Frequently asked questions
Does the EU AI Act apply if I am based in the US or UK?
Yes, it can. The Act applies to anyone who places an AI system on the EU market, puts it into service in the EU, or whose system output is used in the EU, regardless of where the company is established. Many US and UK companies are in scope without realising it.
What counts as a high-risk AI system?
The Act lists high-risk uses including employment and worker management, biometrics, critical infrastructure, education and vocational training, access to essential private and public services such as credit and insurance, law enforcement, migration and border control, and the administration of justice. If your system is used in one of these areas, high-risk obligations likely apply.
What are the deadlines?
Prohibited AI practices and AI-literacy duties have applied since February 2025. General-purpose AI model obligations applied from August 2025. The bulk of the high-risk obligations become enforceable in August 2026, with an extended transition to August 2027 for certain high-risk systems embedded in regulated products.
Do I need a notified body?
Usually no. Most high-risk systems are self-assessed through internal conformity assessment, which is the technical documentation we prepare. Only certain categories require third-party assessment by an accredited notified body, and in those cases we prepare you and coordinate with one.
Is this legal advice?
No. We provide independent assessment findings and recommendations, not legal advice, and we do not certify conformity. We work alongside your legal counsel, who confirms your obligations.
What data do you need from us?
A description of the system and its intended purpose, an overview of training and evaluation data, and any documentation you already have. We rarely need raw datasets. Everything is transferred securely and minimized.