Inferensys

Glossary

Systemic Risk Designation

A classification applied to general-purpose AI models with high-impact capabilities, requiring additional registration and risk mitigation measures beyond standard high-risk obligations.
Risk analyst performing AI risk assessment on laptop, risk matrices visible, casual office risk session.
REGULATORY CLASSIFICATION

What is Systemic Risk Designation?

A formal classification applied to general-purpose AI models with high-impact capabilities, triggering additional registration and risk mitigation obligations beyond standard high-risk requirements.

Systemic Risk Designation is a regulatory classification under the EU AI Act that identifies a general-purpose AI model as possessing capabilities that could cause large-scale harm if misused or if control is lost. This designation is triggered when the cumulative computational power used for training exceeds a defined threshold—measured in floating-point operations (FLOPs) —or when the European Commission determines the model exhibits high-impact capabilities comparable to frontier models. The classification imposes mandatory registration, adversarial testing, and incident reporting requirements on the provider.

Once designated, the provider must conduct model evaluations against standardized protocols, implement cybersecurity controls to prevent unauthorized access, and report serious incidents to the AI Office within the Union. The designation creates a distinct tier of oversight that sits above standard high-risk AI system obligations, reflecting the unique dangers posed by models that can be adapted for a wide range of downstream tasks. This framework ensures that foundational models with broad societal impact are subject to continuous monitoring and risk mitigation throughout their lifecycle.

REGULATORY CLASSIFICATION

Key Features of Systemic Risk Designation

A classification applied to general-purpose AI models with high-impact capabilities, requiring additional registration and risk mitigation measures beyond standard high-risk obligations.

01

Cumulative Compute Threshold

The primary quantitative trigger for systemic risk designation. A general-purpose AI model is presumed to have high impact capabilities when the cumulative amount of computation used for its training exceeds 10^25 floating-point operations (FLOP). This metric serves as an objective, measurable proxy for model capability and potential societal-scale harm. Providers must notify the Commission within two weeks of meeting this threshold and prepare for additional obligations.

10^25
FLOP Threshold
02

Commission Designation Power

The European Commission holds the authority to designate a model as posing systemic risk ex officio or based on a qualified alert from the scientific panel, even if it falls below the compute threshold. This captures models with equivalent impact based on criteria such as:

  • Number of business users and reach
  • Performance benchmarks and novel capabilities
  • Potential for harmful manipulation or autonomous replication Providers have the right to present reasoned arguments against such a designation.
03

Mandatory Model Evaluation

Providers of designated models must perform and document state-of-the-art adversarial testing to identify and mitigate systemic risks. This includes red-teaming for:

  • Chemical, biological, radiological, and nuclear (CBRN) risks
  • Offensive cyber capabilities enabling large-scale attacks
  • Loss of control and autonomous replication
  • Large-scale discrimination or disinformation Results must be reported to the AI Office without delay.
04

Serious Incident Tracking

A mandatory obligation to document, report, and track serious incidents arising from the model's operation. An incident is considered serious if it directly or indirectly leads to:

  • Death of a person or serious damage to health or property
  • Major disruption to critical infrastructure
  • Widespread violations of fundamental rights A detailed incident register must be maintained and made available to the AI Office and national authorities upon request.
05

Cybersecurity Adequacy

Systemic risk designation mandates a cybersecurity protection level commensurate with the risks. This goes beyond standard IT security to include:

  • Model-specific threat modeling for weight theft and unauthorized access
  • Protection against model leakage and exfiltration
  • Securing the model architecture and training infrastructure
  • Preventing unauthorized fine-tuning or downstream misuse The security posture must be documented in the technical file and continuously updated.
06

Downstream Provider Obligations

Systemic risk obligations cascade to downstream providers integrating the designated model. A downstream provider modifying or fine-tuning a systemic-risk model inherits the full set of obligations unless they can demonstrate the modifications do not retain or amplify the systemic risk profile. This creates a chain of accountability ensuring that risk mitigation is not circumvented through corporate structuring or technical partitioning.

SYSTEMIC RISK DESIGNATION

Frequently Asked Questions

Clarifying the classification, obligations, and implications of systemic risk designation for general-purpose AI models under the EU AI Act.

A systemic risk designation is a regulatory classification applied to general-purpose AI models that possess high-impact capabilities deemed capable of causing widespread harm to public health, safety, public security, or fundamental rights. This designation triggers a set of obligations that go beyond standard high-risk requirements, compelling providers to implement comprehensive risk mitigation measures. The classification is based on the cumulative amount of compute used for training, measured in floating point operations (FLOPs), with the initial threshold set at 10^25 FLOPs. However, the European Commission retains the authority to designate models based on qualitative criteria, such as performance benchmarks and intended market penetration, even if the compute threshold is not met. Once designated, the model is subject to mandatory adversarial testing, model evaluation, incident reporting, and cybersecurity protections to prevent the generation of illegal content or the circumvention of human oversight.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.