Skip to content
Innopulse Consulting
Navigate
Get in touch
Contact
info@innopulse.io+41 79 508 28 06
Gotthardstrasse 30, 6300 Zug
AI Engineering

EU AI Act and General-Purpose AI: What Builders on LLMs Must Know

GPAI rules took effect August 2025. What downstream builders inherit, transparency and copyright obligations, and where the line sits between provider and deployer.

Leutrim Miftaraj
Leutrim Miftaraj
Founder & CEO
·5 min read
In this article
  1. What it comes down to
  2. The engineering reality
  3. The concrete requirements
  4. Implementation in practice
  5. Common mistakes
  6. The DACH context
  7. Next steps

The EU AI Act's general-purpose AI rules took effect in August 2025, and most teams building on top of Claude or GPT assume the obligations land entirely on the model provider. Largely true — but not entirely. When you fine-tune, significantly modify, or rebrand a model, you can inherit provider obligations. And regardless, the transparency duties under Article 50 attach to the deployer. Knowing which role you occupy determines what documentation you owe.

This guide covers General-purpose AI obligations under the EU AI Act across seven sections: context, the engineering reality, the concrete requirements, implementation, common mistakes, the DACH context, and next steps.

We write from practice. Innopulse Consulting advises DACH businesses and operates its own SaaS portfolio under the same conditions we recommend — the patterns here are ones our own products depend on.

What it comes down to

The EU AI Act's general-purpose AI rules took effect in August 2025, and most teams building on top of Claude or GPT assume the obligations land entirely on the model provider. Largely true — but not entirely. When you fine-tune, significantly modify, or rebrand a model, you can inherit provider obligations. And regardless, the transparency duties under Article 50 attach to the deployer. Knowing which role you occupy determines what documentation you owe. The practical question is what this means for a real team or product. The core fits into a few points:

  • GPAI obligations took effect 2 August 2025
  • Most builders are deployers, not GPAI providers
  • Fine-tuning or rebranding can shift you toward provider duties
  • Article 50 transparency duties attach to deployers

The engineering reality

Building with LLMs sits at the intersection of software engineering and a probabilistic component that behaves unlike anything else in the stack. The model is non-deterministic, its behaviour changes when the provider ships an update, and its cost scales with usage rather than amortising. None of that is a reason to avoid it — it is a reason to apply more engineering discipline, not less. The patterns that work treat the model as an untrusted, metered, versioned dependency: abstracted behind an interface, observed in production, evaluated on every change, and fenced off from anything it should not be able to reach. Teams that skip this discipline ship impressive demos that degrade quietly in production.

The concrete requirements

At the centre of General-purpose AI obligations under the EU AI Act sit the following points. Each carries direct consequences for architecture, process, or cost:

  • GPAI obligations took effect 2 August 2025
  • Most builders are deployers, not GPAI providers
  • Fine-tuning or rebranding can shift you toward provider duties
  • Article 50 transparency duties attach to deployers
  • Provider documentation flows down into your compliance file
  • Copyright and training-data transparency rules apply upstream

Implementation in practice

Moving from theory to practice follows a clear path. For General-purpose AI obligations under the EU AI Act, a three-phase approach works:

  1. Assessment (1-2 weeks): map the current state, identify stakeholders, name the biggest gaps or risks honestly.
  2. Design (2-4 weeks): define the target state, assign ownership, specify the technical and organisational measures.
  3. Implementation and operation (ongoing): build, measure, adjust. Most initiatives fail not at the start but in the absence of phase three.

Common mistakes

The same mistakes recur in practice:

  • treating General-purpose AI obligations under the EU AI Act as a one-time project rather than an ongoing discipline
  • choosing tools before understanding the process
  • ignoring the DACH context and copying US templates unchanged
  • deferring documentation until it has to be produced under pressure
  • measuring success by activity rather than outcome

The DACH context

Switzerland, Germany, and Austria differ in law and market reality. Switzerland often sits outside the EU regimes but is bound in practice through market access and data flows; Germany implements most strictly; Austria follows EU standards closely. A business operating in all three builds to the strictest common denominator and adapts regional details deliberately rather than by accident.

Next steps

The pragmatic entry into General-purpose AI obligations under the EU AI Act is an honest assessment: where are we, where do we want to be, and what are the three highest-impact next steps? Innopulse Consulting works with DACH businesses on exactly these questions — from analysis through design to implementation. Reach us at info@innopulse.io. The first thirty minutes are free.

About the author
Leutrim Miftaraj
Leutrim Miftaraj
Founder & CEO · Innopulse Consulting

Founder and principal engineer of Innopulse Consulting. MSc Innovation Management (FFHS). Author of "Identity Over Discipline".

Topics
gpai ai actgeneral purpose ai obligationsai act llm buildersfoundation model regulation
Keep reading

Related insights.

AI Engineering

AI Features and DSGVO: Lawful Processing When an LLM Touches Personal Data

The compliance layer under every AI feature. Legal basis, Article 22 automated decisions, subprocessor disclosure, and keeping personal data out of training.

Leutrim·5 min
EU AI Act

EU AI Act Artikel 50: Transparenzpflichten für Chatbots und Deepfakes

Artikel 50 trifft auch Low-Risk-KI: Chatbots müssen sich zu erkennen geben, Deepfakes müssen gekennzeichnet sein. Fristen, Ausnahmen, Implementierungstipps.

Leutrim·5 min
AI Engineering

LLM Integration in SaaS: Architecture Patterns That Survive Production

How to wire an LLM into a production SaaS without runaway cost or latency. Streaming, caching, fallback, and workspace isolation patterns from real products.

Leutrim·5 min
Working on something similar?

Let's talk.

If this article maps to a problem you're actively working on, send us a short description — we'll respond with a practical next step.

Get in touch