Key facts
- Location of your business does not exempt you — what matters is where the AI system is placed on the market or used.
- Covers non-EU providers whose systems are used in the EU, and non-EU deployers whose AI output is used in the EU.
- Similar in spirit to GDPR's extraterritorial reach, though the tests are not identical.
- UK businesses selling into the EU market are routinely in scope even without an EU office.
- Start with a free AI Act exposure check to see whether this applies to you.
Who is caught
Three groups are commonly caught by extraterritorial scope: providers outside the EU placing an AI system on the EU market or putting it into service there; providers and deployers outside the EU where the AI system's output is used in the EU; and importers or distributors making a non-EU provider's system available in the EU. A UK company selling AI-enabled software to EU customers, or using an AI system whose outputs affect people in the EU, typically falls into one of these groups.
What "output used in the EU" means in practice
This is broader than simply having EU customers. It can include AI-driven decisions, content, or scores that affect people located in the EU, even if the company running the system has no EU presence at all. The practical test is where the effects land, not where the servers or the company sit.
What this means for UK businesses
Brexit did not remove the EU AI Act from the picture for UK businesses. If you sell into the EU, serve EU customers, or your AI system's output affects people in the EU, you are likely in scope in the same way a domestic EU business would be — there is no general UK carve-out.
What to do about it
Map where your AI systems' users and affected individuals are located, not just where your company is registered. If any are in the EU, classify the relevant systems under the Act's risk tiers and treat the associated obligations as live, using the same process as an EU-based business would.
Frequently asked questions
Does the EU AI Act apply to UK companies?
Yes, where a UK company places an AI system on the EU market, puts it into service there, or its AI system's output is used in the EU.
Does having no EU office avoid the EU AI Act?
No — the Act applies based on where the AI system is placed on the market or its output is used, not where the provider is based.
Is the EU AI Act's reach similar to GDPR?
Similar in spirit — both reach beyond the EU based on effects on people in the EU — but the specific tests differ, so check both separately.
Who counts as a 'deployer' under the EU AI Act?
An organisation using an AI system under its own authority, as distinct from the 'provider' that built or placed it on the market.
What should UK businesses do first?
Map where your AI systems' users and affected individuals are located, then check the free EU AI Act exposure check.
Related pages
Sources
Last updated 19 June 2026.