Modifying AI Under the EU AI Act: Lessons from Practice on Classification and Compliance

Under the EU AI Act, organizations that modify existing AI systems or general-purpose AI models (GPAI models, which are foundational AI systems designed to perform many different tasks) may become legally classified as "providers" and face significant compliance responsibilities. The article explains that modifications triggering higher compliance burdens typically involve high-risk AI systems or substantial changes to a GPAI model's capabilities or generality, such as fine-tuning (customizing a model for specific tasks). Proper assessment of whether a modification triggers provider status is critical, since misclassification can result in fines up to €15 million or 3% of global annual revenue.