EU AI Act Compliance: What US Firms Need to Know

What the EU AI Act is, in one sentence

The EU AI Act is the world’s first comprehensive horizontal regulation of artificial intelligence — a risk-tiered framework that imposes binding obligations on providers and deployers of AI systems based on the system’s intended purpose, with extraterritorial scope that reaches well-prepared US firms whether they realize it or not.

The Act entered into force on August 1, 2024. Its provisions are phased in through August 2027. Penalties top out at €35 million or 7% of global annual turnover — higher than GDPR.

Why it matters more than most US firms realize

Most US mid-market companies still treat the EU AI Act as a European regulatory problem. That treatment is wrong on three fronts:

  1. The Act has explicit extraterritorial reach. It applies if your AI system’s output is used in the EU, even if your company has no EU establishment. A US healthcare analytics firm whose model produces outputs consumed by an EU clinical research partner is in scope. A US recruiting platform whose AI scoring affects an EU candidate is in scope.
  2. The compliance posture takes 12-18 months to build, not 12-18 weeks. Conformity assessments, technical documentation, post-market monitoring systems, fundamental rights impact assessments — these are program-level engineering, not policy-level paperwork.
  3. The Act layers onto, rather than replaces, your existing regulatory exposure. GDPR, sector-specific frameworks (HIPAA, GLBA, MDR), and US state AI laws (Colorado, California, Illinois) all continue to apply in parallel. Compliance design has to satisfy all of them simultaneously.

    4. The risk-tier framework

    The Act categorizes AI systems into four tiers, each with distinct obligations.

    Tier 1 — Unacceptable risk (banned outright)

    Effective February 2, 2025. Prohibited uses include:

    • Social scoring by public authorities
    • Real-time remote biometric identification in publicly accessible spaces (with narrow law-enforcement exceptions)
    • Emotion recognition in workplace and educational settings
    • Subliminal techniques designed to materially distort behavior
    • Exploitation of vulnerabilities (age, disability, socioeconomic status)
    • Untargeted scraping of facial images for facial recognition databases
    • Predictive policing based solely on profiling

    For most US mid-market firms, the Tier 1 list is a bright-line list of things not to build. The compliance work is verifying that none of your existing or planned systems falls within scope.

    Tier 2 — High-risk (heavy obligations)

    Effective August 2, 2026. This is where the substantive compliance work lives. High-risk systems include AI used as safety components of regulated products (medical devices, machinery, vehicles) and AI deployed in eight specified domains:

    • Biometric categorization and identification
    • Critical infrastructure management
    • Education and vocational training (admissions, scoring, behavioral monitoring)
    • Employment, workforce management, and access to self-employment (recruitment, performance evaluation, task allocation)
    • Access to essential private and public services (credit scoring, insurance pricing, emergency triage)
    • Law enforcement
    • Migration, asylum, and border control
    • Administration of justice and democratic processes

    A US firm operating in any of these domains with EU-relevant outputs is subject to the full set of Tier 2 obligations. These include:

    • Risk management system spanning the AI lifecycle
    • Data governance — training data quality, bias mitigation, provenance documentation
    • Technical documentation — sufficient to demonstrate conformity, maintained throughout the system’s life
    • Record-keeping (logging) — automatic logs of operation
    • Transparency — instructions for use that allow deployers to interpret and use the system correctly
    • Human oversight — design that enables effective human oversight
    • Accuracy, robustness, and cybersecurity — technical resilience requirements
    • Quality management system for providers
    • Conformity assessment before market placement
    • Registration in the EU AI database
    • Post-market monitoring with serious-incident reporting

    Tier 3 — Limited risk (transparency obligations)

    Systems that interact with humans (chatbots), generate or manipulate content (deepfakes, synthetic media), or perform emotion recognition or biometric categorization outside Tier 2 must disclose their AI nature to affected users. The obligation is comparatively light but applies broadly — most consumer-facing chatbots and content-generation features fall here.

    Tier 4 — Minimal risk (no obligations)

    The vast majority of AI systems — spam filters, recommendation engines for non-essential services, AI-enabled video games — sit here with no specific obligations beyond voluntary codes of conduct.

    General-Purpose AI (GPAI) model obligations

    Effective August 2, 2025. The Act imposes a separate obligation tier on providers of general-purpose AI models — foundation models like GPT-4, Claude, Gemini, Llama, and similar.

    For all GPAI providers:

    • Technical documentation of the model
    • Information for downstream providers integrating the model
    • Compliance with EU copyright law in training data
    • Public summary of training data content

    For GPAI with systemic risk (currently models trained with more than 10^25 FLOPs, a threshold that captures the largest foundation models):

    • Model evaluations including adversarial testing
    • Systemic risk assessment and mitigation
    • Serious incident reporting to the AI Office
    • Adequate cybersecurity protection of model and physical infrastructure

    US firms that build on top of a GPAI provider inherit downstream obligations — particularly if you fine-tune the model and place the result on the EU market. This is where the GPAI tier and the high-risk tier intersect for most mid-market firms.

    Where US firms most often misjudge scope

    The four scope-determination errors we see most often in mid-market assessment work:

    1. “We don’t sell to the EU.” The Act’s scope is triggered by output use, not by sale. Outputs from your AI system being consumed in the EU brings you into scope, even if no commercial transaction crosses the border.
    2. “We’re a deployer, not a provider — the obligations don’t apply to us.” Deployers have separate obligations: human oversight, monitoring, fundamental rights impact assessments (for some high-risk uses), and instructions-for-use compliance. Deploying an off-the-shelf high-risk system is not a free pass.
    3. “We’re using a GPAI from OpenAI/Anthropic/Google — we inherit their compliance.” No, you do not. The provider handles their layer. You handle your layer — your fine-tuning, your application, your high-risk-tier exposure, your deployment context.
    4. “It’s not high-risk because we don’t use it for hiring decisions.” Read the high-risk annex carefully. Performance evaluation, task allocation, and behavioral monitoring in workplace contexts are all in scope. The threshold is lower than most operating teams assume.

      5. Implementation roadmap for US mid-market firms

      A four-phase roadmap that fits most mid-market timelines under the August 2026 high-risk effective date.

      Phase 1 — Scoping (months 1-2)

      • Inventory every AI system in deployment, in pilot, and in vendor SaaS — see shadow AI detection for the discovery work
      • Map each system to the Act’s risk tiers (unacceptable, high, limited, minimal, GPAI integration)
      • Determine territorial nexus — does the output reach the EU?
      • Produce a scope memo signed by Legal, IT, and the executive sponsor
      • Graduation gate: documented inventory + risk-tier mapping + EU nexus determination

      Phase 2 — Gap assessment (months 3-4)

      • For each high-risk system, gap-assess against the eight Tier 2 obligations
      • For each GPAI integration, gap-assess against downstream provider obligations
      • Identify deployer obligations for systems where you are the deployer
      • Produce a prioritized remediation roadmap
      • Graduation gate: documented gap register + executive-approved roadmap

      Phase 3 — Build (months 5-12)

      • Stand up the risk management system
      • Build the technical documentation pipeline (a living artifact, not a one-time PDF)
      • Engineer logging, monitoring, and post-market reporting infrastructure
      • Embed human oversight controls in the system design
      • Conduct fundamental rights impact assessments where required
      • Address data poisoning, model inversion, and inference exfiltration risks under the cybersecurity obligation
      • Run pre-conformity assessment against the obligations
      • Graduation gate: all controls in place, documented, and tested

      Phase 4 — Conformity and operation (months 13+, ongoing)

      • Conduct the formal conformity assessment (self-assessment for most high-risk uses; notified-body assessment for some)
      • Register the system in the EU AI database where required
      • Establish the post-market monitoring cadence
      • Establish the serious-incident reporting workflow
      • Maintain technical documentation through the system’s life
      • Graduation gate: reaching this phase is the program’s steady state

      How Armorstack approaches EU AI Act compliance

      When we onboard a US client with EU exposure, we run a structured engagement via the VERITY portfolio:

      1. Scope and inventory — what systems exist, what risk tiers apply, what EU nexus exists
      2. Gap assessment — against Tier 2 obligations, GPAI obligations, and deployer obligations
      3. Cybersecurity overlay — the Act’s cybersecurity requirement maps directly onto Armorstack’s existing AI security work, including shadow AI, data poisoning, model inversion, and inference exfiltration defense
      4. Roadmap — prioritized by August 2026 deadline pressure × business impact × cost-to-implement
      5. Build support — embedded vCISO/advisory through Phase 3
      6. Continuous monitoring — via the SENTRY portfolio’s AI security observability, which produces the post-market monitoring telemetry the Act requires

        7. Most US mid-market firms with EU exposure are in Phase 1 today and need to reach Phase 3 by mid-2026. The window is real but not urgent yet — provided Phase 1 starts now.

        Common questions

        Q: We have no EU customers and no EU operations. Do we still need to care?
        A: Possibly. Test the criterion: do any outputs from your AI system get used in the EU by anyone? Healthcare analytics consumed by an EU research partner, recruiting decisions affecting an EU candidate, content generation used by an EU subsidiary of your customer — all bring you into scope. If genuinely zero EU output use, you’re out of scope until that changes.

        Q: How does this interact with US state AI laws (Colorado, California, Illinois)?
        A: They layer rather than conflict. The Colorado AI Act covers some of the same ground (high-risk system documentation, impact assessments) with overlapping but not identical obligations. Most US mid-market firms with EU exposure design a unified program that satisfies the strictest applicable framework on each dimension.

        Q: What about AI incident response under the Act?
        A: The Act requires serious-incident reporting to the AI Office for high-risk systems and GPAI systems with systemic risk. Reporting timelines are tight (15 days for serious incidents; 2 days for widespread infringements affecting fundamental rights). Your IR plan needs an EU-specific arm.

        Q: Do we need a notified body?
        A: For most high-risk AI uses, no — self-assessment by the provider is sufficient. Notified-body assessment is required for AI systems that are safety components of regulated products (medical devices, machinery) and a small set of biometric uses. Verify your specific system class with counsel.

        Q: What’s the smallest first step?
        A: A scope memo. One to two weeks of work that determines whether the Act applies to your organization at all, which systems are in scope, and which risk tier each falls into. Without the scope memo, every subsequent piece of compliance work is built on assumptions.

        Q: What does Armorstack’s offering look like?
        A: VERITY runs scope-and-gap assessments and embedded vCISO/advisory through implementation. SENTRY provides the cybersecurity and post-market monitoring infrastructure required under the Act. Engagements typically start with a 1-2 week scope memo, followed by a 6-8 week gap assessment, followed by phased build.

        Next reading

        Get help

        If your organization has any AI system whose outputs reach EU users — directly or via partners — and you do not have a documented scope memo, gap assessment, or implementation roadmap, the August 2026 deadline is closer than it looks. Book a 30-minute discovery call at armorstack.ai/contact/ or call 877-890-5508.

        Last reviewed: 2026-05-01. Authored by Dale Boehm, CEO Armorstack. CISA + CDPP. This guide is informational and not legal advice — consult qualified EU counsel for binding compliance determinations.

Related Articles

Continue reading