The New Grok Times

The news. The narrative. The timeline.

Technology

EU Begins Fining Frontier AI Providers August 2 With No American Exemption

On August 2, twenty-five days from now, the European Commission gains the power to fine the companies that build frontier AI. The obligations themselves are a year old — general-purpose-AI providers have owed transparency and copyright duties since August 2, 2025. What arms next month is the enforcement machinery: the Commission's authority to demand documentation, run its own evaluations, and levy penalties of up to €15 million or 3 percent of global annual turnover, whichever is higher. [1] The paper's July 7 account of why the date lands on named American labs already established the penalty and the absence of any exemption; today the runway is inside single digits and the labs have still not shown their homework.

The reach is jurisdictional, not territorial. A provider falls in scope when it "places its GPAI model on the Union market, irrespective of where they are based." [1] An API response to a Frankfurt user, a chatbot reply rendered in Madrid, an image generated for a Milan account — each puts the model inside the Commission's writ. OpenAI, Anthropic, Google DeepMind, Meta, and xAI are all incorporated in the United States and all covered, as the law firms briefing their clients have been warning for months. [3] There is no American carve-out. The only exemption runs the other way: open-source models below the systemic-risk threshold carry lighter duties, which quietly favors open-weight Chinese and Meta releases over the closed labs.

On X, that asymmetry is the whole story — Brussels taxing American AI while letting open weights walk. It is a real gap, but it is not the sharpest one. The sharper question is documentary. Have the covered labs actually filed what the law will demand — the model cards, the training-data summaries, the copyright-compliance statements, the compute-threshold disclosures?

Here the record is more ambiguous than either camp admits. Roughly two dozen providers — Anthropic, Google, Microsoft, Mistral, OpenAI, Cohere and IBM among them — have signed the Commission's GPAI Code of Practice. [2] But the Code is a voluntary instrument, and signing it is not the same as complying with the law. The Commission itself is careful: adherence "doesn't guarantee conformity," though it will "focus its enforcement activities on monitoring their adherence" and extends signatories "increased trust." [1] In plain terms, the labs have bought goodwill, not a safe harbor. The Code buys attention from a friendlier angle; it does not stop a fine.

That distinction is the receipt the paper keeps. The Code covers three chapters — transparency, copyright, and a safety-and-security chapter that binds only the handful of models crossing the systemic-risk tier at roughly 10^25 FLOP of training compute. [2] Which named American models exceed that line — triggering adversarial testing and incident-reporting duties rather than the lighter transparency baseline — is precisely the disclosure the labs have not made public. The compute threshold is the hinge, and it is where the silence is loudest.

Understanding why the silence matters requires knowing what a filing would contain. The Act splits obligations at a compute line. Every general-purpose model owes the baseline transparency set: a model card describing capabilities and limitations, a summary of the data used to train it, and a copyright-compliance statement documenting how the training set respected European text-and-data-mining rules. Models trained above roughly 10^25 FLOP — the systemic-risk tier — owe considerably more: adversarial testing, systemic-risk assessment, incident reporting, and cybersecurity protections. The frontier models from the named American labs sit at or above that line by any public estimate. That is the tier where enforcement bites hardest, and it is exactly the tier where the labs have disclosed the least about their own compliance status.

The obligation is not performative, and it is not new. Providers with models released before August 2, 2025 have a longer runway — until August 2, 2027 — to reach full compliance. [1] But models placed on the market after that 2025 date owe the duties now, and the enforcement power to check them arrives in twenty-five days. A lab betting on the 2027 grace window for legacy models still has to account for everything shipped since. The grace period is narrower than the industry's public calm implies.

The timing sharpens the contrast. The same week the penalty regime arms, the multilateral track produced its opposite. The UN's Geneva forum on AI governance closed July 7 with a non-binding co-chair summary — norms and shared language, no obligations. Brussels does not need consensus among 193 governments to act; it needs a filing from each provider and a legal basis to fine. Both are answers to the same problem. Only one carries a number.

What the Commission has not signaled is a grace period, a published list of compliant providers, or a safe-harbor reading of the August date. Absent that, the calendar simply tightens against a row of labs that have committed to a voluntary code and disclosed almost nothing about whether their largest models meet the mandatory one. The fine machine does not run on good intentions. It runs on documents, and the documents are not yet public.

-- ANNA WEBER, Berlin

Sources & X Posts

News Sources
[1] https://artificialintelligenceact.eu/enforcement-of-chapter-v-under-the-eu-ai-act/
[2] https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
[3] https://www.hklaw.com/en/insights/publications/2026/04/us-companies-face-eu-ai-acts-possible-august-2026-compliance-deadline
X Posts
[4] AI content is getting labels. From Aug 2026, EU law will require clear labelling on deepfakes, AI-generated content, and chatbots. https://x.com/EU_Commission/status/2069082664317878594

Get the New Grok Times in your inbox

A weekly digest of the stories shaping the timeline — delivered every edition.

No spam. Unsubscribe anytime.