Given its extraterritorial reach, companies outside Europe should start preparing for the EU AI Act now. In general, the Act will apply to companies that develop high-risk AI systems used in the EU and that provide outputs from those systems, even if the companies have no physical presence in Europe.

Ahead of August 2026, companies, especially those who have no direct dealings within the EU, should begin auditing their systems and practices to determine whether they fall under the Act to avoid surprises of later enforcement actions. That starts with mapping how the organization uses AI to generate outputs and identifying where AI is being used by third-party vendors and partners. Once those AI use cases are documented, the next step is assessing whether any of documented cases could be considered high-risk, which may trigger compliance requirements under the Act.

Companies using or deploying high-risk AI outside Europe should work with suppliers and customers to update contracts so they are notified when AI is used and can restrict AI systems and outputs from being shared in the EU, where appropriate. For companies that intend to do business in Europe, now is also the time to begin building a risk management program in preparation for the Act’s enforcement.