Regulation & Compliance

EU AI Act Phase 2: New Rules for General-Purpose AI Models

The European Union is firmly advancing in creating the world's most comprehensive regulatory framework for artificial intelligence. The EU AI Act is coming into force in phases, and the second phase began on August 2, 2025. This phase introduces important rules specifically for general-purpose AI models.

Large language models such as GPT, Claude, Gemini, and similar models fall directly within the scope of this regulation. New obligations are being defined for both model providers and enterprises using these models. Companies in all countries with commercial relations with the EU, including Turkey, should closely follow this regulation.

What Is a General-Purpose AI Model?

Within the framework of the EU AI Act, a general-purpose AI model refers to broad-scope artificial intelligence models that are not limited to a specific task and can be used for many different purposes. Large language models such as ChatGPT, Claude, Gemini, and Llama are the most well-known examples of this category.

These models can perform a wide variety of tasks including text generation, code writing, translation, summarization, and analysis. Due to their broad use cases, the EU felt the need to create a specific regulatory framework for these models. The law classifies models into standard and systemic risk categories, determining different levels of obligations.

Obligations for Model Providers

The second phase of the EU AI Act imposes a series of requirements on companies that develop and offer general-purpose AI models. These obligations are based on the principles of transparency, security, and accountability.

  • Technical documentation: Model providers are required to prepare detailed technical documentation about the model's capabilities, limitations, architecture, and evaluation results.
  • Training data transparency: Comprehensive disclosure must be provided about the data sources used to train the model, copyright status, and data processing procedures.
  • Risk assessment: Additional obligations will apply to high-impact models carrying systemic risk. The potential risks of these models must be assessed in detail and mitigation measures must be taken.
  • EU representative: Model providers based outside the EU are required to appoint an authorized representative within the EU. This representative will be responsible for communication with regulatory authorities.

Impact on Enterprises

The law concerns not only model providers but also enterprises that use these models in their business processes. Every company that integrates AI models assumes certain responsibilities.

  • Compliance verification: Enterprises must verify and document that the AI model they use complies with the EU AI Act.
  • High-risk scenarios: In high-risk use cases such as recruitment, credit assessment, and healthcare, additional measures must be taken and human oversight must be ensured.
  • Content labeling: Texts, images, and other content generated by AI must be clearly labeled as AI-produced.

Implications for Turkey

Although Turkey is not an EU member, it has intensive commercial relations with the EU. Turkish software companies and AI-using enterprises serving the EU market will need to comply with this regulation. Additionally, the EU AI Act serves as an important reference point in Turkey's own AI regulation efforts.

Conclusion

The second phase of the EU AI Act significantly raises transparency and accountability standards in the AI model ecosystem. Model providers and enterprises using these models should begin preparations now to comply with the new rules.

This regulation aims not to hinder the development of AI but to ensure its safe and responsible use. Enterprises that proactively manage the compliance process will both minimize legal risks and gain a competitive advantage by building trust with their customers.

Share