The AI Act for non-EU companies: extraterritorial reach
Adopted 2026-06-22 ยท ≈ 2 min read ยท 
edited by Dirk Baaijen
The AI Act also applies to companies outside the EU if their AI system or its output is used in the Union. Non-EU providers often have to appoint an authorised representative in the EU.
Short answer: Being based outside the EU does not exempt you from the AI Act. The regulation has extraterritorial reach: as soon as your AI system is placed on the market in the Union or its output is used in the EU, the rules apply. That holds regardless of where your company, servers or developers sit.
When the AI Act reaches you
The AI Act looks at market reach, not place of establishment. You fall under it if you:
- place an AI system on the EU market or put it into service there;
- are established outside the EU, but the output of your system is used in the Union;
- as importer or distributor offer AI systems in the EU.
This "output" criterion is broad: a model running outside the EU but producing results used inside the EU can fall under the law.
The EU authorised representative
Non-EU providers of high-risk systems and certain models generally have to appoint an authorised representative in the Union. They act as the contact point for supervisors, keep documentation and share responsibility for compliance. Without a representative the system may, in many cases, not enter the EU market.
Parallel with the GDPR
Those familiar with the GDPR will recognise the pattern: it too has extraterritorial reach and an EU representative. Companies that already have GDPR representation can reuse that experience โ though the roles are not legally identical. See also the broader state of AI regulation.
Obligations stay the same
Extraterritorial reach does not mean "lighter" rules. A non-EU provider of a high-risk system must meet the same requirements as an EU provider: risk management, documentation, logging, human oversight. See the high-risk obligations overview.
What to do
- Determine whether your AI system or its output reaches the EU market.
- Establish your role (provider, importer, distributor or deployer).
- Appoint an EU authorised representative where required for high-risk systems.
- Meet the substantive obligations via the AI Act roadmap.
- Avoid the common AI Act mistakes, such as assuming the rules don't apply to you.
The question is not where you are based, but whether your AI reaches the European market. If it does, you are simply a party to it.
Sources
- https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Regulation (EU) 2024/1689 (AI Act): scope also covers providers outside the EU where output is used in the Union. - https://artificialintelligenceact.eu/article/2/
Article 2 AI Act: territorial scope, including providers and deployers outside the EU.
Read next
The EU declaration of conformity under the AI Act (Article 47)
The EU declaration of conformity is the written statement by which the provider itself confirms that a high-risk AI system meets the AI Act. Article 47 sets out its content, language and retention; the provider bears full responsibility for it.
The authorised representative for non-EU providers (Article 22)
A provider established outside the EU must appoint a written authorised representative in the Union before placing a high-risk AI system on the market. Article 22 makes that person the European point of contact for authorities, with its own duties and power to end the mandate.
What does AI Act compliance cost?
The cost of AI Act compliance depends mainly on your risk class, role and number of AI systems. The law requires proportionality, so most organisations with low-risk AI face limited costs.