Bottom line: Companies that modify AI systems may be classified as providers under the EU AI Act and must meet compliance requirements. A careful assessment of whether modifications are material is necessary—particularly for high-risk systems and GPAI models with altered generality or risks.
A specialist article shows when companies that modify AI systems or general-purpose AI models qualify as providers under the EU AI Act and thus must meet increased compliance requirements. Proper assessment of the system and use cases is decisive.
The EU AI Act primarily regulates providers of general-purpose AI (GPAI) models and AI systems in the European Union. While the role of the developer of a new AI system is clearly defined, it becomes more complex when companies further down the value chain modify existing AI systems or GPAI models.
The EU AI Act accounts for such modification scenarios and defines circumstances under which a person who modifies an AI system or GPAI model themselves becomes a provider. This results in a transfer of regulatory obligations from the original provider to the modifier, either partially or in full.
A material modification of an AI system is triggered when the system is high-risk. For GPAI models, a material modification occurs when their generality, functionality, or systemic risk changes substantially—such as in fine-tuning. The European Commission has set relatively high thresholds for compute volume and currently expects only few modifiers to act as GPAI providers.
Compliance requirements are manageable: technical documentation and summaries must be limited to the scope of the modification. Legal advice is recommended to properly classify the requirements.
Source: artificialintelligenceact.eu