic testing platform is designed to help companies navigate these challenges. Our platform provides comprehensive testing and validation capabilities, enabling you to ensure your AI systems meet the requirements of the EU AI Act.

Contact us and get ready to be fully compliant with the upcoming EU AI Act.

Want to dive in?

Our white paper provides a detailed roadmap to help your organization understand this new regulation.

Get the full white paper for deeper insights:

?? Download

Stay tuned for the latest updates!

Thank you so much, and see you soon!

The Giskard Team ??