Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI

Definition · Plain-language

Systemic-risk AI

Systemic-risk AI refers, under the EU AI Act, to general-purpose AI models with high-impact capabilities that carry additional obligations because of their potential broad effects.

CASRAI research-methods explainer — Systemic-risk AI

The step most authors miss

Doing CRediT right? Don’t stop at the statement.

A CRediT statement credits you inside one paper. The recognition CRediT was built for happens when those roles are tied to you, persistently. Sign in with your ORCID — free — and claim your CRediT contributions on casrai.org, the home of the standard. They become a verified, portable part of your identity, not a line that disappears into one PDF.

Free: claim your contributions, then export a journal-ready CRediT statement, schema.org structured data, JATS XML, CSV or BibTeX — and preview your public profile. A membership publishes that profile publicly and verifies the journals you serve.

Sign in with ORCID — free Why this matters →

What systemic risk means here

In the EU AI Act, "systemic risk" is a specific label for the most capable general-purpose AI models — those whose high-impact capabilities could produce significant effects across the Union, for example on health, safety, fundamental rights or society at large. The concern is not a single application but the broad reach of a model that may be built into many downstream systems. The Act therefore treats these models differently from ordinary GPAI, attaching heightened obligations to their providers in recognition that problems in a widely deployed foundational model can propagate far beyond any one product.

How a model is classified

The Act sets out how a general-purpose AI model comes to be treated as carrying systemic risk. A central mechanism is a presumption based on the scale of the model: where the cumulative compute used for training exceeds a defined threshold, the model is presumed to have high-impact capabilities and thus systemic risk. Classification can also follow from a designation decision taking other criteria into account. The compute threshold gives an objective, if necessarily approximate, trigger, while the designation route allows the regime to capture models that warrant the label for reasons beyond raw training scale.

The extra obligations

Providers of GPAI models with systemic risk face obligations on top of the baseline transparency and documentation duties that apply to general-purpose models generally. These additional duties include evaluating the model, assessing and mitigating systemic risks at Union level, tracking and reporting serious incidents, and ensuring an adequate level of cybersecurity. Compliance can be supported by adhering to codes of practice developed with the AI Office, which supervises these models centrally. The category thus pairs a high bar for who is in scope with a correspondingly heavier set of safeguards, reflecting the potential reach of the most powerful models.

Key facts

At a glance

  • Definition: EU AI Act category for GPAI models with high-impact capabilities and broad potential effects
  • Trigger: presumed where training compute exceeds a defined threshold
  • Also possible via: designation taking other criteria into account
  • Extra duties: model evaluation, systemic-risk mitigation, incident reporting, cybersecurity
  • Supervisor: the European Commission’s AI Office
  • Rationale: problems in widely deployed foundational models can propagate far

Common misconceptions

What people often get wrong

Often heard: Systemic-risk AI is the same as a high-risk AI system.

Actually: They are different categories. High-risk AI systems are specific use-case applications subject to the Act’s high-risk requirements; systemic-risk AI is about the most capable general-purpose models and their distinct GPAI obligations.

Often heard: Any large AI model automatically counts as systemic-risk.

Actually: The Act presumes systemic risk only where training compute exceeds a defined threshold, and classification can also follow a designation decision. Many models fall below the trigger and are treated as ordinary GPAI.

Often heard: Systemic-risk models face the same duties as all other GPAI.

Actually: They carry additional obligations beyond baseline GPAI duties — such as model evaluation, systemic-risk assessment and mitigation, incident reporting and cybersecurity — reflecting their broader potential impact.

Going deeper

Related CASRAI guidance

EU AI OfficeConformity assessmentEU AI ActAI risk managementStandards dictionaryPlain-language explainers

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →