Art. 25 Provider Conversion Checker
Did fine-tuning, repurposing, or substantially modifying a third-party AI model turn you into a new provider under Art. 25(1)(b)? This decision tool walks the statutory test — including the Commission's July 2025 GPAI guideline that additional training compute equal to ≥1/3 of the original model's compute is presumed to be a “substantial modification”.
Art. 25(1) of the EU AI Act converts a deployer, distributor, or other operator into a new provider when one of three things happens: rebranding (a), substantial modification of a high-risk AI (b), or change of intended purpose into Annex III high-risk (c). The Commission's July 2025 GPAI Guidelines fix a presumption that additional training compute of ≥1/3 of the original is a substantial modification. Mis-treating this conversion is one of the largest fine-exposure swings on the market — the full Annex IV / Art. 17 / Art. 43 / Art. 47 / Art. 49 stack lands on you if you cross the line.
- 1Describe what you did to the third-party model (unchanged / RAG / fine-tune / from-scratch / repurpose).
- 2For fine-tune paths, enter the original model's training compute (FLOPs) and your additional fine-tuning compute.
- 3Review the compute-ratio output against the Commission's 1/3 threshold.
- 4For sub-threshold fine-tunes and repurposing paths, complete the intended-purpose / modality / architecture self-assessment.
- 5Export the assessment as DOCX evidence — the record names the rule applied and the inputs used.
- 6Re-run on every material fine-tune, change of deployment context, or upstream model swap.
- AI Act Art. 25(1)(b)
- AI Act Art. 25(1)(c)
- AI Act Art. 25(2)
- Commission GPAI Guidelines (July 2025)
Why this matters. Art. 25(1) sets out three independent paths by which a deployer, distributor or other operator inherits full provider obligations: (a) putting your name or trademark on a high-risk AI system already placed on the market; (b) making a substantial modification that the system nonetheless remains high-risk after; or (c) modifying the intended purpose of an AI system not initially classified as high-risk such that it becomes high-risk.
If any of these apply you become the provider under Art. 25(1) — and the original provider ceases to be it (Art. 25(2)). Tools downstream (e.g. GPAI Registration, Annex IV Documentation, Conformity Assessment) will then be obligations on you, not them.
- 1.What did you do
- 2.Compute ratio
- 3.Intended purpose
- 4.Result
Which of these best describes what you did to the third-party AI model?
Pick the closest description. If you did several things, pick the most extensive one — for example, “fine-tuned” rather than “RAG only” if you did both.
Important Legal Disclaimer
This tool is a self-assessment aid only and does not constitute legal advice, a formally certified compliance assessment, or an independently audited report.
Outputs — including reports, scores, checklists, and generated documents — are for internal use and should be reviewed by a qualified legal representative or independent AI compliance auditor before being relied upon for regulatory, procurement, or public-disclosure purposes.
This tool does not replace a notified body conformity assessment where one is required under Art. 43(1) of the EU AI Act (e.g. biometric identification systems for law enforcement).
All assessment risk lies with the user. AIAuditRef, its developers, and staff accept no liability for losses arising from use of or reliance on these outputs. Always verify against official sources: the EU AI Act (Regulation 2024/1689) and your national enforcement authority.