AUTHORISED REPRESENTATIVE IN EU FOR NON-EU AI PROVIDERS

EU AI Act Authorised Representative

Non-EU providers of high-risk AI systems and general-purpose AI models must appoint an EU-established Authorised Representative before placing their products on the European market. eyreACT provides that representation, backed by regulatory lawyers who helped draft the law.

Who Is an Authorised Representative Under EU AI Act?

The Authorised Representative obligation under Articles 22 and 54 of EU AI Act is a market access condition. Providers without a properly mandated EU representative face fines of up to EUR 15,000,000 or 3% of global annual turnover, whichever is higher, and cannot lawfully operate in the EU market.

When Do You Must Comply?

The deadline for high-risk AI system providers is 2 August 2026. For GPAI model providers, obligations have already applied since 2 August 2025.

The Risks of Not Getting It Right

Non-compliance with the AI Act's representation requirements is not just a technical oversight regulators overlook. These are the four primary risks non-EU providers face.

  • Market access withdrawal

    No lawfully appointed EU representative means no lawful market access. Competent authorities can require withdrawal of the AI system or GPAI model from the EU market until a compliant representative is in place.

  • Fines of up to EUR 15,000,000

    Failure to comply with Article 22 obligations attracts administrative fines of up to EUR 15,000,000 or 3% of total worldwide annual turnover, whichever is higher. For undertakings with significant global revenue, the percentage threshold will exceed the fixed cap.

  • Regulatory investigation

    When a market surveillance authority or the AI Office opens an investigation, they address the authorised representative directly. Without one, the authority has no EU-based contact to engage, which accelerates enforcement action rather than creating space for dialogue.

  • No remedy for a past breach

    Appointing a representative after a system is already on the EU market does not cure the period of non-compliance. Regulators assess the breach from the date the obligation applied, meaning fines and corrective measures can relate to the entire unrepresented period.

Why This Matters Now

Retroactive appointment does not remedy a past breach

Appointing a representative after the deadline does not erase the period of non-compliance. Regulators assess liability from the date the obligation first applied.

High-risk AI deadline approaching

Providers of high-risk AI systems under Annex III must have a mandated EU representative in place before 2 August 2026, with no grace period after that date.

GPAI model providers already in scope

If your general-purpose AI model has been on the EU market since August 2025, the obligation to appoint an Authorised Representative applies now.

Fines apply per infringement

Each failure to comply is assessed separately. A provider operating multiple AI systems without representation faces cumulative exposure across each product.

Regulators are building enforcement capacity

The European AI Office and national market surveillance authorities are actively issuing guidance and preparing for enforcement, not waiting for the transition period to expire.

UK establishment does not qualify

Post-Brexit, a UK-based entity cannot serve as an EU Authorised Representative. Providers who have relied on UK legal counsel or a UK subsidiary to fulfil this role are not compliant.

Which Organisations Need This Service

Any third-country (USA, Canada, UK, China, MENA) provider whose AI system forms a safety component in an Annex I regulated product as well as:

    • Non-EU SaaS companies with AI features classified as high-risk under Annex III
    • US, Canadian, and Asian AI model providers distributing to EU customers
    • Providers of large language models and foundation models placed on the EU market
    • Medical device and diagnostic AI companies with EU market access
    • HR technology and recruitment AI platforms operating across EU member states
    • EdTech providers using AI for admissions, assessment, or student monitoring
    • Financial services AI providers subject to both the AI Act and sectoral regulation
    • Dual-use AI providers (drones etc) to comply with AI Act and custom frameworks

How eyreACT Delivers Authorised Representation

Most Authorised Representative services offer a named address and a filing cabinet. eyreACT operates differently because the role demands it. We offer regulatory-grade representation, built on the compliance infrastructure the role actually requires.

  • We are qualified to hold the mandate

    eyreACT is built by European regulatory lawyers. We understand what market surveillance authorities expect when they make a request, and we respond accordingly.

  • We verify, not just hold

    Our compliance engine reviews your technical documentation against the AI Act's requirements before we accept the mandate. We do not sign off on documentation we have not assessed.

  • We maintain audit-ready records

    All technical documentation within scope are held in eyreACT's secure compliance infrastructure for the full 10-year retention period, accessible to authorities on request.

The AI Act is a living framework. eyreACT tracks regulatory updates, Commission guidance, AI Office decisions, and harmonised standards as they are adopted, and notifies you when your documentation or system requires updating.

Start Before the Deadline

Appointment must precede market placement. Providers who have already placed systems on the EU market without a properly mandated representative should seek advice without delay. Book a consultation to let us assess your AI systems, confirm the applicable deadline, and issue a draft mandate within five working days.

Request a scoping call!