SiteProof AI Blog

Does the EU AI Act Apply to US Companies? Yes — Here's Why

May 24, 20267 min read

Yes. The EU AI Act applies to US companies if their AI systems or outputs are used by people in the EU, regardless of where the company is located. Article 2(1) of Regulation (EU) 2024/1689 explicitly covers providers and deployers “established or located in a third country” if their AI output is used in the Union.

The Legal Basis — Article 2 of the EU AI Act

“This Regulation applies to providers placing on the market or putting into service AI systems or general-purpose AI models in the Union, irrespective of whether those providers are established or located within the Union or in a third country.”
“It also applies to providers and deployers of AI systems that have their place of establishment or are located in a third country, where the output produced by the AI system is used in the Union.”

This is the same “effects-based” approach used in GDPR. If a person in Germany visits your website and interacts with your AI chatbot, the EU AI Act applies to that interaction — regardless of whether your company is in Texas, California, or anywhere else.

What the EU Has Said About US Companies Specifically

The European Commission and the EU AI Office have publicly named major US technology companies as subject to the Act's obligations:

→Meta, Google, OpenAI, Anthropic, and Microsoft have all been publicly identified as subject to the EU AI Act's general-purpose AI model rules.

→Meta refused to sign the EU's voluntary AI Code of Practice in 2025. The Commission responded by reiterating that legal obligations and the enforcement timeline remain unchanged.

→The EU AI Office has issued public statements clarifying that non-EU companies must comply if their AI systems are accessible to EU users.

The message is consistent: location does not determine applicability. Market access does.

Does This Apply to Small Businesses Too?

Yes. The EU AI Act has no size threshold exemption for transparency obligations. What this means in practice:

•A small US e-commerce store with an AI chatbot accessible to EU customers must comply with Article 50

•A freelancer using AI-generated content on a website visited by EU users falls within scope

•A SaaS startup with EU users must meet transparency requirements

What Obligations Apply to a Typical US Business Website?

The table below maps common website features to their EU AI Act obligation. For a complete breakdown of AI disclosure requirements, see our disclosure scanner documentation.

Website Feature	Risk Classification	Obligation from Aug 2, 2026
Customer service chatbot	Limited risk	Disclose AI interaction to users
AI-generated product descriptions	Limited risk	Label as AI-generated if could mislead
FAQ bot (non-interactive)	Minimal risk	No specific obligation
AI-powered search	Limited risk	Disclosure if interacting directly with users
Internal AI tools	Minimal risk	No specific obligation

The August 2, 2026 Enforcement Date

After August 2, 2026:

⚠️EU member state regulators begin active enforcement

⚠️The EU AI Office has authority to act against general-purpose AI providers

⚠️Fines for transparency violations: up to €15 million or 3% of global annual turnover

How to Prepare Your US Website for EU AI Act Compliance

1Add chatbot disclosure — inform users they are interacting with AI before or at the start of every conversation

2Review AI-generated content — add labels where content could be mistaken for human-created material

3Update your privacy policy — include how AI systems process user data

4Create an AI policy page — document what AI systems your website uses and how

5Run a compliance scan — identify specific gaps across your website

Step 4 (Create or update your AI policy page) is easiest with our free AI policy page generator — it outputs a ready-to-publish policy in seconds.

For a more targeted breakdown of what the EU AI Act means for smaller organizations, see our small business EU AI Act guide.

Also see: AI content disclosure requirements.

Frequently Asked Questions

I'm a small US business. Is the EU AI Act really going to come after me?

While regulators prioritize large companies first, the EU AI Act applies to any organization — regardless of size — that offers services to EU users. SMEs have specific guidance from the EU Commission, but the legal obligations are the same. More importantly, the cost of compliance for limited-risk AI is low: it's primarily a disclosure and documentation exercise.

What is the legal basis for the EU AI Act applying to US companies?

Article 2(1)(c) of EU Regulation 2024/1689 states that the Act applies to 'providers and deployers of AI systems that are located in a third country, where the output produced by the AI system is used in the Union.' If EU users interact with AI features on your website, you are a 'deployer' under this definition.

If I block EU IP addresses, am I exempt?

Technically, blocking all EU traffic would remove the basis for jurisdiction. In practice, IP blocks are unreliable and can be circumvented. More importantly, blocking EU users means losing EU revenue. Most legal advisors recommend compliance over geo-blocking.

Does having no EU customers protect me?

If your website is publicly accessible and not geo-blocked, the EU considers it 'offered to EU users' even if you don't actively market to Europe. Regulators look at whether EU users could access your service — not whether you intended to serve them.

What's the maximum fine for non-compliance?

Under Article 99 of the EU AI Act, the maximum fines are: €35 million or 7% of global annual turnover for prohibited AI practices; €15 million or 3% for most transparency violations (Article 50); and €7.5 million or 1% for providing incorrect information to authorities. These are per-violation maxima.

Check Your Website Now — It's Free

Run a free EU AI Act compliance scan. No signup required.

Start Free Scan →