HomeUS Companies
EU AI Act · Extraterritorial Scope · Article 2

EU AI Act Registration for US Companies

The EU AI Act applies to providers regardless of whether they are established in the EU or in a third country, when the AI system is placed on the EU market or its output is used in the EU. For US companies, this means the same extraterritorial reach as the GDPR.

Article 2: Extraterritorial Scope

Article 2(1) of the EU AI Act applies to providers placing AI systems on the Union market or putting them into service in the Union, irrespective of whether those providers are established within the Union or in a third country. It also applies to providers and deployers when the output produced by the AI system is used in the Union.

This means a US company with no EU office, no EU employees, and no EU entity can still be fully within scope if its AI system's output affects people in the EU.

Common Triggers for US Companies

Hiring AI with EU Applicants or Employees

If your AI-powered hiring tool (resume screening, video interview analysis, candidate ranking) processes applications from EU-based candidates or evaluates EU-based employees, you are likely operating a high-risk AI system under Annex III, category 4. This is the single most common trigger for US companies.

Credit Scoring or Insurance AI with EU Customers

Fintech companies and insurtech providers that serve EU customers with AI-driven credit scoring, underwriting, or risk assessment fall under Annex III, category 5.

SaaS Products Used by EU Deployers

If you provide an AI system that an EU-based company deploys for high-risk purposes, you are the provider and the registration obligation falls on you. The EU deployer may also have separate obligations, but this does not remove yours.

Biometric Systems Available to EU Entities

Identity verification, facial recognition, or emotion recognition systems offered to EU-based customers trigger Annex III, category 1.

The GDPR Analogy

The EU AI Act's extraterritorial scope mirrors the GDPR's approach. When the GDPR took effect in 2018, many US companies initially assumed it did not apply to them. Enforcement actions — and contract requirements from EU business partners — quickly changed that assumption. The AI Act will follow the same trajectory.

Companies that treated GDPR compliance as a competitive advantage (rather than a burden) are now better positioned for AI Act compliance. The same opportunity exists today.

What US Companies Must Do Before August 2026

  1. Complete an AI system inventory and Annex III classification
  2. Prepare Annex IV technical documentation for each high-risk system
  3. Complete conformity assessment
  4. Appoint an EU Authorized Representative (Article 22)
  5. Register in the Article 71 EU database

Related Resources

August 2026 Deadline Timeline

Penalty Structure — fines apply to non-EU providers equally

Need Help With EU AI Act Registration?

Lexara Advisory guides US companies through every step — from classification to database submission.

Contact Lexara Advisory →

Lexara Advisory LLC is an AI governance consulting firm, not a law firm. This content is for informational purposes only and does not constitute legal advice.

Lexara AI Assistant

🤖 AI — not a human or lawyer

&9888;&xFE0F; AI Disclosure (EU AI Act · Art. 50): You are interacting with an automated AI system, not a human.
Hello. I can help you understand EU AI Act registration requirements. What type of AI system does your company use or develop?
Powered by Lexara Advisory LLC