When a downstream actor modifies or fine-tunes a general-purpose AI model (GPAIM), who bears the burden of complying with the EU AI Act — the original provider, the modifier or both? The answer is not always clear, yet it has significant implications for risk allocation across the AI value chain. This article analyzes two scenarios where responsibility may shift and outlines practical contractual approaches for providers and licensees.
Scenario A: Modification using 1/3 FLOP sufficient to create a “new” model
When the downstream modifier becomes a provider
The AI Act does not address the question of who is responsible for compliance when a GPAIM is modified or fine-tuned, nor what kind of modification will trigger the creation of a “new” model. The European Commission has tried to fill these gaps in its recently published guidelines for providers of GPAIMs (the Guidelines).
According to the Guidelines, the Commission will consider a downstream actor that modifies a model to be a provider of the model only if the modification leads to a “significant change” in the model’s generality, capabilities or systemic risk. The Commission considers fine-tuning to be a way to modify a model.
If the downstream actor uses more than 1/3 of the training compute used for the original GPAIM for the modification, then this will be an “indicative criterion” that a new model has been created. The amount of training compute is not the only criterion that could trigger a sufficiently significant change to the model. Still, the Commission expects that a model modified with this amount of compute will “display a significant change which warrants the downstream modifier being subject to the obligations for providers”.
The Guidelines do not specify whether modifications done over time by a downstream modifier that cumulatively add up to 1/3 FLOP are considered a modification that tips the threshold. However, given the emphasis of responsibility for a model “over its life cycle” and the approach taken in Recital 111 and the Guidelines to the calculation of “cumulative amount of computation used for training” prior to “deployment,” downstream actors should continuously track their modifications in case their incremental modifications could result in a new GPAIM.
Consequences for the downstream modifier
A downstream actor that creates a new model using a level of compute that exceeds the 1/3 FLOP threshold will, according to the Guidelines, be deemed a provider and will have to comply with the regulatory obligations set out in Article 53 of the AI Act in relation to the modification.
If the original model is a GPAIM with systemic risk, and it is modified in a manner that creates a new model, then the modified model is also “presumed” to be a GPAIM with systemic risk. Therefore, the downstream modifier must also comply with Article 55 of the AI Act and notify the Commission as required by Article 52 of the Act.
Scenario B: Modifications not using the threshold level of compute (1/3 FLOP), no “new” model
Provider’s responsibility for modified GPAIM
The Guidelines make clear that not every modification of a GPAIM will lead to the downstream modifier being considered a provider of the modified model. The Guidelines further state that this position is consistent with the Blue Guide on the implementation of product rules 2022. But the Guidelines, like the Act, are silent regarding which party is responsible for ensuring that modifications of a GPAIM comply with the AI Act when a downstream modifier’s changes do not result in a new model.
If a downstream modifier can fine-tune a GPAIM in a manner that does not create a new model for the purposes of the AI Act, then arguably the transparency objectives of Chapter V of the AI Act can be frustrated if no party in the value chain updates the model documentation required under the Act. This is not an inconsequential outcome, since a GPAIM that has been fine-tuned on new data can result in a model with different biases and risks.
Absent a statement to the contrary, the implicit suggestion is that compliance with the modification or fine-tuning of a model that does not reach the threshold remains the responsibility of the original provider, even if the provider did not modify the model itself. An exception to this outcome ¾ suggested by the Blue Guide and cited in the Guidelines ¾ will arise if the modified model is placed on the market under the licensee’s name or trademark.
Provider’s ongoing compliance obligations
The AI Act indicates that a provider’s compliance obligations are ongoing throughout the life cycle of the model. The voluntary GPAIM Code of Practice states that “signatories will update the Model Documentation to reflect relevant changes in the information contained in the Model Documentation, including in relation to updated versions of the same model.”
More specifically, the template “Model Documentation” form published as part of the GPAIM Code of Practice (non-binding) and the template form issued by the Commission as a means of complying with Article 53(1)(d) (Public summary of Training Content) both require that information about modified or fine-tuned models should be included in the forms (for example, see the Commission’s Explanatory Note). In addition, the obligations in relation to GPAIM with systemic risk are also meant to be ongoing (see Recital 114 regarding continuous risk assessment, for example).
However, since the AI Act does not impose any upstream information obligations on downstream modifiers, the provider must adopt alternative methods to ensure access to the necessary information for meeting its compliance obligations.
Contractual Risk Mitigation
To ensure that the provider can remain compliant with its legal obligations in Scenario B, a provider should impose certain contractual obligations on the licensee, such as:
- Timely reporting obligations in relation to modifications/fine-tuning
- Audit rights in favour of the licensor
- Obligation to provide documentation sufficient to fulfil AI Act obligations
- Payment / Repayment of costs associated with updating regulatory disclosures
- Indemnification for regulatory fines arising from the downstream modifier’s breach that results in the provider being sanctioned
- Restrictions in relation to the nature of modifications/ fine-tuning that the licensee may undertake
- If a licensee wants to release a modified GPAIM under their own name, consider being explicit in the license that doing so amounts to creating a “new” license, and the licensee becomes the provider
Such steps may help manage the uncertainty in connection with downstream modifications for commercial models.
Impact on Open Source Licenses
The addition of such contractual layers could pose risks in the context of open-sourced GPAIMs. The AI Act explicitly states that, to benefit from the exemptions from compliance obligations available to GPAIMs under a free and open source software (FOSS) license, the licensee must be able to access, use, modify and distribute the model freely. According to the GPAIM Guidelines: “If one of these rights (i.e., rights to access, use, modify, and redistribute) is missing, the licence cannot be considered free and open source under the AI Act.”
However, the Commission has opened the door to the possibility of proportionate restrictive license terms that will not jeopardize the provider’s ability to rely on the AI Act exemption. The Guidelines state that “licensors may include specific, safety-oriented terms that reasonably restrict usage in applications or domains where such use would pose a significant risk to public safety, security, or fundamental rights.”
The type of contract terms that will fulfil this condition is not defined. A model provider using a FOSS license should carefully assess any license restrictions to ensure they respect the open-source boundaries.
[View source.]
