A systemic risk threshold is a predefined quantitative or qualitative benchmark—typically measured in floating-point operations (FLOPs) or demonstrated dangerous capabilities—that automatically classifies a general-purpose AI model as posing potential systemic risk. Crossing this threshold triggers mandatory regulatory obligations under frameworks like the EU AI Act, including model evaluation, adversarial testing, and incident reporting.
Glossary
Systemic Risk Threshold

What is Systemic Risk Threshold?
A compute or capability benchmark that, when exceeded, triggers additional regulatory scrutiny for a general-purpose AI model.
These thresholds operationalize the concept of compute governance, where training runs exceeding 10^25 FLOPs often serve as a proxy for risky capability emergence. Beyond raw compute, thresholds may incorporate dangerous capability benchmarks in domains like cybersecurity or bioengineering. The mechanism ensures that regulatory oversight scales proportionally with a model's potential for large-scale societal harm.
Core Characteristics of Systemic Risk Thresholds
Systemic risk thresholds are predefined compute or capability benchmarks that, when exceeded, automatically escalate a general-purpose AI model into a higher tier of regulatory scrutiny. These thresholds operationalize the governance principle that raw computational power correlates with potential societal harm.
Compute-Based Triggering
The most quantifiable systemic risk threshold is measured in floating-point operations (FLOPs) used during training. The EU AI Act initially proposed a threshold of 10^25 FLOPs, a compute budget that only the largest frontier models exceed. This metric is favored by regulators because it is objective, verifiable, and difficult to manipulate. Training runs that cross this boundary automatically trigger mandatory reporting, adversarial red-teaming, and incident disclosure requirements. The threshold is designed to be updated dynamically as hardware efficiency improves.
Capability-Based Thresholds
Beyond raw compute, regulators define thresholds based on dangerous capabilities that emerge unpredictably. These include:
- Chemical/Biological Design: The ability to synthesize novel compounds or pathogens
- Autonomous Replication: The capacity to self-improve or copy itself without human intervention
- Strategic Deception: The ability to manipulate, persuade, or deceive humans at expert levels
- Cyber Offense: Proficiency in discovering and exploiting zero-day vulnerabilities Models exhibiting these capabilities trigger additional oversight regardless of training compute.
Responsible Scaling Policies
Leading AI labs implement internal Responsible Scaling Policies (RSPs) that mirror regulatory thresholds. An RSP defines a series of Safety Levels (ASL-1 through ASL-4) , each gated by specific security and alignment conditions. Before training a model at a higher compute tier, developers must demonstrate that affirmative safety cases are met. If evaluations reveal dangerous capabilities, deployment is paused until mitigations are verified. This creates a precautionary principle operationalized through engineering gates.
Compute Threshold Notification
A Compute Threshold Notification is a mandatory regulatory filing required when a training run exceeds a specified computational power limit. Under the EU AI Act, providers of general-purpose AI models must notify the AI Office within two weeks of a training run commencing if it exceeds 10^25 FLOPs. The notification must include the physical location of the data center, the total energy consumption, and the estimated training duration. This creates an early-warning system for regulators before the model is ever deployed.
Dangerous Capability Benchmarking
Dangerous capability benchmarks are standardized test suites designed to measure a model's proficiency in domains that could cause catastrophic harm. Key benchmarks include:
- WMDP Benchmark: Tests knowledge of virology, bioweapons, and chemical agents
- CyberSecEval: Assesses offensive cyber capabilities and exploit generation
- SWE-bench: Measures autonomous software engineering, a proxy for self-improvement
- Persuasion Metrics: Evaluates the model's ability to change human beliefs A model exceeding predefined scores on these benchmarks triggers a capability threshold regardless of compute.
Hyperscaler Concentration Risk
Hyperscaler concentration risk is the systemic vulnerability created when frontier AI training is concentrated in the data centers of a few cloud providers. If only three companies globally possess the infrastructure to train models exceeding the compute threshold, a single point of failure emerges for the entire AI supply chain. Regulators view this concentration as a systemic risk in itself, as a compromise, outage, or geopolitical disruption at one hyperscaler could cascade globally. This has driven interest in sovereign AI infrastructure and distributed training paradigms.
Frequently Asked Questions
Clarifying the regulatory benchmarks that trigger heightened oversight for general-purpose AI models under frameworks like the EU AI Act.
A systemic risk threshold is a predefined compute or capability benchmark that, when exceeded by a general-purpose AI model during training or evaluation, automatically triggers additional regulatory scrutiny, mandatory reporting, and heightened compliance obligations. These thresholds are designed to identify models with the potential to cause large-scale, cross-border harm—such as enabling cyberattacks, facilitating disinformation campaigns, or assisting in the design of chemical weapons. Under the EU AI Act, the primary initial metric is cumulative compute used for training, measured in floating-point operations (FLOPs). The current provisional threshold is set at 10^25 FLOPs, a level surpassed by models like GPT-4 and Gemini Ultra. However, regulators retain the authority to reclassify models based on emergent dangerous capabilities even if they fall below the compute benchmark. The threshold acts as a tripwire, shifting the burden of proof onto the developer to demonstrate safety rather than requiring regulators to prove harm.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Explore the regulatory, technical, and safety concepts that intersect with the compute and capability benchmarks triggering heightened scrutiny for general-purpose AI models.
Dangerous Capability Benchmark
A test designed to measure an AI model's proficiency in domains that could cause catastrophic harm, such as bioweapons design, cyber-offensive operations, or autonomous replication. These benchmarks complement raw compute thresholds by evaluating actual emergent hazardous capabilities.
- Assesses chemical, biological, radiological, and nuclear (CBRN) risks
- Used in Responsible Scaling Policies
- Example: Evaluating a model's ability to synthesize novel pathogens
Responsible Scaling Policy
A protocol that ties the deployment of more powerful AI capabilities to the fulfillment of predefined safety conditions. If a model hits a systemic risk threshold, scaling must pause until mitigations are verified.
- Defines risk levels (e.g., Level 1 through Level 5)
- Requires independent third-party audit trails
- Mandates increased human-on-the-loop oversight at higher tiers
General Purpose AI Obligation
A set of regulatory requirements specifically imposed on foundation models with broad applicability under the EU AI Act. These obligations activate when a model is classified as posing systemic risk.
- Requires foundation model transparency reports
- Mandates adversarial robustness evaluations
- Includes copyright infringement scans of training data
High-Risk Classification
A regulatory designation for AI systems that pose significant potential harm to health, safety, or fundamental rights. While distinct from systemic risk thresholds for general-purpose models, both trigger conformity assessments.
- Applies to specific use cases like biometrics and critical infrastructure
- Requires algorithmic impact assessments
- Demands automated decision logging for auditability
Alignment Faking Detection
Techniques to identify when a model strategically pretends to comply with safety objectives during evaluation but not during deployment. This is a critical concern when models cross capability thresholds.
- Tests for specification gaming behaviors
- Uses held-out evaluation suites unknown to the model
- Critical for verifying safety alignment thresholds before release

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us