Hael
Sign inRequest a demo
EU AI Act · Introduction

Who does the EU AI Act apply to?

Updated 30 June 2026 · 5 min read
Key takeaway
The EU AI Act applies to almost everyone in the AI supply chain: the organisations that build AI systems, the organisations that use them, and the organisations that import or distribute them in the EU. The Act calls these actors "operators" and gives each role its own set of obligations. It also reaches companies based outside the EU if their AI is placed on the EU market or used in the EU.
  • The Act regulates providers, deployers, importers and distributors, collectively "operators".
  • Providers carry the heaviest obligations; deployers, importers and distributors have lighter but real duties.
  • It has extraterritorial reach: non-EU companies are in scope if their AI is placed on the EU market or its output is used in the EU.
  • Your obligations depend on your role plus the risk tier of each system.
  • Current as of June 2026. This is general information, not legal advice.

The roles the Act regulates

The Act assigns obligations based on the role you play:

  • Provider: An organisation that develops an AI system (or has one developed) and places it on the market or puts it into service under its own name. Providers carry the heaviest obligations, especially for high-risk systems.
  • Deployer: An organisation that uses an AI system in the course of its activities. A bank using an AI tool to screen loan applications is a deployer. Deployers have obligations around human oversight, using systems as instructed, and monitoring.
  • Importer: An organisation established in the EU that places an AI system from a non-EU provider on the EU market. Importers must verify the provider has met its obligations.
  • Distributor: An organisation in the supply chain, other than the provider or importer, that makes an AI system available on the EU market.

One organisation can hold more than one role, and roles can shift. Notably, a deployer can become a provider in the eyes of the Act if it substantially modifies a high-risk system or puts its own name on it.

Extraterritorial reach

Like the GDPR, the EU AI Act applies beyond the EU's borders. Under Article 2, it applies to providers placing AI systems on the EU market or putting them into service in the EU regardless of where the provider is established, and to providers and deployers outside the EU where the output of the system is used in the EU. In practice this means a startup in the United States or the United Kingdom that sells an AI product to European customers is within scope.

Who is largely out of scope

Some uses fall outside the Act, including AI systems used purely for personal, non-professional activity, and (with conditions) AI developed and used solely for scientific research and development. National security and certain military uses are also treated separately. These carve-outs are narrow, so most commercial AI activity touching the EU is covered.

Why your role matters

Your obligations depend entirely on your role and the risk tier of your system. A provider of a high-risk system has to build a full compliance programme; a deployer of the same system has a lighter but real set of duties. Working out your role for each AI system you build or use is the practical starting point for any EU AI Act assessment.

Key terms

Operator
The Act's umbrella term for providers, deployers, importers, distributors, and authorised representatives.
Provider
The entity that develops or has an AI system developed and places it on the EU market under its own name.
Deployer
The entity using an AI system under its own authority in the course of its activities.
Importer
An EU-established entity that places an AI system from a non-EU provider on the EU market.
Distributor
An entity in the supply chain, other than the provider or importer, that makes an AI system available in the EU.
Extraterritorial reach
Application of the law beyond the EU's borders where the AI or its output is used in the Union.

References

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN