EU AI Act Art.51: Classification of General-Purpose AI Models with Systemic Risk — The 10²⁵ FLOPs Threshold (2026)
Art.50 closes Chapter IV of the EU AI Act with per-interaction transparency duties for chatbots, emotion recognition, and synthetic content. Chapter V opens a structurally different category: General-Purpose AI (GPAI) models — the foundation models that power much of modern AI development. Article 51 is the gateway to Chapter V. It establishes who must comply with the GPAI-specific obligations in Art.52-56 by defining the classification criteria for models with systemic risk.
The stakes are significant. A GPAI model classified as having systemic risk under Art.51 triggers a materially heavier compliance regime: adversarial testing, red-teaming, incident reporting to the AI Office, cybersecurity measures, and model evaluations on demand. Understanding exactly when Art.51 applies — and how the 10²⁵ FLOPs threshold works in practice — is essential for any organisation developing or deploying frontier AI models in the EU.
The Two-Tier GPAI Classification Structure
Chapter V of the EU AI Act creates a two-tier classification for GPAI models:
| Tier | Classification | Applicable Articles |
|---|---|---|
| All GPAI models | Base GPAI obligations | Art.52-53 (documentation, transparency, copyright policy, energy) |
| GPAI models with systemic risk | Additional systemic risk obligations | Art.53-56 (adversarial testing, incident reporting, cybersecurity, evaluations) |
Art.51 defines the boundary between these two tiers. Every GPAI model that a provider places on the EU market or puts into service must comply with at least Art.52. Art.51 determines whether the model also falls into the systemic risk tier, triggering the obligations in Art.53-56.
What is a GPAI model? Under Art.3(63), a GPAI model is an AI model trained on large amounts of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks. This definition deliberately excludes narrow AI systems designed for specific use cases — it targets the large language models, multimodal foundation models, and similar frontier systems that form the current technical frontier.
Art.51(1): The Two Classification Pathways
Art.51(1) sets out two independent pathways by which a GPAI model becomes classified as having systemic risk:
Pathway A — High impact capabilities (Art.51(1)(a)): The model has high impact capabilities evaluated on the basis of appropriate technical tools and methodologies, including indicators and benchmarks. The primary operationalisation of "high impact capabilities" is the 10²⁵ FLOPs presumption in Art.51(2) — but Pathway A is broader: even without the compute presumption, a model may be classified under this pathway based on demonstrated capability evaluations.
Pathway B — Commission decision (Art.51(1)(b)): Based on a decision of the Commission, either acting ex officio or following a qualified alert from the scientific panel, a model has capabilities or an impact equivalent to those set out in Pathway A. This is the catch-all pathway for models that do not meet the compute threshold but present equivalent systemic risk based on their actual capabilities or deployment reach.
These two pathways are alternatives: meeting either one triggers systemic risk classification. A provider cannot avoid classification under Pathway B simply because their model trained on fewer than 10²⁵ FLOPs.
Art.51(2): The 10²⁵ FLOPs Presumption
Art.51(2) creates a rebuttable presumption for Pathway A:
A general-purpose AI model shall be presumed to have high impact capabilities pursuant to paragraph 1, point (a), when the cumulative amount of computation used for its training measured in floating-point operations (FLOPs) is greater than 10²⁵ FLOPs.
This is a presumption, not a definition. The FLOPs figure creates an automatic classification trigger — providers do not need to await capability evaluations or Commission decisions if they cross the 10²⁵ threshold. The obligation is immediate.
Understanding the 10²⁵ FLOPs Threshold
10²⁵ FLOPs = 10,000,000,000,000,000,000,000,000 floating-point operations. To contextualise this in terms of current training runs:
| Model (approximate) | Estimated Training FLOPs | Art.51 Presumption |
|---|---|---|
| GPT-2 (2019) | ~10²⁰ FLOPs | Below threshold |
| LLaMA 2 70B (2023) | ~6×10²³ FLOPs | Below threshold |
| GPT-3.5 (2020) | ~3×10²³ FLOPs | Below threshold |
| GPT-4 (2023, estimated) | ~2×10²⁵ FLOPs | Above threshold |
| Gemini Ultra (2023, estimated) | ~5×10²⁵ FLOPs | Above threshold |
| Claude 3 Opus (2024, estimated) | ~5×10²⁵ FLOPs | Above threshold |
| LLaMA 3 405B (2024) | ~3×10²⁵ FLOPs | Likely above threshold |
Note: These are estimates based on publicly available training data and scaling law calculations. Providers know their own exact FLOPs counts; the classification obligation applies to the provider, not to regulators or third parties.
What counts as "cumulative training FLOPs"? The regulation uses "cumulative amount of computation used for its training." This includes pretraining compute. The question of whether fine-tuning runs, RLHF compute, or instruction tuning should be included is an area where the Commission's guidelines (Art.51(5)) are expected to provide clarification. As of 2026, the dominant interpretation is that the threshold applies to the pretraining run only — but providers undertaking substantial retraining cycles should monitor Commission guidance closely.
The Presumption Mechanism
The presumption in Art.51(2) operates automatically: once a provider's model exceeds 10²⁵ FLOPs, it is presumed to have high impact capabilities. The provider does not need to self-report to trigger the classification — the obligation arises by operation of law. However, the presumption is rebuttable in principle: if a provider believes their model does not have high impact capabilities despite exceeding the threshold, they may engage with the AI Office and the scientific panel to contest the classification. In practice, rebuttal will be difficult — the threshold was deliberately calibrated at the compute level where systemic risk is considered inherent.
Art.51(1)(b): Commission Decision on Equivalent Impact
Pathway B — Commission decisions — address the gap cases: models that trained below 10²⁵ FLOPs but present equivalent systemic risk through other dimensions.
Ex officio Commission action: The Commission may initiate a classification decision on its own initiative, based on information from the AI Office, market surveillance, or incident reporting.
Scientific panel qualified alerts: The scientific panel established under Art.68 has the power to issue "qualified alerts" to the AI Office when it considers that a GPAI model may present systemic risk. Following such a qualified alert, the Commission may decide to classify the model under Art.51(1)(b). The scientific panel functions as the early-warning mechanism for models that are concerning based on capabilities but not yet above the compute threshold.
Equivalent impact criteria: The regulation does not exhaustively define what constitutes "equivalent impact." Relevant factors include:
- Breadth of downstream deployment (number of downstream providers and deployers building on the model)
- Capability evaluations on standardised benchmarks
- Demonstrated performance on dangerous capability domains (CBRN knowledge, offensive cybersecurity capabilities, autonomous action horizons)
- Economic scale and market concentration effects
Art.51(3): Delegated Acts to Update Thresholds
Art.51(3) empowers the Commission to adopt delegated acts under Art.97 to:
- Amend the 10²⁵ FLOPs threshold
- Supplement the threshold with benchmarks and indicators
- Adjust thresholds in light of evolving technological developments, including algorithmic improvements or increased hardware efficiency
This is a critical design feature of Art.51. The regulation drafters recognised that compute efficiency improvements mean the 10²⁵ FLOPs boundary will shift over time — a model achieving the same capabilities on fewer FLOPs should still be classified as having systemic risk. The delegated act mechanism allows the Commission to ratchet down the threshold as compute efficiency improves, without requiring a full legislative procedure.
Practical implication for providers: The 10²⁵ FLOPs threshold is not a permanent safe harbour for models currently below it. If compute efficiency improves such that equivalent frontier capabilities can be achieved at 10²⁴ FLOPs, the Commission may lower the threshold accordingly. Providers operating close to the threshold should build classification monitoring into their compliance programmes.
Art.51(4): Procedural Safeguards for Pathway B Classifications
Before classifying a GPAI model as having systemic risk under Pathway B (Commission decision), Art.51(4) requires the Commission to give the provider an opportunity to provide information through a structured dialogue.
The procedural requirements include:
- Advance notice: The Commission must inform the provider of the intended classification with sufficient lead time
- Sufficient information: The provider must receive enough information about the basis for the intended classification to be able to respond meaningfully
- Structured dialogue: The Commission must engage in a structured dialogue, not merely a formal notification
- Due account: The Commission must duly take into account any information provided by the provider before making its decision
These procedural safeguards reflect the significant commercial and compliance consequences of a systemic risk classification. A Pathway B classification triggers Art.53-56 obligations — adversarial testing, incident reporting, cybersecurity measures — which represent substantial ongoing compliance costs.
Note: Art.51(4) safeguards apply only to Pathway B classifications (Commission decisions). The Pathway A presumption (10²⁵ FLOPs) is automatic and does not require prior Commission action or structured dialogue. Providers crossing the compute threshold must self-classify and begin compliance immediately.
Art.51(5) and Art.51(6): AI Office Powers and Guidelines
Art.51(5) — Commission guidelines: Based on technical and scientific advice from the AI Office, the Commission may establish guidelines on the practical application of Art.51(1), including a list of GPAI models with systemic risk under Art.96(2). This list functions as a reference point, but is not exhaustive — a model not on the list may still be subject to systemic risk obligations if it meets the criteria.
Art.51(6) — AI Office model evaluations: Following a decision under Art.90(1)(a) — which grants the AI Office enforcement powers over GPAI models — the AI Office is entitled to carry out model evaluations. The provider must, upon request:
- Provide all necessary documentation and information
- Grant access to source code, training data, technical specifications
- Provide access to training, fine-tuning, and test datasets and results
- Provide access to the model's weights, activation values, and technical specifications where available and applicable
The Art.51(6) model evaluation power is triggered by AI Office decisions under Art.90(1)(a). It represents a significant enforcement tool — providers of systemic risk GPAI models cannot refuse evaluation requests from the AI Office once the Art.90 decision mechanism is engaged.
The Systemic Risk Concept: Why This Classification Matters
The term "systemic risk" in Art.51 is not the same as product safety risk to individual users. It refers to macro-level risks to society, critical infrastructure, democratic processes, or fundamental rights that arise from the scale and generality of deployment. Art.3(65) defines "systemic risk" in the GPAI context as:
- A risk that is specific to the high impact capabilities of GPAI models
- Having a significant impact on the Union market due to their reach
- Or having actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or society as a whole
- That may propagate at scale across the value chain
The systemic risk concept captures the unique feature of GPAI models: a single frontier model may be used as the foundation for thousands of downstream applications. A safety failure in the foundation model propagates across all of them simultaneously. This is the core justification for the heavier Art.53-56 obligations — they address risks that cannot be adequately managed at the downstream application level alone.
Obligations Triggered by Art.51 Classification
A GPAI model classified as having systemic risk under Art.51 must comply with Art.53-56 in addition to the base Art.52 obligations:
| Obligation | Article | Key Requirement |
|---|---|---|
| Model evaluation | Art.53(1)(a) | Evaluate capabilities and systemic risks before and after major changes |
| Adversarial testing | Art.53(1)(b), Art.55 | Conduct adversarial testing and red-teaming in accordance with Commission guidelines |
| Incident reporting | Art.53(1)(c) | Report serious incidents to the AI Office within timeframes under Art.73 |
| Cybersecurity measures | Art.53(1)(d) | Implement appropriate cybersecurity protections for the model and its infrastructure |
| Energy consumption | Art.53(1)(e) | Assess and document energy consumption; cooperate with Commission for standardised methods |
These obligations are ongoing — not one-time compliance activities. A provider classified under Art.51 must maintain continuous compliance with Art.53-56 for as long as the model is placed on the EU market or put into service.
Self-Classification and Notification Process
Unlike many EU regulatory frameworks, Art.51 does not require a formal third-party conformity assessment for GPAI systemic risk classification. The primary classification mechanism is provider self-assessment:
-
Compute threshold check: The provider calculates total training FLOPs for the model. If above 10²⁵, the Pathway A presumption applies immediately.
-
Capability assessment: Even below the compute threshold, the provider should assess whether the model presents high impact capabilities based on available benchmarks and evaluations. If yes, the provider should consider engaging with the AI Office under Pathway A.
-
Notification: Art.52(1) requires providers of GPAI models to draw up technical documentation before placing the model on the market. Providers of models with systemic risk must additionally notify the AI Office of their classification.
-
Ongoing monitoring: Classification status must be reassessed when the model undergoes substantial modification, when new capabilities are discovered, or when the compute threshold is updated by delegated act.
For providers below the threshold: Being below 10²⁵ FLOPs does not provide absolute protection from classification. Providers should monitor Commission decisions and scientific panel qualified alerts for models in their compute range. If the Commission initiates Pathway B proceedings, Art.51(4) procedural safeguards apply.
Python GPAISystmicRiskClassifier Implementation
from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
import math
class ClassificationPathway(Enum):
NOT_CLASSIFIED = "not_classified"
PATHWAY_A_COMPUTE = "pathway_a_compute_presumption"
PATHWAY_A_CAPABILITIES = "pathway_a_capability_evaluation"
PATHWAY_B_COMMISSION = "pathway_b_commission_decision"
class CapabilityDomain(Enum):
CBRN = "cbrn_knowledge"
OFFENSIVE_CYBER = "offensive_cybersecurity"
AUTONOMOUS_ACTION = "autonomous_action"
SOCIETAL_SCALE = "societal_scale_influence"
CRITICAL_INFRASTRUCTURE = "critical_infrastructure_attack"
@dataclass
class GPAIModelProfile:
model_id: str
training_flops: float # Total cumulative FLOPs
param_count_billions: float
downstream_providers: int # Number of downstream providers building on this model
deployment_jurisdictions: list[str]
dangerous_capability_domains: list[CapabilityDomain] = field(default_factory=list)
commission_decision: bool = False
scientific_panel_alert: bool = False
@dataclass
class Art51ClassificationResult:
model_id: str
classified_systemic_risk: bool
pathway: ClassificationPathway
flops_exponent: float
threshold_exceeded: bool
pathway_b_triggered: bool
art_53_56_obligations_apply: bool
notes: list[str] = field(default_factory=list)
class GPAISystmicRiskClassifier:
"""
Implements EU AI Act Art.51 classification logic for GPAI models.
Determines whether a model meets systemic risk thresholds
under Pathway A (10^25 FLOPs presumption) or Pathway B (Commission decision).
"""
FLOPS_THRESHOLD = 1e25 # Art.51(2) threshold
def classify(self, profile: GPAIModelProfile) -> Art51ClassificationResult:
flops_exponent = math.log10(profile.training_flops) if profile.training_flops > 0 else 0
threshold_exceeded = profile.training_flops > self.FLOPS_THRESHOLD
notes = []
# Pathway A: Compute presumption (Art.51(2))
if threshold_exceeded:
notes.append(
f"Training compute {profile.training_flops:.2e} FLOPs exceeds "
f"10^25 threshold — systemic risk presumed under Art.51(2)"
)
return Art51ClassificationResult(
model_id=profile.model_id,
classified_systemic_risk=True,
pathway=ClassificationPathway.PATHWAY_A_COMPUTE,
flops_exponent=flops_exponent,
threshold_exceeded=True,
pathway_b_triggered=False,
art_53_56_obligations_apply=True,
notes=notes,
)
# Pathway B: Commission decision (Art.51(1)(b))
if profile.commission_decision or profile.scientific_panel_alert:
trigger = "Commission decision" if profile.commission_decision else "scientific panel qualified alert"
notes.append(
f"Systemic risk classification via Pathway B: {trigger}. "
f"Art.51(4) procedural safeguards apply to Commission decisions."
)
return Art51ClassificationResult(
model_id=profile.model_id,
classified_systemic_risk=True,
pathway=ClassificationPathway.PATHWAY_B_COMMISSION,
flops_exponent=flops_exponent,
threshold_exceeded=False,
pathway_b_triggered=True,
art_53_56_obligations_apply=True,
notes=notes,
)
# Pathway A: High impact capabilities without compute presumption
# (capability evaluation — Art.51(1)(a))
risk_signals = self._evaluate_capability_signals(profile)
if risk_signals:
notes.extend(risk_signals)
notes.append(
"Consider proactive engagement with AI Office — capability signals "
"present without compute presumption. Monitor for scientific panel alerts."
)
return Art51ClassificationResult(
model_id=profile.model_id,
classified_systemic_risk=False, # Not yet formally classified
pathway=ClassificationPathway.PATHWAY_A_CAPABILITIES,
flops_exponent=flops_exponent,
threshold_exceeded=False,
pathway_b_triggered=False,
art_53_56_obligations_apply=False,
notes=notes,
)
# Below threshold, no classification triggers
notes.append(
f"Training compute {profile.training_flops:.2e} FLOPs below 10^25 threshold. "
f"No systemic risk classification under Art.51. Base Art.52 obligations apply."
)
return Art51ClassificationResult(
model_id=profile.model_id,
classified_systemic_risk=False,
pathway=ClassificationPathway.NOT_CLASSIFIED,
flops_exponent=flops_exponent,
threshold_exceeded=False,
pathway_b_triggered=False,
art_53_56_obligations_apply=False,
notes=notes,
)
def _evaluate_capability_signals(self, profile: GPAIModelProfile) -> list[str]:
signals = []
if CapabilityDomain.CBRN in profile.dangerous_capability_domains:
signals.append("CBRN knowledge capability detected — high systemic risk signal")
if CapabilityDomain.OFFENSIVE_CYBER in profile.dangerous_capability_domains:
signals.append("Offensive cybersecurity capability detected — systemic risk signal")
if profile.downstream_providers > 10000:
signals.append(
f"Deployment scale: {profile.downstream_providers} downstream providers — "
f"propagation risk at scale"
)
return signals
def check_ongoing_compliance(self, profile: GPAIModelProfile, result: Art51ClassificationResult) -> list[str]:
"""Check ongoing classification monitoring requirements."""
requirements = []
if result.classified_systemic_risk:
requirements.append("Art.53: Technical documentation and AI Office notification required")
requirements.append("Art.53(1)(a): Model evaluation before and after major changes")
requirements.append("Art.53(1)(b) + Art.55: Adversarial testing and red-teaming")
requirements.append("Art.53(1)(c): Serious incident reporting to AI Office (Art.73)")
requirements.append("Art.53(1)(d): Cybersecurity measures for model and infrastructure")
requirements.append("Art.53(1)(e): Energy consumption assessment and documentation")
else:
requirements.append("Art.52: Base GPAI model documentation and transparency obligations")
requirements.append(
"Monitor: Commission delegated acts under Art.51(3) may lower FLOPs threshold"
)
requirements.append(
"Monitor: Scientific panel qualified alerts for capability-based Pathway B triggers"
)
return requirements
# Example usage
if __name__ == "__main__":
classifier = GPAISystmicRiskClassifier()
# Frontier model above threshold
frontier_model = GPAIModelProfile(
model_id="frontier-model-v3",
training_flops=3e25,
param_count_billions=700,
downstream_providers=50000,
deployment_jurisdictions=["EU", "US", "UK"],
dangerous_capability_domains=[CapabilityDomain.OFFENSIVE_CYBER],
)
result = classifier.classify(frontier_model)
print(f"Model: {result.model_id}")
print(f"Systemic Risk: {result.classified_systemic_risk}")
print(f"Pathway: {result.pathway.value}")
print(f"FLOPs exponent: {result.flops_exponent:.1f} (threshold: 25.0)")
print(f"Art.53-56 obligations: {result.art_53_56_obligations_apply}")
for note in result.notes:
print(f" → {note}")
ongoing = classifier.check_ongoing_compliance(frontier_model, result)
print("\nOngoing Compliance Requirements:")
for req in ongoing:
print(f" • {req}")
Interaction with Other EU AI Act Provisions
Art.51 does not operate in isolation. A GPAI model classified as having systemic risk intersects with multiple other provisions:
Art.52 (Base GPAI obligations): All GPAI models — including those with systemic risk — must comply with Art.52: technical documentation, compliance with EU copyright law, publishing a summary of training data. Art.51 classification adds to, not replaces, these base obligations.
Art.53-56 (Systemic risk obligations): The Art.51 classification is the gateway condition for these provisions. Without Art.51 classification, Art.53-56 do not apply.
Art.68 (Scientific panel): The scientific panel has the power to issue qualified alerts triggering Pathway B classification. Providers of frontier models should monitor scientific panel activities — panel alerts can initiate Commission proceedings even without the provider's knowledge.
Art.72-73 (Post-market monitoring and incident reporting): Systemic risk providers must report serious incidents to the AI Office. Art.73 sets the incident definition and reporting timelines. The Art.51 classification status determines which incident reporting obligations apply.
Art.90 (AI Office enforcement): The AI Office's model evaluation powers under Art.51(6) are triggered by Art.90(1)(a) decisions. Art.90 grants the AI Office significant enforcement powers over GPAI models — including the power to request access to model weights and training data.
Art.99 (Penalties): Failure to comply with Art.51 classification obligations (including failure to self-classify when the threshold is met, or failure to comply with Art.53-56 after classification) is a sanctionable breach. Art.99(1) sets fines for violations related to Art.5 prohibitions; Art.99(3) sets penalties of up to €15M or 3% of worldwide turnover for violations of other provisions including Chapter V.
Art.51(7): The Commission's Published List
Art.51(7) requires the Commission to publish and regularly update a list of GPAI models with systemic risk, based on scientific advice from the scientific panel and information from providers. This list serves several functions:
- Market transparency: Downstream providers and deployers building on GPAI models can identify which foundation models are classified as systemic risk, informing their own risk assessments
- Regulatory coordination: The list enables market surveillance authorities and the AI Office to coordinate oversight of systemic risk models
- Completeness signal: A model not appearing on the list does not guarantee non-classification — the list is Commission-maintained and may lag actual classification determinations
Art.51 Compliance Checklist
| # | Check | Responsible Party | Timing |
|---|---|---|---|
| 1 | Calculate total training FLOPs for the GPAI model | Provider | Before market placement |
| 2 | If FLOPs > 10²⁵: self-classify as systemic risk (Pathway A presumption) | Provider | Immediately on crossing threshold |
| 3 | If FLOPs < 10²⁵: assess capability benchmarks for Pathway A (high impact capabilities without presumption) | Provider | Before market placement |
| 4 | Monitor Commission delegated acts under Art.51(3) for threshold updates | Provider | Ongoing |
| 5 | Monitor scientific panel qualified alerts relevant to your model | Provider | Ongoing |
| 6 | If Commission initiates Pathway B proceedings: engage in structured dialogue under Art.51(4) | Provider | On notification |
| 7 | If classified under Art.51: notify AI Office and prepare Art.53 technical documentation | Provider | Before/at market placement |
| 8 | If classified under Art.51: implement Art.53(1)(a) model evaluation programme | Provider | Before market placement and ongoing |
| 9 | If classified under Art.51: establish Art.55 adversarial testing and red-teaming | Provider | Before market placement and ongoing |
| 10 | If classified under Art.51: implement Art.53(1)(c) serious incident reporting process | Provider | Ongoing |
| 11 | If classified under Art.51: document energy consumption under Art.53(1)(e) | Provider | Ongoing |
| 12 | Reassess Art.51 classification status after substantial model modifications | Provider | On each major version change |
Summary
Art.51 is the classification gateway for the EU AI Act's most demanding compliance tier. The 10²⁵ FLOPs presumption creates a bright-line trigger for the largest frontier models — GPT-4 scale and above. Below the threshold, providers are not automatically safe: Pathway B Commission decisions, triggered by scientific panel alerts or ex officio action, can classify any GPAI model based on demonstrated capabilities and equivalent impact.
The delegated act mechanism in Art.51(3) means the threshold is not static. As compute efficiency improves, providers operating near the current boundary should treat classification risk as an ongoing compliance question, not a one-time assessment.
For providers already above 10²⁵ FLOPs: Art.51 classification applies immediately, Art.53-56 obligations must be implemented, and the AI Office has broad model evaluation powers under Art.51(6). The compliance structure for these providers is among the most demanding in the EU AI Act — but it is also among the most clearly defined. The next articles in the series — Art.52 and Art.53 — define what those obligations require in practice.
See Also
- EU AI Act Art.52: Obligations for Providers of GPAI Models — Documentation, Copyright, Transparency — Art.52 defines the baseline obligations that apply to ALL GPAI providers; Art.51 classification determines whether Art.53-56 stack on top
- EU AI Act Art.53: Obligations for Providers of GPAI Models with Systemic Risk — Adversarial Testing and Incident Reporting — Art.53 is the direct consequence of Art.51 classification: every provider meeting the 10²⁵ FLOPs threshold must implement these obligations
- EU AI Act Art.50: Transparency Obligations — Chatbot Disclosure and AI-Generated Content Labeling — Art.50 covers transparency obligations for AI systems built on GPAI models, complementing the GPAI provider obligations in Art.51-53