Authorized Representative Under the EU AI Act: Requirements for Non-EU Providers

Intelligence Briefing

Intelligence Briefing: Authorized Representative Under the EU AI Act – Requirements for Non-EU Providers

1. What the Regulation Requires and Who It Applies To

Under the EU AI Act (Regulation (EU) 2024/1689), non-EU providers of AI systems must appoint an Authorized Representative (AR) if they place high-risk AI systems or GPAI models on the EU market (Article 22). The AR acts as a legal contact point for EU authorities, ensuring compliance with the Act’s obligations, including risk management, transparency, and post-market monitoring (Articles 8–15, 50, 52).

Key obligations for non-EU providers:

High-risk AI systems (Articles 8–15): Must comply with strict requirements, including risk management, data governance, technical documentation, and post-market monitoring. The AR ensures these are met.
General-Purpose AI (GPAI) models (AI Act: GPAI obligations): Providers must register in the EU database (Article 51) and ensure compliance with transparency and systemic risk obligations (if applicable).
Transparency obligations (Articles 50, 52): The AR must facilitate compliance with labeling, user information, and disclosure requirements.

The AR must be established in an EU Member State and have sufficient powers to enforce compliance (Article 22(3)).

2. Enforcement Precedents

As of the compliance deadlines outlined in the AI Act Implementation Timeline, enforcement actions for non-compliance with AR requirements are not yet documented in the provided sources. The EU AI Act mandates that enforcement will follow after the compliance deadlines (e.g., August 2025 for high-risk systems, August 2026 for GPAI). Until then, non-EU providers should prepare for potential audits by national authorities.

Note: The provided enforcement cases (e.g., GDPR fines in France, Germany, Luxembourg) are unrelated to the AI Act and do not apply to AR requirements.

3. Practical Compliance Steps

Non-EU providers should take the following steps to ensure compliance with the AR requirement:

Appoint an AR before market placement: The AR must be established in an EU Member State and have legal authority to act on behalf of the provider (Article 22(3)).
Ensure the AR has access to technical documentation: The AR must review risk assessments, data governance policies, and post-market monitoring plans for high-risk AI systems (Articles 9–15).
Register GPAI models in the EU database: Providers must submit compliance documentation via the AR (AI Act: GPAI obligations).
Implement transparency measures: The AR must ensure labeling, user information, and disclosure requirements are met (Articles 50, 52).
Monitor regulatory updates: The AI Act Implementation Timeline outlines key deadlines (e.g., August 2025 for high-risk systems), requiring providers to align compliance efforts accordingly.

4. Cross-Border Differences

While the EU AI Act is directly applicable across all Member States, enforcement may vary due to:

National authority interpretations: Some Member States may prioritize certain high-risk AI categories (e.g., biometric systems) over others.
GPAI compliance variations: Providers of GPAI models must monitor systemic risk obligations, which may be enforced differently by national regulators.
AR selection criteria: Some Member States may impose additional requirements on ARs (e.g., local establishment or industry-specific expertise).

Providers should consult national guidance (e.g., from national AI offices) to ensure alignment with local enforcement expectations.

Conclusion: Non-EU providers must appoint an AR to ensure compliance with the EU AI Act’s obligations for high-risk AI systems and GPAI models. While enforcement actions are pending, providers should act now to meet the August 2025/2026 deadlines.

Cross-Reference Intelligence

Article	Citations	Top Countries	Most Co-Cited
Article 22	51	IT (12), ES (8), AT (6)	GDPR Art. 13, GDPR Art. 15, GDPR Art. 25
Article 23	21	DE (7), AT (6), DK (2)	GDPR Art. 15, GDPR Art. 15(1), GDPR Art. 12
Article 24	338	IT (98), BE (63), NO (41)	GDPR Art. 5(2), GDPR Art. 13, GDPR Art. 32
Article 25	413	IT (123), PL (41), BE (41)	GDPR Art. 32, GDPR Art. 13, GDPR Art. 5(2)

Regulatory Framework

AI Act: General-Purpose AI (GPAI) models — obligations for providers

EU · ai_office · 2026-03-24 · aio-gpai

AI Act: General-Purpose AI (GPAI) models — obligations for providers Category: GPAI Type: guidance Source: https://digital-strategy.ec.europa.eu/en/po

AI Act: Implementation timeline — key dates for compliance

EU · ai_office · 2026-03-24 · aio-implementation-timeline

AI Act: Implementation timeline — key dates for compliance Category: Implementation Type: guidance Source: https://digital-strategy.ec.europa.eu/en/po

AI Act: Requirements for high-risk AI systems (Articles 8-15)

EU · ai_office · 2026-03-24 · aio-high-risk-requirements

AI Act: Requirements for high-risk AI systems (Articles 8-15) Category: High-Risk Requirements Type: guidance Source: https://digital-strategy.ec.euro

AI Act: Transparency obligations for AI systems (Articles 50, 52)

EU · ai_office · 2026-03-24 · aio-transparency

AI Act: Transparency obligations for AI systems (Articles 50, 52) Category: Transparency Type: guidance Source: https://digital-strategy.ec.europa.eu/

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence

EU · ai_office · 2026-03-24 · aio-ai-act-overview

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence Category: AI Act Type: legislation Source: https://eur-lex.europa.eu/eli/reg/2024/168

Enforcement & Case Law

ETid-2998: Company — FRANCE (€3,500,000)

FR cms_enforcement 2026-04-09

ETid-1398: Company — GERMANY (€525,000)

DE cms_enforcement 2026-04-09

ETid-896: Unknown — LUXEMBOURG (€18,000)

LU cms_enforcement 2026-04-09

ETid-920: Unknown — LUXEMBOURG (€15,400)

LU cms_enforcement 2026-04-09

ETid-753: Unknown — LUXEMBOURG (€15,000)

LU cms_enforcement 2026-04-09

ETid-895: Unknown — LUXEMBOURG (€13,200)

LU cms_enforcement 2026-04-09

ETid-3025: Data Controller — ITALY (€1,000)

IT cms_enforcement 2026-04-09

ETid-260: Representative of a local government — HUNGARY (€290)

HU cms_enforcement 2026-04-09

Cross-Regulatory Overlap

No relevant sources found for this query.

Sources (13)

AI Act: General-Purpose AI (GPAI) models — obligations for providers (ai_office, EU)
AI Act: Implementation timeline — key dates for compliance (ai_office, EU)
AI Act: Requirements for high-risk AI systems (Articles 8-15) (ai_office, EU)
AI Act: Transparency obligations for AI systems (Articles 50, 52) (ai_office, EU)
EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence (ai_office, EU)
ETid-920: Unknown — LUXEMBOURG (€15,400) (cms_enforcement, LU)
ETid-260: Representative of a local government — HUNGARY (€290) (cms_enforcement, HU)
ETid-1398: Company — GERMANY (€525,000) (cms_enforcement, DE)
ETid-895: Unknown — LUXEMBOURG (€13,200) (cms_enforcement, LU)
ETid-2998: Company — FRANCE (€3,500,000) (cms_enforcement, FR)
ETid-3025: Data Controller — ITALY (€1,000) (cms_enforcement, IT)
ETid-753: Unknown — LUXEMBOURG (€15,000) (cms_enforcement, LU)
ETid-896: Unknown — LUXEMBOURG (€18,000) (cms_enforcement, LU)

Authorized Representative Under the EU AI Act: Requirements for Non-EU Providers

1. What the Regulation Requires and Who It Applies To

2. Enforcement Precedents

3. Practical Compliance Steps

4. Cross-Border Differences

Search the full intelligence database