Story
On March 12, 2026, the European Commission published a draft implementing regulation (Reference: Ares(2026)2709234) describing — for the first time in full detail — how it will investigate and penalize General Purpose AI (GPAI) model providers under the EU AI Act (Regulation 2024/1689). The draft, open for public consultation until April 9, 2026, covers three enforcement pillars: (1) technical evaluations granting the Commission direct access to model code, weights, APIs, and hosting infrastructure — including the power to require providers to disable their own monitoring systems during audits; (2) strict independence rules for Commission-appointed external experts, including a 12-month lookback on prior relationships with the provider; and (3) interim measures allowing provisional market suspension before any formal decision is issued. Full Commission enforcement powers activate August 2, 2026 for new GPAI models and August 2, 2027 for pre-August 2025 models. Separately, Ireland's Data Protection Commission issued the first formal Article 11 documentation request on April 4, 2026 to a SaaS company operating an AI-powered candidate-screening tool — marking the first real-world enforcement signal and demonstrating that national regulators are now using the AI Office's assessment template. Additional April 2026 updates include expanded Article 5 guidance on subliminal techniques in recommender systems, GPAI Code of Practice v2.1 requiring standardized training data transparency templates for models above the 10^25 FLOP threshold, and an AI Office FAQ clarifying that fine-tuners may themselves qualify as GPAI providers if modifications substantially change the intended purpose or risk profile. ADVISORI reported the core details. AI News Desk noted additional context. Latham & Watkins added corroborating details.