EU AI Act · Extraterritorial Scope · US Companies

Does the EU AI Act
Apply to Your
US Company?

Short answer: probably yes. If your AI system produces outputs used by EU users, EU employees, or EU-based customers — the EU AI Act applies to you, regardless of where your company is headquartered.

No EU office required. No European employees required. The trigger is your AI's connection to the EU — not your company's location.

Free Risk Assessment → Contact Lexara See the 5 scope triggers ↓
EU AI Act Compliance Guide
Scope — US Companies High-Risk Systems Compliance Checklist Penalties & Fines Annex IV Docs Art. 71 Registration Aug 2026 Deadline AI Act vs GDPR AI Literacy EU Representative Free Assessment ↗
Article 2 — Territorial Scope

5 Ways Your US Company
Falls In Scope

Article 2 of the EU AI Act defines three categories of non-EU entities covered by the regulation. If any of these apply to your business, you have compliance obligations starting August 2, 2026.

01

You Sell AI Products to EU Customers

Any US software company whose AI product is accessible to EU companies or individuals — directly or through resellers — is a "provider placing a system on the EU market" under Article 2(1)(a).

In Scope
02

Your AI Outputs Affect EU Residents

A US company that never sells directly to EU customers but whose AI makes decisions affecting EU residents — a hiring algorithm screening EU applicants, a credit model processing EU borrowers — is covered. The trigger is effect, not intent.

In Scope
03

You Have EU Subsidiaries or Employees

If your company deploys AI systems from a place of establishment within the EU — even just an EU office or remote EU employees using your AI tools — you fall under deployer obligations.

In Scope
04

You Use EU Clients' Data in Your AI

US companies processing EU residents' personal data through AI systems — for profiling, scoring, or automated decision-making — are likely covered, especially in conjunction with GDPR obligations.

Likely In Scope
05

Your AI Vendor Has EU Clients

If you build AI-powered SaaS and your clients include EU companies, those clients' obligations flow back to you as provider. Increasingly, EU enterprise clients require AI Act conformity as a contract condition before signing.

Provider Risk
The Pattern You've Seen Before

It's GDPR for AI.
You Know How This Ends.

The EU AI Act follows the exact same extraterritorial design as GDPR. US companies that ignored GDPR paid the price. The AI Act penalties are higher.

GDPR taught US companies that EU regulation has global reach.

The EU AI Act is structurally identical to GDPR in one critical way: it applies based on where your AI's outputs are used, not where your company is located. The difference is that AI Act penalties exceed GDPR's — up to 7% of global turnover versus GDPR's 4%.

GDPR Processes EU personal data → applies globally
EU AI Act AI outputs affect EU users → applies globally
GDPR Max Fine €20M or 4% global turnover
<
AI Act Max Fine €35M or 7% global turnover
GDPR Rep. EU Representative required for non-EU companies
AI Act Rep. EU Authorized Representative required for high-risk
Risk Classification

What Risk Tier Is
Your AI System?

The EU AI Act uses a risk-based approach. The higher the risk, the heavier the compliance burden. Most US companies in scope fall into high-risk or limited-risk categories.

Unacceptable Risk — Banned

Prohibited Systems

Outright banned as of February 2025. No compliance path — these systems cannot be deployed in the EU.

Social scoring · Subliminal manipulation · Real-time biometric surveillance in public spaces
High Risk — Full Compliance

Annex III Systems

Heaviest obligations: technical documentation, conformity assessment, Article 71 registration, human oversight, post-market monitoring.

Hiring AI · Credit scoring · Biometric ID · Critical infrastructure · Education access · Law enforcement
Limited Risk — Transparency

Disclosure Obligations

Must inform users they are interacting with an AI system. AI-generated content must be labeled. Applies from August 2026.

Chatbots · Deepfakes · AI-generated text published as news · Emotion recognition
Minimal Risk — No Obligations

Voluntary Compliance

No mandatory requirements. The vast majority of AI applications fall here. Voluntary codes of conduct encouraged.

AI video games · Spam filters · AI writing assistants · Recommendation engines
What To Do Now

Your Action Plan
Before August 2026

With the deadline approaching, US companies need a structured compliance approach — not a rushed, last-minute scramble.

01

Scope Assessment

Determine whether the EU AI Act applies to your specific business model. Many US companies are in scope without knowing it.

02

AI Inventory

Map every AI system your company uses or develops. Include third-party tools you deploy — you are liable for what you use.

03

Risk Classification

Classify each system under the EU AI Act risk framework. High-risk classification triggers the full compliance burden.

04

Documentation

Produce Annex IV technical documentation for high-risk systems. This is where most companies stall — Lexara removes the bottleneck.

05

EU Representative

Non-EU providers of high-risk systems must appoint an EU Authorized Representative before placing systems on the EU market.

06

Registration

Register high-risk systems in the EU database under Article 71. Deadline: August 2, 2026. Start now — it takes 8-12 weeks.

⚠️ Already In Force — Enforcement Begins August 2026
EU AI Act · Article 4 · AI Literacy

AI Literacy Is Already Law.
Your Staff Must Comply.

Article 4 has been in force since February 2, 2025. National authorities begin enforcement on August 2, 2026. Non-compliance is an aggravating factor that increases penalties for any other EU AI Act violation. Lexara Advisory delivers tailored AI literacy programs for US companies. Read the full guide →

What Is Article 4

The AI Literacy Obligation

Article 4 requires providers and deployers of AI systems to ensure their staff have sufficient AI literacy — the knowledge and skills to understand how AI systems work, their capabilities and limitations, and the risks they pose. This is not optional training. It is a legal obligation with documented compliance requirements.

"Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff." — EU AI Act, Article 4
Who Must Comply
Providers
Companies that develop or place AI systems on the EU market — including US companies with EU customers
Deployers
Companies that use AI systems in their operations — including any US company with EU offices or EU-facing products
What Counts as "Sufficient" Literacy
Understanding AI system capabilities and limitations
Knowledge of risks and how to monitor them
Awareness of applicable obligations under the Act
Proportionate to the staff's role and the AI system's risk level
Documented — auditors will ask for evidence of training
Lexara Advisory — Tailored AI Literacy Programs: We design Article 4 compliance programs built around your specific AI systems and staff roles. Deliverables: role-based training matrix, sector-adapted content, competency assessments, and documented evidence package for regulatory audit. Full Article 4 guide →
Get AI Literacy Program →
Penalties for Non-Compliance Whichever amount is higher applies
€35M
or 7% global turnover
prohibited practices
€15M
or 3% global turnover
high-risk violations
€7.5M
or 1% global turnover
incorrect information
CRG
Constantin Razvan Gospodin
Founder & Legal AI Risk Manager · Lexara Advisory LLC · New York

European lawyer admitted to the Spanish Bar (ICATF nº 5961), based in New York City. With over 10 years of legal practice across EU jurisdictions, Razvan advises US companies on EU AI Act scope, classification, and compliance — uniquely positioned to bridge European legal expertise with the practical needs of American businesses. Author of Guilty Algorithm, a structured legal analysis of AI regulation in criminal justice and immigration law. IAPP AIGP candidate.

European Lawyer · Spanish Bar EU AI Act Specialist IAPP AIGP Candidate Author · Guilty Algorithm New York City

Find Out If You're
In Scope — Now

A scope assessment takes days, not months. Starting today gives you time to comply. Starting in June gives you an emergency.

Lexara Advisory — EU AI Act for US Companies

  • Extraterritorial scope assessment — are you in scope?
  • AI system inventory and Annex III risk classification
  • Annex IV technical documentation package
  • Article 4 AI literacy programs — tailored to your organization
  • EU Authorized Representative facilitation
  • Article 71 EU database registration
  • Ongoing compliance monitoring and updates
Contact Lexara Advisory →

Lexara Advisory LLC is an AI governance consulting firm, not a law firm.
This page provides general information — not legal advice.

Lexara AI Assistant

🤖 AI — not a human or lawyer

⚠️ AI Disclosure (EU AI Act · Art. 50): You are interacting with an automated AI system, not a human. For professional guidance contact Lexara Advisory directly.
Hello. I can help you determine whether the EU AI Act applies to your US company.

Tell me: does your company use AI, and do you have EU customers, EU employees, or EU-facing products?
Powered by Lexara Advisory LLC