EU AI Act for US Companies: Extraterritorial Compliance Guide
The EU AI Act applies to you if your AI affects EU citizens — even if your company has zero EU presence. This guide explains the extraterritorial scope, EU representative requirements, and the practical compliance path for US-headquartered businesses.
EU AI Act for US Companies: Extraterritorial Compliance Guide
The EU AI Act applies to you if your AI affects EU citizens — even if your company has zero EU presence. This guide explains the extraterritorial scope, EU representative requirements, and the practical compliance path for US-headquartered businesses.
Last updated: July 4, 2026
Does the EU AI Act Apply to Your US Company?
Yes, in any of these scenarios:
- You place an AI system on the EU market (sell, license, or make available to EU customers)
- You provide an AI system whose output is used in the EU
- You deploy an AI system within the EU, regardless of where the system is hosted
- You are a US-based provider whose model is integrated into a downstream EU product
Cloud-hosted SaaS counts. Web-based AI tools accessible to EU users count. There is no de minimis threshold for EU exposure.
EU Representative Requirement
Article 22 requires non-EU providers to appoint an authorized representative:
Non-EU providers of high-risk AI systems must designate an EU-established authorized representative before placing the system on the EU market. The representative is the point of contact for EU regulators and must hold the technical documentation.
What US Companies Must Do
A practical compliance roadmap for US-headquartered organizations:
- Inventory AI systems with any EU exposure
- Classify each under Article 6 / Annex III
- Implement Article 9–14 controls for high-risk systems
- Designate an EU representative if you're a non-EU provider of high-risk AI
- Complete conformity assessment and CE marking
- Register in the EU AI database
- Decide which authority is your lead supervisor (typically the country of your EU representative)
Interaction with US Frameworks
US companies can leverage existing compliance programs:
- NIST AI RMF aligns well with Article 9 risk management and is a useful crosswalk
- NYC LL144 (HR AI bias audits) overlaps with Annex III employment-AI obligations
- State laws (CO AI Act, CT, IL) are converging on a similar risk-based model — a single internal program can serve multiple jurisdictions
- SOC 2 / ISO 27001 are not substitutes for AI Act conformity but the controls ladder up cleanly
How AIAgentree helps
For US-headquartered teams whose agents touch the EU, AIAgentree produces the decision-level evidence an EU representative or regulator can inspect — without EU-based infrastructure of your own.
- EU data residency in Germany keeps your agent decision records inside the EU, which simplifies the documentation your authorized representative must hold under Article 22
- Tamper-evident decision records with human-oversight and approval workflows give you Article 12/13/14-style evidence that maps cleanly onto the NIST AI RMF program you likely already run
- Python and TypeScript SDKs over REST, MCP, A2A, and OpenTelemetry, plus precedent search and audit-fit retention, let a US engineering team instrument agents once and satisfy EU inspection later
Continue exploring the EU AI Act guide
EU AI Act Compliance Guide
The complete guide to EU AI Act compliance for AI agents — start here.
Article 12 — Record-Keeping & Logging
What every high-risk AI system must log, and how to capture it.
Article 14 — Human Oversight
Designing effective human-in-the-loop controls for AI decisions.
Annex III — High-Risk AI Systems
Which AI use cases the Act classifies as high-risk.
EU AI Act Compliance Checklist
A step-by-step checklist to reach and document compliance.
Compliance Cost Calculator
Estimate your EU AI Act compliance effort and cost.
Deadlines & Timeline
Key enforcement dates, including the August 2, 2026 deadline.
Fines & Penalties
Penalty tiers up to €35M or 7% of global annual turnover.
Transparency Obligations (Art. 13 & 50)
Disclosure duties for AI systems and their outputs.
Risk Management & Conformity Assessment
Build a risk management system and assess conformity.
GPAI Obligations
Rules for providers of general-purpose AI models.
Omnibus Update
The latest changes to the EU AI Act timeline and rules.
Penalty Calculator
Estimate your maximum fine under the Article 99 tiers.
Article 11 + Annex IV
What technical documentation the EU AI Act requires.
Article 26: Deployer Obligations
What deployers of high-risk AI must do, including log retention.
Article 17: Quality Management
The QMS providers of high-risk AI must document.
Article 10: Data Governance
Data quality, bias mitigation, and governance duties.
Article 4: AI Literacy
The staff AI-literacy duty in force since February 2025.
Deployer vs Provider
Who bears which obligation — and when a deployer becomes a provider.
FRIA (Article 27)
Who must run a Fundamental Rights Impact Assessment, and how.
Who Does It Apply To?
Scope, operators, and the extraterritorial reach of the EU AI Act.
Post-Market Monitoring
Articles 72–73: ongoing monitoring and incident reporting.
ISO 42001 vs EU AI Act
How the voluntary standard and the binding law fit together.
NIST AI RMF vs EU AI Act
A practical crosswalk between the framework and the law.
EU AI Act for Healthcare
High-risk medical AI, MDR/IVDR interplay, and clinician oversight.
EU AI Act for Financial Services
Credit scoring, insurance pricing, and existing financial regulation.
EU AI Act for HR & Employment
Hiring AI as high-risk, plus NYC LL144 and EEOC overlap.