Regulationopen-sourcegpaiexemption

Open Source AI and the EU AI Act: What's Exempt and What Isn't

How the EU AI Act treats open-source AI — the Article 2(12) exemption, the Article 53(2) GPAI carve-out, and the limits of both. Practical guidance for open-source developers, model hubs, and downstream users.

May 12, 202611 min read

The EU AI Act includes specific provisions for free and open-source AI — both in its general scope (Article 2(12)) and in the specific regime for general-purpose AI models (Article 53(2)). For developers, model-hub operators, and downstream users of open-source models, understanding where the exemptions begin and end is essential to avoid both over- and under-compliance.

This article explains the two main open-source carve-outs, the activities they cover, the activities they explicitly do not cover, and the practical consequences for the open-source AI ecosystem in the EU.

The Two Open-Source Provisions

The EU AI Act addresses open-source AI in two places that operate independently:

Article 2(12) — General Open-Source Exemption

This Regulation does not apply to AI systems released under free and open-source licences, unless they are placed on the market or put into service as high-risk AI systems or as an AI system that falls under Article 5 or 50.

This is the broad horizontal exemption from the regulation. AI systems released under free and open-source licences are out of scope unless they are:

  • Placed on the market or put into service as high-risk AI systems
  • Subject to Article 5 prohibitions (which are absolute regardless of licensing)
  • Subject to Article 50 transparency obligations (limited-risk systems)

In practice, this exemption is broad on paper and narrow in effect. Most of the AI Act's substantive provisions apply specifically to high-risk and limited-risk systems. So if a free and open-source AI system is neither high-risk nor limited-risk, there is usually little for the regulation to apply to in the first place.

The genuine value of Article 2(12) is for ambiguous edge cases: it provides a clear rule that pure research releases, experimental models distributed under permissive licences, and similar releases are not in scope.

Article 53(2) — GPAI Open-Source Carve-Out

The obligations set out in paragraph 1, points (a) and (b), shall not apply to providers of AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general-purpose AI models with systemic risk.

This is the GPAI-specific carve-out. It exempts providers of qualifying open-source GPAI models from two specific obligations under Article 53(1):

  • Article 53(1)(a) — drawing up and keeping up to date technical documentation for the AI Office and national competent authorities
  • Article 53(1)(b) — drawing up and making available information and documentation to downstream providers

The carve-out does not apply to:

  • Article 53(1)(c) — copyright compliance (still required for all GPAI providers)
  • Article 53(1)(d) — making available a sufficiently detailed summary of training content (still required)
  • Any provider of a GPAI model with systemic risk under Article 51 (the >10^25 FLOPs threshold) — these models remain fully regulated regardless of licensing

The Article 53(2) carve-out is therefore narrower than it first appears. Open-source LLM providers below the systemic-risk threshold still owe copyright compliance and a training-data summary. Open-source LLM providers at or above the systemic-risk threshold owe everything.

What Counts as "Free and Open-Source" Under the Regulation?

Recital 102 provides interpretive guidance:

Free and open-source licences may be considered as those that allow the software, including models, to be openly shared and where users can freely access, use, modify and redistribute them or modified versions thereof. Free and open-source AI components covered by free and open-source licences whose parameters, including the weights, the information on the model architecture, and the information on model usage are made publicly available should be considered to have a high degree of transparency and openness.

Two thresholds are visible in the regulation:

For Article 2(12) (general exemption): the system is released under a free and open-source licence. The licence must permit free access, use, modification, and redistribution.

For Article 53(2) (GPAI carve-out): stricter requirements. In addition to the licence, the model's parameters (weights), architecture information, and usage information must all be publicly available.

This means "open weights but closed code" or "open code but closed weights" models do not qualify for the GPAI carve-out. The full stack of artefacts needed to understand and modify the model must be public.

The "open" designation in AI is contested. Some models marketed as "open" release only weights with restrictive licences (e.g., research-only, no commercial use, or restrictions against use by competitors). Such models likely do not meet the AI Act's "free and open-source" threshold, since the licence restricts modification and redistribution.

What Open Source Does Not Exempt You From

Even where a model qualifies for an open-source carve-out, multiple obligations remain:

Copyright Law (Article 53(1)(c))

All GPAI providers — open-source included — must "put in place a policy to comply with Union law on copyright and related rights, and in particular to identify and comply with, including through state-of-the-art technologies, a reservation of rights expressed pursuant to Article 4(3) of Directive (EU) 2019/790."

In plain language: even open-source GPAI providers must respect text-and-data-mining opt-outs under the EU Copyright Directive. If a rights-holder has expressed an opt-out, the model cannot have been trained on that content (or the model must demonstrate it complies despite training on it).

Training-Data Summary (Article 53(1)(d))

All GPAI providers must publish "a sufficiently detailed summary about the content used for training of the general-purpose AI model, according to a template provided by the AI Office."

The AI Office's template specifies categories of training data, sources, and approximate proportions. Even open-source models must publish this summary.

Systemic-Risk Model Obligations (Articles 51–55)

If your open-source GPAI model exceeds 10^25 FLOPs of training compute (or is otherwise designated as having systemic risk), the full systemic-risk regime applies regardless of licensing: model evaluation, adversarial testing, systemic-risk mitigation, serious-incident reporting, and cybersecurity measures.

This is significant for frontier open-source models. Llama 3.1 405B, for instance, was trained on roughly 3.8 × 10^25 FLOPs — above the systemic-risk threshold. An equivalent open-source model placed on the EU market would be subject to the full systemic-risk regime, despite being open-source.

High-Risk Deployments (Article 2(12))

If your open-source model is placed on the market or put into service as a high-risk AI system — that is, in an Annex III area or as a safety component under Annex I — the Article 2(12) exemption does not apply. The full high-risk regime applies just as for closed models.

Limited-Risk Transparency (Article 50)

If your open-source system is a chatbot, deepfake generator, emotion-recogniser, or biometric categoriser — all limited-risk categories — the Article 50 disclosure obligations apply regardless of open-source status.

Article 5 Prohibitions

The Article 5 prohibitions are absolute. An open-source model that implements a prohibited practice — social-scoring, manipulative AI, emotion recognition in workplaces or schools, etc. — is not exempt because it is open-source. The provider remains liable; downstream users implementing the prohibited use are also liable.

Need auditable AI for compliance?

Ctrl AI provides full execution traces, expert verification, and trust-tagged outputs for every AI decision.

Learn About Ctrl AI

Substantial Modification: When Does Fine-Tuning Trigger New Obligations?

A common open-source pattern is fine-tuning a base model for a downstream task. Article 25 addresses when this makes the modifier a new provider with full obligations:

Any distributor, importer, deployer or other third party shall be considered to be a provider of a high-risk AI system for the purposes of this Regulation and shall be subject to the obligations of the provider under Article 16, in any of the following circumstances: (a) they put their name or trademark on a high-risk AI system already placed on the market or put into service, without prejudice to contractual arrangements stipulating that the obligations are otherwise allocated; (b) they make a substantial modification to a high-risk AI system that has already been placed on the market or has already been put into service in such a way that it remains a high-risk AI system pursuant to Article 6; (c) they modify the intended purpose of an AI system, including a general-purpose AI system, which has not been classified as high-risk and has already been placed on the market or put into service in such a way that the AI system concerned becomes a high-risk AI system in accordance with Article 6.

"Substantial modification" is defined in Article 3(23): a change that was not foreseen or planned in the initial conformity assessment, that affects compliance with the requirements of Chapter III, Section 2, or that results in a change to the intended purpose.

Fine-tuning that maintains the model's general capabilities and intended purpose typically does not trigger Article 25. Fine-tuning that materially changes capabilities, changes the intended purpose, or repurposes a minimal-risk model for a high-risk use case can trigger it.

A practical example: taking an open-source LLM and fine-tuning it for HR-screening applications places the fine-tuned model in the high-risk regime — and makes the fine-tuner a provider with full Article 8–15 obligations.

Practical Guidance for Different Roles

For Model Developers Releasing Open-Source GPAI Models

  1. Verify your licence qualifies. Free and open-source under the regulation requires unrestricted access, use, modification, and redistribution. Research-only or non-commercial licences do not qualify.
  2. Publish weights, architecture, and usage information. Article 53(2) requires all three. Releasing only one component does not qualify.
  3. Comply with copyright (Article 53(1)(c)). Implement a policy to respect text-and-data-mining opt-outs. Document the policy.
  4. Publish a training-data summary (Article 53(1)(d)). Use the AI Office template.
  5. Check the systemic-risk threshold. If your training compute exceeds 10^25 FLOPs, the open-source carve-out does not apply. Plan for full Article 55 compliance.
  6. Provide acceptable-use guidance. Even though Article 53(1)(b) does not strictly apply, providing acceptable-use guidance and known-limitations documentation supports downstream compliance and good ecosystem practice.

For Downstream Users of Open-Source Models

  1. Inventory which model you are using. Document model identifier, version, source, and licence.
  2. Retain provider documentation. Even if the provider relies on the open-source carve-out for Article 53(1)(a)/(b), they have published a training-data summary and copyright policy. Retain copies.
  3. Assess your own classification. Your deployment is what determines risk classification. A minimal-risk base model can become a high-risk system through deployment context.
  4. Decide whether you are a provider. If you fine-tune or modify the model in a way that triggers Article 25, you take on provider obligations for the modified system.
  5. Document Article 50 disclosure if your application is a chatbot, deepfake generator, or other limited-risk use case.

For Model Hubs and Distribution Platforms

  1. Identify your role. Are you placing models on the market under your own name (provider), distributing models on behalf of others (distributor), or hosting third-party models (intermediary, with DSA implications)?
  2. Distributor obligations under Article 27: verify the model has CE marking where required, that documentation is present, and that you have no reason to believe the model is non-compliant.
  3. DSA obligations apply independently to platforms — content moderation, transparency reporting, risk assessments for VLOPs.
  4. Provide infrastructure for compliance. Even if you are not the provider, supporting metadata fields for training-data summaries, acceptable-use policies, and licence information helps downstream users comply.

The Bigger Picture: Open Source Is Genuinely Supported

The EU AI Act, taken as a whole, supports rather than impedes open-source AI development. The Article 2(12) and Article 53(2) carve-outs are real. The regulation explicitly recognises (Recital 89) the value of open-source AI for transparency, innovation, and research. Funding programmes, regulatory sandboxes, and SME-support measures (Articles 57 and 62) all extend to open-source developers.

The compliance burden is concentrated on the genuinely high-risk uses and on the systemic-risk frontier models. For the long tail of research releases, academic models, and community-built tools, the regulation imposes minimal direct obligations.

Conclusion

Open-source AI under the EU AI Act is neither fully exempt nor heavily regulated. The picture is more nuanced: free and open-source AI systems are largely outside the regulation for minimal-risk and research uses, but the high-risk regime, Article 5 prohibitions, and Article 50 transparency obligations apply regardless of licensing. For GPAI, the Article 53(2) carve-out lifts certain documentation obligations but preserves the copyright and training-data-summary requirements — and the carve-out does not extend to systemic-risk models.

For a broader view of how the regulation classifies AI systems, see the risk classification system article. For the full GPAI regime that open-source models partially escape, see GPAI obligations under the EU AI Act.

Frequently Asked Questions

Are open-source AI systems exempt from the EU AI Act?

Partially. Article 2(12) exempts AI systems released under free and open-source licences from the regulation, but with significant exceptions: the exemption does not apply when the system is placed on the market or put into service as a high-risk AI system, when it falls under the Article 5 prohibitions, or when it is a limited-risk system subject to Article 50 transparency obligations. For GPAI models, Article 53(2) provides a narrower carve-out for some transparency obligations.

Can I publish a free open-source LLM without complying with the GPAI rules?

Not entirely. Article 53(2) exempts providers of free and open-source GPAI models from some Article 53(1) obligations — specifically the technical-documentation-to-the-AI-Office and downstream-provider-information requirements. But the exemption does not extend to copyright compliance (Article 53(1)(c)) or the training-data summary (Article 53(1)(d)). It also does not extend to GPAI models with systemic risk, which remain fully regulated regardless of licensing.

What counts as 'free and open-source' under the EU AI Act?

Recital 102 clarifies the meaning: free and open-source licences must allow the software, including models, to be openly shared, where users can freely access, use, modify and redistribute them or modified versions. The licence must not require any payment for use. Critically, releasing only model weights or only inference code is generally insufficient — open access to all components that allow understanding and modification of the model is expected.

Does fine-tuning an open-source model make me a provider?

Potentially yes. Under Article 25, a downstream actor becomes a provider — taking on the corresponding obligations — if it (a) places a high-risk AI system on the market under its own name or trademark, (b) makes a substantial modification to an existing high-risk system that is already on the market, or (c) modifies the intended purpose of an AI system not initially classified as high-risk such that it becomes high-risk. Fine-tuning that does not change the system's general capabilities typically does not trigger this; substantial fine-tuning that changes capabilities or intended purpose can.

Is Hugging Face responsible for the EU AI Act compliance of models hosted on its platform?

Generally no, in the sense that platforms hosting third-party models are not the providers of those models. The provider obligations attach to the entity that places the model on the market under its own name or trademark. A hosting platform that does not modify the model and does not place it on the market under its own brand is more akin to a distributor (Article 27), with verification and documentation responsibilities but not provider-level obligations. The Digital Services Act may impose additional platform-level obligations independently.

Make Your AI Auditable and Compliant

Ctrl AI provides expert-verified reasoning units with full execution traces — the infrastructure you need for EU AI Act compliance.

Explore Ctrl AI

Related Articles

Regulation12 min read

General-Purpose AI (GPAI) Under the EU AI Act

Complete guide to GPAI model obligations under the EU AI Act — transparency requirements, systemic risk assessment, and what foundation model providers must do.

Regulation10 min read

Annex I Explained: AI in Regulated Products Under the EU AI Act

How Annex I of the EU AI Act classifies AI systems embedded in regulated products — medical devices, machinery, toys, vehicles, aviation, marine, and more. Conformity assessment, deadlines, and the MDR/IVDR interaction.

Regulation12 min read

Annex III Explained: Standalone High-Risk AI Systems Under the EU AI Act

Detailed breakdown of all eight categories of standalone high-risk AI systems in Annex III of the EU AI Act — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and justice.