Does the EU AI Act Apply to US Companies?

This is one of the most common questions from US-based founders right now: my company is incorporated in the US, my servers are in the US, but some of my users are in Europe. Does the EU AI Act apply to me?

The answer is yes — and it applies more broadly than most US founders expect.

The extraterritorial reach of the EU AI Act

The EU AI Act applies to any AI system that is placed on the EU market or put into service in the EU — regardless of where the provider is established. Article 2 makes this explicit. If your AI system is used by people in EU member states, you are in scope. Your company's country of incorporation is irrelevant.

This is the same approach the EU took with GDPR, which has been enforced against US companies for years. The EU AI Act follows the same extraterritorial logic: if you benefit from the EU market, you follow EU rules.

What counts as "placing on the EU market"?

You don't need a EU office, a EU entity, or EU servers. You are placing your AI system on the EU market if:

• EU residents can sign up for your product
• Your product is accessible from EU countries and you don't actively block EU access
• You market your product to EU customers
• You have EU-based customers paying for your product

If any of these apply, you are in scope. A US SaaS with a handful of EU customers is in scope. A US startup whose product is available globally is in scope.

Do I need a EU representative?

Providers of high-risk AI systems that are not established in the EU must designate an authorised representative in the EU. This is a person or company based in the EU who can act on your behalf with regulators and take responsibility for your compliance obligations in the EU market.

This requirement only applies to high-risk AI systems. If your system is limited or minimal risk, you do not need a EU representative — though you still need to comply with applicable obligations (like Article 50 transparency requirements for chatbots).

What if I just block EU users?

Technically, geo-blocking EU users would take you out of scope. Practically, this means giving up the entire EU market — roughly 450 million potential users. For most US startups, that's not a viable business decision, especially when the compliance cost for limited and minimal risk systems is low.

The practical reality for most US SaaS companies

Most US SaaS products with AI features will fall into one of two categories:

• Limited risk — chatbots, AI assistants, content generation tools. Obligation: disclose to users they are interacting with AI. This is a few lines of UI copy. Cost: minimal.
• Minimal risk — recommendation engines, personalisation, search, spam filtering. Obligation: none. Voluntary codes of conduct encouraged but not required.

The heavy compliance stack — technical documentation, risk management plans, conformity assessments — only applies to high-risk systems. Most US SaaS products are not high-risk unless they operate in the specific Annex III domains (employment decisions, credit scoring, educational access, etc.).

Step one: find out where you actually stand

The most important thing a US company can do right now is classify its AI systems. Until you know your risk tier, you can't scope the work or understand your actual exposure. ActReady's free classifier takes 60 seconds and requires no account — it will tell you exactly where your systems sit and what obligations apply to you as a non-EU provider.

The August 2, 2026 deadline

The main enforcement date for high-risk AI system requirements is August 2, 2026. This is when national market surveillance authorities across EU member states can begin enforcement action. Non-compliant high-risk AI systems can be ordered off the EU market and providers fined up to €15 million or 3% of global annual revenue.

For US companies: being based in the US does not insulate you from these fines. EU authorities can and do pursue non-EU companies. More practically, if you have EU enterprise customers, those customers will ask about your compliance status — and non-compliance becomes a sales problem long before it becomes a legal one.