Hael
Sign inRequest a demo
EU AI Act · Introduction

Does the EU AI Act apply to US companies?

Updated 30 June 2026 · 5 min read
Key takeaway
Yes, the EU AI Act can apply to US companies. Like the GDPR before it, the Act has extraterritorial reach. A company based in the United States is covered if it places an AI system on the EU market, puts one into service in the EU, or if the output produced by its AI system is used in the EU. Where your headquarters sits does not determine whether the Act applies; where your AI is sold or used does.
  • The EU AI Act applies to US companies whose AI reaches the EU market or whose AI output is used in the EU.
  • Scope is triggered by where AI is sold or used, not where the company is based.
  • It mirrors GDPR's extraterritorial logic, often becoming a de facto global standard.
  • For US vendors, EU AI Act readiness is increasingly a way to win European deals.
  • Current as of June 2026. This is general information, not legal advice.

What triggers scope for a US company

Under Article 2, a US company is generally in scope if any of these is true:

  • It places an AI system on the EU market, for example by selling an AI product to European customers.
  • It puts an AI system into service in the EU, for example by operating one for an EU client.
  • It is a provider or deployer outside the EU, but the output of its AI system is used in the EU.

That last trigger is broad. Even if you never sign an EU customer directly, if the results your AI produces are used by someone in the EU, you can be caught.

Why this mirrors GDPR

US companies learned the same lesson with GDPR: a European data-protection law reshaped global product and compliance practice because it applied to anyone handling EU residents' data. The EU AI Act follows the same logic for AI. For many US firms, EU requirements become the de facto global standard simply because it is easier to build one compliant product than two.

What US companies should do

The practical steps are the same as for any in-scope organisation. First, inventory your AI systems. Second, determine your role (provider or deployer) for each. Third, classify each system by risk tier, since the heavy obligations attach to high-risk and prohibited uses. A US vendor selling into European enterprises will increasingly be asked to evidence EU AI Act readiness during procurement, which makes readiness a commercial advantage, not only a legal requirement.

The deal-flow angle for US vendors

European enterprise buyers are already adding AI governance questions to their security and procurement reviews. For a US AI vendor, being able to answer those questions cleanly shortens the sales cycle and removes a blocker that can stall or kill a deal. Treating EU AI Act readiness as a sales enabler, rather than a box to tick, is the stronger position.

Key terms

Extraterritorial
Application of the law to entities outside the EU when their activity touches the Union.
Non-EU provider
A provider established outside the EU whose AI system reaches the EU market or whose output is used in the Union.
EU market
The market across the 27 Member States of the European Union.
GDPR comparison
The Act follows GDPR's pattern of binding non-EU companies when EU residents or markets are affected.

References

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN