In a nutshell: Modifiers of AI systems or GPAI models must assess whether their modifications result in provider classification — misclassification risks fines up to €15 million or 3% of global annual turnover.
Companies that modify existing AI systems or foundation models may become providers with full compliance obligations under the EU AI Act. This applies particularly to high-risk systems and material modifications to general-purpose AI models.
The EU AI Act primarily regulates providers of general-purpose AI (GPAI) models and AI systems. While the original development of new systems clearly constitutes a provider role, obligations become complex when companies modify existing third-party systems or models. A central question emerges: when does a modifier itself become a provider and assume the corresponding compliance burdens?