Does the EU AI Act Apply to US Companies? (2026)
One of the most common — and most expensive — misconceptions about the EU AI Act is that it only binds European companies. It doesn't. Like the GDPR before it, the Act reaches across borders: if people in the EU use your AI system, or its output is used there, you are in scope no matter where your company sits.
Why a US company can be in scope
Article 2 defines the Act's reach, and it is deliberately broad. You are covered if any of these is true:
- You place an AI system on the EU market or put it into service in the EU — regardless of where you are established.
- You are a provider or deployer whose AI system's output is used in the EU, even if the system itself runs elsewhere.
- You are a deployer established or located in the EU.
The second point is the one that catches US companies off guard: a model you run entirely on US infrastructure can still be in scope if its outputs are used by people in the EU.
What triggers scope in practice
Concrete examples of US companies pulled in:
- A US SaaS vendor selling an AI hiring tool to European employers — a high-risk system under Annex III.
- A US company whose chatbot or generative feature is available to EU users — transparency duties under Article 50.
- A US model provider whose foundation model is offered in the EU — GPAI obligations (Art. 53) since 2 August 2025.
Use the free risk checker to see which tier your system falls into, and read obligations by operator role to find whether you're a provider or a deployer.
What US companies should do now
- Inventory the AI systems you offer to, or whose outputs reach, the EU.
- Classify each one (prohibited / high-risk / limited / minimal) — see the complete guide and the Annex III high-risk list.
- Identify your role for each system (provider vs deployer).
- For high-risk systems, plan the conformity assessment and appoint an EU authorised representative.
- Track the deadlines — high-risk obligations apply from 2 August 2026.
Starting early matters: conformity work takes months, and enforcement penalties reach €35M or 7% of global turnover for the most serious breaches.
Frequently asked questions
Does the EU AI Act apply to US companies?
Yes, if your AI system is placed on the EU market or its output is used in the EU. The Act is extraterritorial under Article 2, so a US company can be in scope even with no EU establishment.
Do we need an EU representative?
If you're a non-EU provider of a high-risk AI system, yes — Article 22 requires you to appoint an EU-established authorised representative before placing it on the market. GPAI model providers have a similar duty under Article 54.
What if our AI only runs in the US?
Where the system runs is not the test. If its output is used by people in the EU, you can still be in scope. What matters is where the system or its output is placed on the market or used.
Free, no sign-up. Deterministic — not a chatbot.
Still have questions about how this applies to you? Talk to us — we're happy to help.