Does the EU AI Act apply to US companies?
- The EU AI Act applies to US companies whose AI reaches the EU market or whose AI output is used in the EU.
- Scope is triggered by where AI is sold or used, not where the company is based.
- It mirrors GDPR's extraterritorial logic, often becoming a de facto global standard.
- For US vendors, EU AI Act readiness is increasingly a way to win European deals.
- Current as of June 2026. This is general information, not legal advice.
What triggers scope for a US company
Under Article 2, a US company is generally in scope if any of these is true:
- It places an AI system on the EU market, for example by selling an AI product to European customers.
- It puts an AI system into service in the EU, for example by operating one for an EU client.
- It is a provider or deployer outside the EU, but the output of its AI system is used in the EU.
That last trigger is broad. Even if you never sign an EU customer directly, if the results your AI produces are used by someone in the EU, you can be caught.
Why this mirrors GDPR
US companies learned the same lesson with GDPR: a European data-protection law reshaped global product and compliance practice because it applied to anyone handling EU residents' data. The EU AI Act follows the same logic for AI. For many US firms, EU requirements become the de facto global standard simply because it is easier to build one compliant product than two.
What US companies should do
The practical steps are the same as for any in-scope organisation. First, inventory your AI systems. Second, determine your role (provider or deployer) for each. Third, classify each system by risk tier, since the heavy obligations attach to high-risk and prohibited uses. A US vendor selling into European enterprises will increasingly be asked to evidence EU AI Act readiness during procurement, which makes readiness a commercial advantage, not only a legal requirement.
The deal-flow angle for US vendors
European enterprise buyers are already adding AI governance questions to their security and procurement reviews. For a US AI vendor, being able to answer those questions cleanly shortens the sales cycle and removes a blocker that can stall or kill a deal. Treating EU AI Act readiness as a sales enabler, rather than a box to tick, is the stronger position.
Key terms
- Extraterritorial
- Application of the law to entities outside the EU when their activity touches the Union.
- Non-EU provider
- A provider established outside the EU whose AI system reaches the EU market or whose output is used in the Union.
- EU market
- The market across the 27 Member States of the European Union.
- GDPR comparison
- The Act follows GDPR's pattern of binding non-EU companies when EU residents or markets are affected.