AUTHORISED REPRESENTATIVE FOR UK AI COMPANIES
Sell AI into Europe after Brexit
Brexit moved UK companies into the same category as any other non-EU provider under the EU AI Act. If you place a high-risk AI system on the EU market, you need a named Authorised Representative inside the Union — and most UK AI companies don’t have one.
Fixed annual fee · Named EU entity · Compliant from day one
EU AI ACT AND UK COMPANIES
Brexit made you a third-country provider. The EU AI Act treats you accordingly.
Three things UK AI companies consistently get wrong about their post-Brexit EU obligations — and why the AR requirement is the one regulators check first.
EU AI Act treats UK companies as non-EU providers
Under the EU AI Act, UK companies are subject to the same extraterritorial obligations as US, Swiss, or Canadian companies when their AI systems reach EU users. There is no special status, no transition arrangement, and no bilateral agreement that changes this. If your product is used in any EU member state, the Act applies to it on the same terms as if you were based in California.
EU market access now requires a named EU presence
Article 22 of the EU AI Act requires non-EU providers of high-risk AI systems to appoint a named, EU-established Authorised Representative before placing the system on the EU market. UK companies that have been selling into the EU since before the Act came into force — through direct sales, reseller agreements, or API access — are often already in breach without knowing it.
UK-EU commercial relationships make this a must
UK AI companies sell heavily into EU markets — Germany, France, the Netherlands, the Nordics. The AR requirement surfaces not only in regulatory enforcement but in enterprise procurement questionnaires, investor due diligence from EU-based funds, and partnership agreements with EU companies that now include AI Act compliance clauses.
UK companies built strong EU commercial relationships before Brexit. The EU AI Act is a new condition on maintaining them. This service establishes your compliant EU presence — a named lawyer on your documentation, accountable to EU authorities — so your EU market access is built on solid ground.
WHAT’S INCLUDED
Everything required for a compliant EU AI Act presence
A substantive EU appointment that satisfies Article 22 — not a registered address that leaves you exposed when a regulator or procurement team asks a real question.
Named EU Authorised Representative
A specialised entity established in the EU, appointed under Article 22, identified in your technical documentation and EU AI database registration. Legal standing with EU market surveillance authorities — the person they write to, and the person who responds substantively on your behalf.
Mandate agreement drafted and executed
A compliant appointment document reflecting the Act’s formal requirements — scope of representation, obligations, and terms — ready to include in your technical file and present to any EU authority, enterprise buyer, or investor that requests evidence of compliance.
Authority correspondence handling
All EU regulatory authority correspondence relating to your system is received, escalated, and handled in coordination with your team. You are notified immediately. No position is taken without your involvement. No response goes without your approval.
Technical documentation copy maintained
Your technical documentation and EU declaration of conformity are held as required by Article 22 — available to market surveillance authorities on request, maintained and updated as your product develops.
Annual review and regulatory alerts
A structured annual call covering product changes, new deployments, and regulatory developments affecting your AR obligations or classification. Alerts when enforcement activity or Commission guidance is relevant to your system’s category.
Priority AI product assessment
If a product change during the year raises a reclassification question, you are prioritised. The conversation is included in the service — no additional charge for the call that keeps your compliance position current.
About the provider: (yes, that’s real me)
I’m Yuliia Habriiel — a regulatory lawyer who spent years inside EU digital regulation: not just the AI Act, but GDPR, NIS2, DORA, the Cyber Resilience Act, and ISO 42001.
I build compliance infrastructure for a living, so I know the difference between a requirement that’s theatrical and one that will actually get enforced. The EU AI Act is written at the level of the product — yet almost everyone is still trying to comply at the level of the organisation. That mismatch is where companies get caught.
When you work with me, you’re not getting a generic audit or AI’s best guess. You’re getting the same legal reasoning the regulators apply, turned on the one thing that matters: the AI system you’re shipping.
Who this service is for:
UK AI companies with existing EU customers, EU enterprise contracts, or EU API users who have not established a compliant AR appointment and need to resolve that position before it surfaces in a procurement process, a regulatory enquiry, or a funding round.
UK founders preparing for an EU market launch who want the legal groundwork in place before their first EU customer — not scrambling to establish compliance after a procurement questionnaire asks for it.
UK scale-ups raising from EU-based investors whose term sheets or due diligence processes now include AI Act compliance as a closing condition or portfolio risk question.
UK AI companies in regulated sectors — healthtech, fintech, legaltech, HR technology, insurtech — where Annex III high-risk classification is likely and the AR requirement is a precondition for operating in the EU market at all.
UK companies that assumed Brexit created a clean break from EU regulation and are now discovering that the EU AI Act reaches their product through their EU users regardless of where they are incorporated or where their servers are hosted.
UK AI companies already UK GDPR-compliant who understand the extraterritorial model and need to extend their existing compliance posture to the EU AI Act without building a separate EU infrastructure from scratch.
What our customers say:
Thank you for sending the strategy doc. I did not even expect it to be customised so it provides a good strategy tool to help me think about developing my application.
Meredith Godat, PhD
Founder, CogniQuest (Switzerland)
We’ve been trying to figure out how the EU AI Act affects our drone platform, especially around AI-based navigation. The report helped make sense of what actually applies to us and what we need to pay attention to. It gave us a much better picture of where we stand and what we need to do next before expanding into the EU market.
Denis Isakovs,
CTO, ProDrone
(Latvia)
Before this report, every AI Act discussion ended in confusion. Now I can confidently present classification decisions to our legal team and explain timelines to stakeholders. Worth every euro.
Robert Müller
Head of Product, MedicaTech Solutions (Germany)
Backed by Our Guarantee
The mandate we execute satisfies Article 22 of the EU AI Act to the letter. If at any point during the engagement a market surveillance authority finds the appointment non-compliant due to anything on our side of the mandate, we resolve it at no additional cost. The annual fee is fixed — no surprise invoices for correspondence handling, regulatory alerts, or review calls within the scope of the service. If your product changes during the year in a way that means the AR service is no longer needed, we refund the unused portion on a pro-rata basis.
Audit-Proof Documentation
Lifetime AI Act Updates Included
If You Don’t Need It, We Tell You
Flexible Time Investment
Appoint your EU Authorised Representative — compliant from day one
✔︎ Free product scoping assessment
✔︎ Mandate agreement drafted and executed
✔︎ Authority correspondence handling for twelve months
✔︎ Technical documentation copy maintained
✔︎ Annual review call and regulatory alerts
✔︎ Priority reclassification assessment if needed
€2,400/year · Billed annually · No hourly billing · No open-ended scope
Frequently Asked Questions
Does the EU AI Act apply to UK companies after Brexit?
Yes. Brexit moved UK companies outside the EU’s regulatory perimeter entirely. Under Article 2 of the EU AI Act, UK companies are third-country providers — subject to the same extraterritorial obligations as any other non-EU company when their AI systems reach EU users. There is no special post-Brexit status, no UK-EU AI Act equivalence arrangement, and no transition period. If your product is used in any EU member state, the Act applies to it on the same terms as if you were incorporated in the United States.
What is an EU AI Act Authorised Representative and why does a UK company need one?
An Authorised Representative under Article 22 is a lawyer or firm established in an EU member state, appointed by a non-EU provider to act as their legal point of contact for EU regulatory authorities. For UK companies placing high-risk AI systems on the EU market, the appointment is a legal precondition for market access — not an administrative step to address once revenues justify it. Without a compliant AR on record, a UK company is in breach of the Act regardless of how well its product meets the technical requirements.
Does my UK AI product count as high-risk under the EU AI Act?
High-risk classification under Annex III is determined by your system’s function and deployment context — not its technical architecture, its marketing description, or its UK regulatory status. Categories include AI used in hiring and recruitment, credit decisions, education and student assessment, biometric identification, critical infrastructure, healthcare decision support, law enforcement, and border management. If your product operates in any of these areas and has EU users, high-risk classification is likely in play.
Our AR service includes a product review at onboarding to confirm your classification before the mandate is executed.
We have a UK GDPR representative. Does that cover EU AI Act obligations?
No. A UK GDPR representative operates under UK law and has no standing under EU law. An EU AI Act Authorised Representative must be established in an EU member state and operates under the EU AI Act. They are entirely separate appointments under entirely separate regimes. Additionally, your EU GDPR Article 27 representative — if you have one — does not satisfy the AI Act AR requirement either. The mandates are distinct even where the same firm holds both.
Is a registered address in an EU member state sufficient?
No. Article 22 imposes active legal obligations on the AR — to maintain technical documentation, cooperate with market surveillance authorities, and take corrective action where required. A registered address cannot fulfil any of these obligations. An AR that exists only on paper leaves a UK company in the same legal exposure as having no AR at all — and is the kind of non-compliance that surfaces quickly when an authority makes a substantive enquiry.
The UK has its own AI regulatory approach — does that affect EU AI Act compliance?
No. The UK government’s sector-led, principles-based approach to AI regulation is a domestic policy choice with no bearing on EU law. UK AI companies remain subject to the EU AI Act when their products reach EU users, regardless of their UK regulatory status. The two frameworks operate independently. Being compliant with UK ICO guidance, FCA AI requirements, or CMA foundation model recommendations does not create any standing under the EU AI Act.
What happens when a EU market surveillance authority contacts our Authorised Representative?
We receive the correspondence, notify you immediately, and coordinate the response with your team. We do not take positions on your product or make commitments to authorities without your explicit involvement.
The AR role is to be the accountable EU point of contact — decisions about your product and your compliance position remain yours. If an enquiry escalates to formal enforcement proceedings, that is a separate legal engagement agreed before we proceed.
Can UK companies be fined under the EU AI Act?
Yes. The Act’s enforcement provisions apply to non-EU providers regardless of establishment. Fines for prohibited-practice violations reach €35 million or 7% of global annual turnover. Fines for high-risk system violations reach €15 million or 3% of global annual turnover.
EU market surveillance authorities can pursue non-EU companies through their Authorised Representative — which is precisely why the AR appointment carries real legal weight, and why a letterbox service does not adequately protect a UK company facing a substantive regulatory enquiry.
How long does it take to appoint an EU Authorised Representative?
From instruction to executed mandate is typically three to five working days. The mandate is executed once we have sufficient knowledge of your product — its function, deployment context, and current documentation position — to fulfil our obligations under Article 22 responsibly. We do not accept appointments for products we have no visibility of.
What if our product changes during the year — does the mandate still cover it?
Material changes — new use cases, new deployment contexts, expanded user bases, or new data processing — may affect your classification and the scope of the mandate. Contact us before deploying significant changes. If the change falls within the existing scope, the mandate covers it. If it represents a material expansion, we agree an amendment before it takes effect. The annual review call is designed to catch incremental changes; significant changes should not wait for it.
What is included in the €2,400 annual fee?
Mandate drafting and execution, named AR appointment, authority correspondence handling for twelve months, technical documentation copy maintenance, annual review call, and regulatory alerts relevant to your system’s category. Work outside that scope — a full reclassification assessment, legal representation in enforcement proceedings, or technical documentation drafting — is a separate engagement quoted before any work begins.
The annual fee is fixed and does not vary with correspondence volume or the number of regulatory enquiries within the service scope.