aigovernance.com

Global AI Regulation & Framework Directory

← Directory
FrameworkEU

EU AI Office Framework

EU AI Office · European AI Office, European Commission

The institutional and regulatory framework establishing the European AI Office as the central EU body responsible for supervising general-purpose AI models, enforcing the EU AI Act at the supranational level, and coordinating AI governance across EU member states.

Overview

The European AI Office (AI Office) was established by European Commission Decision of 24 January 2024 and became operational on 21 February 2024. It represents the European Union's principal institutional response to the governance challenges posed by advanced AI systems, in particular general-purpose AI (GPAI) models and GPAI models with systemic risk. The AI Office operates within the European Commission's Directorate-General for Communications Networks, Content and Technology (DG CNECT) and is structured around five operational units: Regulation and Compliance, AI Safety, AI for Societal Good, AI Innovation and Policy Coordination, and AI Excellence and Research. The AI Office's mandate derives primarily from Chapter V and Chapter VIII of the EU AI Act (Regulation (EU) 2024/1689), which entered into force on 1 August 2024. As the designated competent authority for GPAI models at the Union level, the AI Office holds exclusive supervisory and enforcement jurisdiction over providers of GPAI models, including the authority to conduct evaluations, request documentation, issue binding measures, and impose fines. For high-risk AI systems and other AI Act obligations, enforcement authority is distributed to national competent authorities in each member state, with the AI Office responsible for coordination, harmonisation, and the development of common methodologies and standards. The AI Office also administers the EU AI Pact-a voluntary commitment scheme through which AI developers and deployers can demonstrate early alignment with EU AI Act obligations ahead of full applicability dates. Additionally, the AI Office manages the GPAI Code of Practice development process, convening working groups of industry, civil society, and scientific stakeholders to produce binding codes of practice for GPAI model providers. Enterprises providing or deploying AI systems in the EU-including non-EU headquartered companies whose AI outputs are used in the EU-must engage with the AI Office framework as the authoritative source of enforcement posture, technical guidance, safe harbour documentation, and regulatory interpretation for the EU AI Act.

Key Requirements

  • GPAI Model Provider Registration: Providers of GPAI models must register models in the EU AI Office database upon market placement, subject to thresholds defined in the EU AI Act.
  • GPAI Systemic Risk Classification: Providers of GPAI models trained above 10^25 FLOPs computational threshold are presumed to pose systemic risk and are subject to enhanced obligations including adversarial testing, incident reporting, and cybersecurity measures.
  • Technical Documentation for GPAI Models: Providers must maintain and submit technical documentation to the AI Office as required, including training data summaries, model architecture descriptions, and capability evaluations.
  • Code of Practice Compliance: GPAI model providers must either adhere to the AI Office-administered GPAI Code of Practice or demonstrate equivalent compliance through alternative means.
  • Cooperation with AI Office Investigations: Providers and deployers must cooperate with AI Office evaluations, document requests, and investigative procedures within prescribed timescales.
  • Incident and Serious Incident Reporting: Providers of GPAI models with systemic risk must report serious incidents to the AI Office within defined timeframes.
  • AI Pact Voluntary Commitments (transitional): During the transitional period before full AI Act applicability, providers may voluntarily commit to AI Pact pledges as early compliance signals reviewed by the AI Office.
  • National Authority Coordination: High-risk AI system deployers must engage with national competent authorities designated under the EU AI Act; the AI Office provides coordination guidance and harmonised templates.
  • Enforcement and Penalties: The AI Office may impose fines on GPAI model providers of up to EUR 15 million or 3% of worldwide annual turnover (whichever is higher) for violations; up to EUR 30 million or 6% for systemic risk obligation breaches.

Who It Affects

Providers of general-purpose AI models placed on the EU market, regardless of where the provider is headquarteredProviders of GPAI models with systemic risk (above 10^25 FLOPs training compute threshold)Enterprises deploying high-risk AI systems in the EU as defined in Annex III of the EU AI ActNon-EU enterprises whose AI system outputs are used within the European UnionEU member state national competent authorities coordinating with the AI Office on enforcementAI developers participating in the EU AI Pact or GPAI Code of Practice working groupsEnterprise legal, compliance, and regulatory affairs teams responsible for EU AI Act readiness

Effective Date

2024-02-21

Official source →