The question of whether and how the AI model LLama 3.1 by Meta may be commercially used in the EU is quite complex and requires a detailed analysis of the applicable legal framework. This article was created in collaboration with JBB Rechtsanwälte and summarizes the key legal aspects regarding copyright law and the new EU AI regulation, the AI Act. It outlines what companies must consider when using LLama 3.1.
What Does the Use of LLama 3.1 Entail?
LLama 3.1 is an AI model by Meta specialized in text processing tasks. Its applicable license, the Llama 3.1 Community License Agreement (https://www.llama.com/llama3_1/license/), appears to be open source but is not a “true” open-source license. It links license conditions to the number of concurrent users and includes usage restrictions through an Acceptable Use Policy.
The model can be operated locally, enabling AI-powered applications to run on private servers. However, companies intending to use LLama 3.1 face two central legal questions:
- Do EU or German copyright laws permit the model’s use?
- What requirements does the new EU AI Act impose, and what obligations arise from it?
The following provides an overview of these two aspects. It should be noted that, especially in copyright law, many issues remain highly debated in legal literature, with no established case law yet. Therefore, court decisions are unpredictable.
Copyright Issues Surrounding LLama 3.1 Use
Key Aspect: Copyright Compliance
When deploying AI models like LLama 3.1, copyright law is a significant factor. The legal framework aims to ensure that copyright-relevant actions (such as reproductions) are only undertaken if proper permissions from rights holders exist or if statutory exemptions (“copyright limitations”) apply. Since AI models are typically trained on vast datasets that may include protected content, the question arises whether using pre-trained models constitutes unauthorized reproduction of such content. This analysis excludes the contentious issue of whether training itself requires authorization, as it pertains to Meta rather than end users when no additional training or fine-tuning occurs.
Relevance of the Text and Data Mining Exception
Current legal interpretations suggest that copyright concerns mainly affect the training phase, not the application phase. The so-called text and data mining exception (Article 44b/60d of the German Copyright Act, UrhG) allows developers to reproduce protected content under certain conditions for text and data mining—an activity widely interpreted to include the training of generative AI models. However, this exception applies solely during the development phase of the model. Once a model, like LLama 3.1, is trained and used unchanged, this exception becomes irrelevant for end users, as additional reproductions of training data for text and data mining are usually unnecessary. At this stage, copyright concerns shift to reproducing the AI model itself.
Risk of Reproducing Protected Content via the Model
Another copyright issue involves the potential for AI models to reproduce protected content from their training data. If a model outputs training data in response to prompts, it could constitute copyright infringement by the user. Generally, however, AI models (except RAG models in specific cases) are not designed to reproduce training data verbatim. While targeted prompts could generate outputs closely resembling training data, this risk can be mitigated through filtering mechanisms that prevent such reproduction. This concern depends on the specific use case rather than LLama 3.1 itself.
Given the low likelihood of protected content being reconstructed, the risk of copyright infringement through these models is correspondingly low. Technical adjustments, such as strict monitoring and filtering of model outputs in sensitive applications, can further reduce this risk.
Risk of Distributing Training Data via the Model
Another debate concerns whether the model contains training data. Some argue that the ability to “restore” training data through specific prompts implies its inclusion. However, technically, models—especially language models—generate text based on learned statistical distributions and meaning spaces (“embeddings”). Unlike databases or hard drives, they do not store data for retrieval. Current views suggest that distributing AI models does not equate to distributing training data. RAG models are an exception, as they explicitly integrate pre-existing data for reproduction.
The EU AI Act and Its Requirements for Companies
The EU introduced a comprehensive regulatory framework for AI in 2024 with the AI Act, focusing on product safety in AI applications. The AI Act prohibits certain “unacceptable practices” and distinguishes between general-purpose AI models and high-risk AI systems. LLama 3.1 is categorized as a “general-purpose AI model” under the Act. These models are often integrated into AI systems, which may be classified as high-risk depending on their application.
Obligations for Providers and Deployers
Under the AI Act, the provider (primarily the developer/manufacturer) of an AI model bears responsibility for compliance. As the provider of LLama 3.1, Meta must fulfill obligations for general-purpose AI models per Articles 53 and following. These include providing information on model architectures and training methods. If LLama 3.1 is deemed a general-purpose AI model with systemic risks, additional obligations, such as cybersecurity and risk assessments, may apply.
For deployers (users) of a general-purpose AI model, the AI Act generally imposes no direct obligations. However, since these models are typically embedded into AI systems, the developers of such systems become “providers” of AI systems under the Act. Companies integrating LLama 3.1 into their products must meet specific requirements if their systems are classified as “high-risk AI systems.” Even for non-high-risk systems, transparency, and labeling requirements may apply.
Risk Categorization and Regulatory Compliance
Applications like diagnostic tools in healthcare could fall into the AI Act’s high-risk categories. Companies must assess whether their AI systems qualify as high-risk and comply with relevant requirements. Annexes I and III of the AI Act provide guidance for risk assessment.
Implementation Timeline for the AI Act
The AI Act officially took effect on August 1, 2024. General provisions for AI models apply from August 2, 2025, while stricter rules for high-risk AI systems come into force on August 2, 2026. This staggered timeline allows companies to prepare for compliance.
Conclusion: LLama 3.1 Use in the EU Possible with Specific Conditions
The use of LLama 3.1 in non-high-risk applications within the EU is generally lawful, subject to potential transparency requirements under the AI Act. Copyright concerns primarily relate to training and data processing by Meta rather than the deployment of pre-trained models.
The AI Act establishes clear obligations for deployers and operators of AI models and systems, especially for high-risk applications. Generative AI systems must meet specific transparency and labeling requirements. Companies can typically use LLama 3.1 for general purposes without concern, provided they adhere to AI Act transparency obligations and conduct timely risk analyses for high-risk applications.
