← Back to blog

Do US AI SaaS Companies Need to Comply with the EU AI Act?

2026-06-29·5 min read·US Companies, Extraterritorial, AI Act Basics

The short answer

If your AI system's output is used in the EU — even if your company, servers, and team are entirely in the US — the AI Act likely applies to you. Like GDPR, the AI Act has extraterritorial reach.

The actual scope test (Article 2)

The AI Act applies to:

  1. Providers placing AI systems on the market in the EU, regardless of where the provider is established.
  2. Providers and deployers in a third country where the output produced by the AI system is used in the EU.
  3. Importers and distributors of AI systems in the EU.
  4. Deployers of AI systems that have their place of establishment or are located within the EU.

Point 2 is the one US founders miss: you don't need EU offices, EU servers, or an EU entity. If EU-based users receive output from your AI system — a scored resume, a chatbot reply, a generated recommendation — you're in scope.

Common "we're US-only" scenarios that are actually in scope

What's genuinely out of scope

What compliance actually looks like for a US-based team

You don't need an EU subsidiary for most obligations. What you likely need:

  1. An EU representative (Article 22) if you're a non-EU provider placing a high-risk system on the EU market — this is a designated contact point in the EU, not a full legal entity.
  2. The same documentation obligations as an EU company — risk classification, technical file, human oversight, transparency disclosures — there's no "US company" carve-out on substance.
  3. A decision on whether to geofence EU users — some US companies choose to block EU signups entirely rather than build compliance. This is a legitimate business choice, but it needs to be a deliberate one, not a default.

The investor angle

US-based AI startups raising from EU-connected VCs, or selling into enterprise deals with EU counterparties, increasingly get AI Act questions in due diligence — independent of whether you have EU offices. "We're a US company" is not an answer that satisfies a diligence checklist anymore.

Bottom line

Being US-based does not exempt you. The relevant question isn't where you're incorporated — it's whether your AI system's output reaches EU users. If it does, scope the same way an EU company would.


Not sure where your product stands?

Run a free AI Act readiness scan. Get your risk score in 2 minutes.

→ Get your free risk score