Does the EU AI Act apply to my company?
- You are likely in scope if you build or use an AI system that reaches the EU market, even from outside the EU.
- The Act's broad definition of "AI system" covers most machine-learning and generative products.
- Being in scope is step one; your real obligations depend on the risk tier of each system.
- If you sell AI into the EU or make automated decisions about people there, assume scope and classify.
- Current as of June 2026. This is general information, not legal advice.
Question 1: Do you build or use an "AI system"?
The Act defines an AI system broadly: a machine-based system that, for explicit or implicit objectives, infers from inputs how to generate outputs such as predictions, content, recommendations, or decisions. Most machine-learning products, scoring models, recommendation engines, and generative AI tools fall within this definition. Simple, fully deterministic software with no learning or inference generally does not.
Question 2: Does your AI reach the EU?
You are likely in scope if any of the following is true:
- You place an AI system on the EU market or put it into service in the EU.
- You are established in the EU and use an AI system.
- You are outside the EU, but the output of your AI system is used in the EU.
This is the extraterritorial reach of the Act. A company headquartered outside the EU that has EU customers, EU users, or produces output used in the EU is generally covered.
Question 3: What is your role?
Your obligations differ depending on whether you are a provider (you build and place the system on the market), a deployer (you use it), or an importer or distributor. You can hold more than one role across different systems.
Then: how risky is your AI?
Being in scope does not mean every obligation applies. The Act's weight falls on high-risk systems (used in areas such as hiring, credit, biometrics, education, and critical infrastructure) and on prohibited uses. If your AI is limited risk, such as a customer-facing chatbot, your main duty is transparency. If it is minimal risk, there are no specific obligations. So the practical sequence is: confirm you are in scope, then classify each system to find your real obligations.
A quick self-check
If you sell an AI product to European customers, automate decisions about people in the EU, or deploy AI inside an EU operation, assume you are in scope and move to classification. If you are unsure, a structured readiness check will map your systems against the Act far faster than reading the regulation cold.
Key terms
- AI system
- A machine-based system that infers from inputs to generate predictions, content, recommendations or decisions.
- In scope
- Subject to the Act because your role and the location of your AI or its output trigger application.
- EU market
- Placing an AI system on the market or putting it into service anywhere in the European Union.
- Provider
- The entity that builds an AI system and places it on the market under its own name.
- Deployer
- The entity that uses an AI system in the course of its activities.