What actually changes on 2 August
The substantive obligations for general-purpose AI models under the EU AI Act have been in force since 2 August 2025, but until now the AI Office had no teeth. From 2 August 2026 the Commission enforcement powers enter into application. The AI Office can request documentation and information, conduct model evaluations, request compliance and risk-mitigation measures including recall and market withdrawal, and impose fines under Article 101 of up to 15 million euros or 3 percent of worldwide annual turnover, whichever is higher.
The obligations themselves are documentation, not product bans. A provider of a general-purpose model must keep current technical documentation, write and maintain the information it passes to downstream providers who build on the model, adopt a policy to comply with EU copyright law, and publish a summary of the content used for training. Models placed on the market before 2 August 2025 have until 2 August 2027 to comply, while anything newer is expected to comply now.
Signatories get a softer landing
The AI Office has made clear that signing the General-Purpose AI Code of Practice changes how it enforces. For signatories it says it will focus its activity on monitoring adherence to the Code, will treat commitment to the Code as a mitigating factor when setting fines, and will not automatically treat a signatory as in breach if it has not yet implemented everything, assuming good faith. Google, Meta, Microsoft, OpenAI, Mistral and Anthropic are among the signatories.
That turns a vendor signatory status into a procurement fact. A model from a signatory arrives with a lighter regulatory shadow and a provider that has already committed to producing the documentation you will need. A model from a non-signatory does not, which does not make it non-compliant, but it does mean the paperwork you depend on is less certain to exist and be current when the AI Office, or your own auditor, asks for it.
What a European operator should do before August
If you deploy or build on a general-purpose model, the enforcement clock is not only your vendor problem. When you put an AI system into your product or operations you are a downstream provider, and your ability to show compliance rests on the model provider documentation flowing to you. That is a contractual dependency, so treat it like one.
Two lines belong in every AI vendor contract before 2 August: a warranty that the provider maintains the required technical documentation and training-data summary and keeps them current, and a commitment to supply the downstream-provider information the Act requires. Check whether your provider signed the Code of Practice, and if a cheaper non-signatory model is on your shortlist, price in the cost of building the compliance file yourself. The fine lands on the model provider, but the disruption of a model you cannot document lands on you.
Read next: Is Your Company Ready for the EU AI Act? | Meta's Ad AI Launches Around Europe, Not In It



