Why an EU Representative Is Required
The EU AI Act follows the same model as GDPR Article 27: non-EU entities subject to the regulation must have a designated contact point within the EU. For the AI Act, this is the EU Authorized Representative under Article 22.
The requirement applies specifically to providers of high-risk AI systems who don't have an establishment in the EU but place systems on the EU market or whose systems produce outputs used in the EU.
What the Representative Does
The EU Authorized Representative is not a passive mailbox. They have active responsibilities:
- Verify documentation — ensure the provider has prepared Annex IV technical documentation and completed the conformity assessment
- Maintain records — keep a copy of the Declaration of Conformity and technical documentation available for authorities
- Cooperate with authorities — respond to requests from market surveillance authorities and the AI Office
- Database registration — handle the Article 71 registration on behalf of the non-EU provider
- Terminate mandate — if the representative believes the provider acts contrary to its obligations, they must terminate the mandate and inform authorities
The appointment must be by written mandate. The mandate must specify the tasks, scope, and conditions under which the representative acts. An informal agreement or verbal arrangement does not satisfy the legal requirement.
Who Can Serve as Representative
The EU Authorized Representative must be a natural or legal person established in the EU. This can be:
- A specialized compliance firm offering EU representative services
- A law firm with an EU presence
- An EU-based subsidiary or affiliate of the provider
- An individual consultant with sufficient competence and resources
The representative must have sufficient knowledge, resources, and competence to fulfill the mandate's obligations.
How It Differs from GDPR Representative
If you already have a GDPR Article 27 representative, you have a similar structure — but the AI Act representative has broader active duties. The GDPR representative primarily receives communications. The AI Act representative must verify compliance documentation and can be held liable for certain obligations.
Some organizations will use the same entity for both roles; others may need separate appointments depending on the representative's AI-specific competence.
Lexara Advisory facilitates the EU Authorized Representative appointment for US companies. We connect you with qualified EU-based representatives, prepare the written mandate, and ensure the handoff of documentation and registration responsibilities is smooth. Start the process.