This Regulation applies to:
(a) providers placing on the market or putting into service AI systems in the Union, irrespective of whether those providers are established within the Union or in a third country; (Article 2)
This means that your company, even if it’s based outside of the European Economic Area (EEA), would still be subject to the EU AI Act if it plans to sell AI systems in the EU. The regulation applies to providers who want to sell or use their AI systems in the EU, regardless of where they are established.
In order to ensure a level playing field and an effective protection of rights and freedoms of individuals across the Union and on international level, the rules established by this Regulation should apply to providers of AI systems in a non-discriminatory manner, irrespective of whether they are established within the Union or in a third country, and to deployers of AI systems established within the Union. (Recital 10)
This quote from Recital 10 further corroborates the previous analysis. The AI Act is designed to apply universally — to both EU and non-EU providers — thus ensuring equal standards and protections regardless of the location of the company.
Prior to making their systems available on the Union market, providers established outside the Union shall, by written mandate, appoint an authorised representative which is established in the Union. (Article 25)
Article 25 stipulates that companies based outside the EU must appoint an authorized representative within the EU before they can introduce their AI systems to the EU market. This representative would be responsible for ensuring the provider’s compliance with the Act.
Before placing on the market or putting into service a high-risk AI system referred to in Article 6(2) the provider or, where applicable, the authorised representative shall register that system in the EU database referred to in Article 60, in accordance with Article 60(2); (Article 51)
This provision implies that apart from appointing a representative, certain obligations must be met if your company plans to introduce a high-risk AI system to the EU market. Specific systems must be registered in the relevant EU database prior to their introduction.
In conclusion, a company based outside of the EEA and wishing to place its AI systems on the EU market must comply with the EU AI Act. Compliance entails understanding the Act, appointing an authorized representative within the EU, and, in some cases, registering AI systems in the EU database.
This Regulation applies to: (a) providers placing on the market or putting into service AI systems in the Union, irrespective of whether those providers are established within the Union or in a third country; (Article 2)
Based on this provision from the AI Act, even if your company is based outside of the European Economic Area (EEA), it will still need to comply with this regulation if it intends on placing an AI system on the market within the EU. This requirement applies irrespective of where the provider is established.
‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or that has an AI system developed with a view to placing it on the market or putting it into service under its own name or trademark, whether for payment or free of charge; (Article 3)
Again, under this definition, your company would be considered a ‘provider’ of AI systems if it is developing an AI system with the goal of putting it on the market in the EU, or if it has such a system developed under its own name or trademark. This applies even if your company is offering its AI systems for free.
For high-risk AI systems listed in point 1 of Annex III, where, in demonstrating the compliance of a high-risk AI system with the requirements set out in Chapter 2 of this Title, the provider has applied harmonised standards referred to in Article 40, or, where applicable, common specifications referred to in Article 41, the provider shall opt for one of the following procedures; (a) the conformity assessment procedure based on internal control referred to in Annex VI; or (b) the conformity assessment procedure based on assessment of the quality management system and of the technical documentation, with the involvement of a notified body, referred to in Annex VII; (Article 43)
This article implies that if your AI systems are classified as High-Risk under Annex III, your company will be required to comply with the associated standards and requirements and demonstrate conformity through one of the procedures mentioned above. These procedures include a conformity assessment procedure based on internal control or a procedure involving a third-party assessment of your systems’ quality management and technical documentation. This implies a potential need to review and adjust your current quality management system, technical documentation practices, and potentially engage with a notified body for compliance assurance.
In order to ensure a level playing field and an effective protection of rights and freedoms of individuals across the Union and on international level, the rules established by this Regulation should apply to providers of AI systems in a non-discriminatory manner, irrespective of whether they are established within the Union or in a third country… (Recital 10)
The quote clearly indicates that the EU AI Act applies to all AI system providers regardless of where they are based. Consequently, your company, despite being based outside the EEA, will need to comply with the Act if you plan to sell your AI systems in the EU.
…and to deployers of AI systems established within the Union. (Recital 10)
Even when your AI systems are being deployed by entities established within the Union, they will have to comply with the Regulation. Therefore, it cannot be circumvented by having a third party within the EU deploy your systems. The obligations are ongoing, meaning compliance is required throughout the lifecycle of the AI system within the EU, regardless of where the provider is located.
In conclusion, based on the analyzed articles and recital, your company will indeed have to comply with the EU AI Act if you wish to sell your AI systems within the EU, and these compliance measures can involve substantial revisions to your product development, documentation, and assessment procedures, especially for high-risk AI systems.
This Regulation applies to: (a) providers placing on the market or putting into service AI systems in the Union, irrespective of whether those providers are established within the Union or in a third country; (c) providers and deployers of AI systems that have their place of establishment or who are located in a third country, where either Member State law applies by virtue of a public international law or the output produced by the system is intended to be used in the Union; (Article 2)
The provisions outlined in Article 2 of the EU AI Act suggest comprehensive coverage. As a provider of AI systems, your company is required to comply with this Act irrespective of your geographical establishment. This mandate applies since you’re aiming to place your AI systems on the Union market. Take special note of the clause that includes providers and deployers of AI systems stationed in a third country, implying that the legislation extends beyond the EU’s borders if the AI system output is meant for use in the Union.
‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or that has an AI system developed with a view to placing it on the market or putting it into service under its own name or trademark, whether for payment or free of charge; (Article 3 (2))
The language in Article 3(2) provides additional clarity about your company’s role. This definition lists a “provider” as any entity (person or organization) that produces an AI system with the aim to place it on the market or to provide its service, either for a fee or free of charge. This definition comprehensively covers your situation as a provider aiming to launch your AI system in the EU market.
In order to ensure a level playing field and an effective protection of rights and freedoms of individuals across the Union and on international level, the rules established by this Regulation should apply to providers of AI systems in a non-discriminatory manner, irrespective of whether they are established within the Union or in a third country, and to deployers of AI systems established within the Union. (Recital 10)
The rationale behind the broad scope of this legal framework becomes apparent from Recital 10. The goal extends beyond the local jurisdiction, aspiring to protect individuals’ rights and freedoms both within and outside the Union. Hence, irrespective of their place of establishment, all providers fall under this Act’s purview. Importantly, it specifies a nondiscriminatory application of these rules, ensuring a fair, leveled playing field.
In light of the excerpts from the EU AI Act and their interpretation above, it’s clear that the Act applies to your company. Even though your company operates outside of the EEA, you’re obligated to comply with the specifications of the EU AI Act when introducing your AI systems within the Union. It’s vital to consult a legal expert for further assistance while working towards compliance with these regulations.
This Regulation applies to:
(a) providers placing on the market or putting into service AI systems in the Union, irrespective of whether those providers are established within the Union or in a third country
(Article 2)
This part of Article 2 makes it clear that any provider that wants to market or put into service AI systems in the EU has to comply with the regulations, no matter where the provider is based. So, if your company is not based in the EEA but wants to sell AI systems in the EU, it still has to adhere to the AI Act.
In order to ensure a level playing field and an effective protection of rights and freedoms of individuals across the Union and on international level, the rules established by this Regulation should apply to providers of AI systems in a non-discriminatory manner, irrespective of whether they are established within the Union or in a third country, and to deployers of AI systems established within the Union. (Recital 10)
This Recital clearly states that the rules and regulations of the EU AI Act will apply to all providers of AI systems, irrespective of where they are based. Importantly, this includes providers based in a third country, outside the EEA. In other words, if you’re a company based outside the EEA and want to sell your AI systems in the EU, your company will indeed need to comply with the EU AI Act.
Prior to making their systems available on the Union market, providers established outside the Union shall, by written mandate, appoint an authorised representative which is established in the Union.
(Article 25)
This part of Article 25 specifies that before entering the market, your company would need to appoint an authorised representative based in the Union. This person would be responsible for per forming tasks outlined in the AI Act and ensuring that all legal requirements are fulfilled.
Therefore, prior to making their AI systems available in the Union, providers established outside the Union shall, by written mandate, appoint an authorised representative established in the Union. (Recital 56)
Moreover, according to Recital 56, companies based outside the EU aiming to sell their AI systems in the EU would need to take an additional step. This text states that such providers must appoint an authorised representative within the EU prior to making their AI systems available within the EU. This representative would be responsible for providing all the necessary information on the compliance of the AI system with EU AI Act.
The provider shall draw up a written machine readable, physical or electronic EU declaration of conformity for each high-risk AI system and keep it at the disposal of the national supervisory authority and the national competent authorities for 10 years after the AI high-risk system has been placed on the market or put into service. A copy of the EU declaration of conformity shall be submitted to the national supervisory authority and the relevant national competent authorities upon request.
(Article 48)
Finally, according to Article 48, your company would need to produce an EU declaration of conformity for each high-risk AI system that you intend to place on the market or put into service. This document would have to be kept available for ten years after the product enters the market and provided to the national supervisory authority and relevant national competent authorities on request.