Foundation Model

the model that was trained on the whole internet and now everyone builds apps on top of it. when it breaks, everything breaks. see also: single point of failure.

"OpenAI updated the model on a tuesday. by wednesday, three of our products were broken. nobody told us. the API endpoint didn’t change. the behaviour did."
"we built our entire product on one foundation model. then the vendor raised prices 40%. we have no fallback. they know we have no fallback."
"the EU calls them ‘general-purpose AI models.’ the industry calls them ‘foundation models.’ my compliance team calls them ‘the thing we have no control over but are legally responsible for.’"
Share this one
Canonical Definition

A model trained on broad data at scale, adaptable to downstream tasks. The EU AI Act uses “general-purpose AI model” (Art. 3(63)); “foundation model” is widely used but non-legislative. Regulated under Art. 51–56. Foundation models are the infrastructure layer of the AI economy — a small number of models from a small number of providers, on which thousands of downstream applications depend. Their governance is not optional. It is systemic.

Why It Matters

Foundation models represent the most significant concentration risk in the history of enterprise technology. A handful of models — GPT-4, Claude, Gemini, Llama — from a handful of providers underpin thousands of applications across every industry. When one of these models changes behaviour, degrades in quality, or experiences an outage, every downstream system is affected simultaneously. This is not a vendor dependency problem. It is an infrastructure dependency problem, analogous to the internet backbone or the global financial payments system.

The EU AI Act recognised this systemic risk by creating a dedicated regulatory framework for general-purpose AI models (Art. 51–56). All GPAI model providers must comply with transparency obligations: technical documentation, copyright law compliance, and a sufficiently detailed summary of training data content. Models classified as posing “systemic risk” — currently defined by a 10^25 FLOPs training compute threshold — face additional obligations including adversarial testing, incident tracking and reporting, cybersecurity protections, and energy consumption disclosure.

For enterprises, the challenge is that you are legally responsible for systems built on foundation models, but you have limited visibility into and no control over the foundation model itself. Your vendor can change the model version, modify safety filters, adjust pricing, or deprecate the model entirely. Your governance framework must account for this dependency without relying on the assumption that the vendor’s governance is sufficient.

The Stress Test

Your organisation has built seven production applications on a single foundation model provider’s API. The provider announces a model deprecation with 90 days notice. Three of your applications require the deprecated model’s specific capabilities for accuracy. Your evaluation tests show the replacement model performs 12% worse on your domain-specific benchmarks. Your contracts with customers guarantee a performance SLA based on the deprecated model’s outputs.

You have 90 days to migrate seven systems, re-evaluate all performance benchmarks, update all governance documentation, retrain your users, and renegotiate customer SLAs — or find an alternative provider, port your RAG pipelines, re-embed your vector databases, and re-evaluate everything from scratch. Your AI strategy was built on a single foundation model. Your business continuity plan did not include a foundation model exit strategy. Most do not.

In the Wild

Industry — GPT-4 Behaviour Changes, 2023–2025
The Model Changed. Nobody Was Told.

Researchers at Stanford and UC Berkeley documented measurable performance changes in GPT-4 across successive updates. A study comparing GPT-4’s March 2023 and June 2023 versions found dramatic shifts: accuracy on certain mathematical reasoning tasks dropped from 97.6% to 2.4%. Code generation that previously passed tests began failing. The API endpoint did not change. The model name did not change. The behaviour changed substantially.

Enterprises that had validated their applications against the earlier model version discovered that their evaluation results no longer reflected production behaviour. Compliance documentation referencing the model’s tested capabilities was no longer accurate. The vendor had made no commitment to behavioural stability across versions.

You validated your application against a model that no longer exists behind the same API. Your governance documentation describes a system that is not the system running in production. The vendor changed the foundation. Your house is still standing. For now.

Regulatory — GPAI Code of Practice, 2025
The EU Writes the Rules for Foundation Model Providers

The EU AI Office published the GPAI Code of Practice, providing implementation guidance for foundation model providers’ obligations under Art. 51–56. The Code covers: transparency requirements (technical documentation format and content), safety evaluation (adversarial testing methodologies), incident reporting (what constitutes a “serious incident” at the model level), and downstream information (what model providers must share with system deployers to enable compliance).

The Code of Practice established a critical principle: foundation model providers have an obligation to provide downstream deployers with sufficient information to conduct their own risk assessments. This includes model capabilities and limitations, known failure modes, safety evaluation results, and information about training data composition. Providers who fail to supply this information create a governance gap for every deployer downstream.

The EU said: if you build the foundation, you are responsible for telling everyone standing on it what it is made of. The GPAI Code of Practice is the construction manual for the infrastructure layer.

Strategy — Foundation Model Concentration Risk, 2024
Four Providers, Ten Thousand Applications

Analysis by multiple research institutions documented the extreme concentration of the foundation model market. As of 2024, over 90% of commercial LLM-based applications were built on models from four providers: OpenAI, Anthropic, Google, and Meta. This concentration means a single provider outage, pricing change, or policy shift can affect thousands of enterprises simultaneously.

Several documented incidents illustrated the risk: a multi-hour OpenAI outage in November 2023 disrupted enterprises globally; pricing changes led to immediate architectural rethinking at multiple organisations; and terms of service updates regarding training data usage triggered legal reviews across entire customer bases. No traditional enterprise software vendor has ever achieved this level of simultaneous dependency.

The AI economy is built on four foundations. Traditional vendor risk management assumes you can switch providers. In AI, switching providers means re-engineering your applications, re-evaluating your benchmarks, re-training your users, and re-documenting your governance. This is not vendor lock-in. It is architectural dependency.

How to Govern It

You cannot control the foundation model. You can govern your dependency on it.

Within the AI Control Index, foundation model governance spans multiple layers and shields:

  • Supply Chain (S3) — The primary control layer. Foundation model dependency requires: vendor due diligence (provider’s EU AI Act compliance status, GPAI Code of Practice adherence), contractual provisions (version change notification, performance stability commitments, exit terms), and multi-provider strategy (portability assessment, fallback provider evaluation, abstraction layers).
  • AI Engineering (L5) — Continuous evaluation against foundation model version changes. When the vendor updates the model, your evaluation pipeline must re-run automatically. Model-agnostic evaluation benchmarks that test your application’s requirements, not the model’s general capabilities.
  • GRC (S1) — AI Actor Classification: your role relative to the foundation model provider (deployer, downstream provider, or re-provider if you fine-tune). Evidence Factory captures vendor due diligence, evaluation results, and classification decisions as governance artifacts.
  • Observability (S4) — Runtime monitoring for model behaviour changes: output quality metrics, response pattern analysis, and anomaly detection that flags when the model behind the API behaves differently from the validated version.
  • Applications & Agents (L4) — Abstraction layers between your application and the foundation model. Provider-agnostic interfaces that allow model switching without application re-engineering. Circuit breakers that activate when model behaviour deviates beyond acceptable bounds.

When It’s Relevant

Every organisation that uses, integrates, fine-tunes, or depends on a foundation model — whether through direct API access, embedded in a third-party product, or through open-source model deployment. Foundation model governance is not limited to organisations that interact with the provider directly; it extends to anyone in the dependency chain.

Foundation model governance is critical when:

  • Your business-critical applications depend on a single foundation model provider
  • You need to comply with the EU AI Act and must understand your role relative to the GPAI model provider
  • Your vendor has a history of silent model updates that affect downstream behaviour
  • You are building a multi-year AI strategy and need to assess concentration risk
  • You fine-tune a foundation model and need to determine whether this changes your regulatory classification

See this control in the framework. Foundation model governance is operationalised across S3, L5, S1, S4, and L4 in the AI Control Index v6.0.

Open Framework →

Related Terms

References

  1. [1] Bommasani, R., Hudson, D.A., Adeli, E., et al. (2021) ‘On the Opportunities and Risks of Foundation Models’, arXiv preprint, arXiv:2108.07258. Stanford Center for Research on Foundation Models (CRFM). Available at: arxiv.org/abs/2108.07258.
  2. [2] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act), Articles 3(63), 51–56: Obligations for providers of general-purpose AI models. Official Journal of the European Union.
  3. [3] EU AI Office (2025) General-Purpose AI Code of Practice. European Commission. Available at: digital-strategy.ec.europa.eu/en/policies/ai-code-practice.
  4. [4] Chen, L., Zaharia, M. and Zou, J. (2023) ‘How Is ChatGPT’s Behavior Changing over Time?’, arXiv preprint, arXiv:2307.09009. Available at: arxiv.org/abs/2307.09009.
  5. [5] NIST (2024) Artificial Intelligence Risk Management Framework: Generative AI Profile (AI 600-1). National Institute of Standards and Technology, U.S. Department of Commerce.
  6. [6] Liang, P., Bommasani, R., Lee, T., Tsipras, D., Soylu, D., et al. (2023) ‘Holistic Evaluation of Language Models’, Transactions on Machine Learning Research.
  7. [7] The White House (2023) Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110). Sections on dual-use foundation models. Washington, D.C.

AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens