This page covers U.S. law as of June 2026. This is not legal advice. For a plain-English compliance answer tailored to your situation, use the Compliance Checker at DiscloseAI.net.
The EU AI Act can apply to U.S. small businesses if the AI system's output is used within the European Union — regardless of where the business is based. If you deploy AI that affects EU residents or place AI-enabled products on the EU market, you may be subject to EU AI Act requirements. Many U.S. small businesses with no EU customers are not covered.
EU AI Act Overview
The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) entered into force August 1, 2024, with provisions applying on a phased timeline through August 2027. It applies to providers placing AI systems on the EU market, deployers of AI systems located within the EU, and — critically for U.S. businesses — providers and deployers located outside the EU when the output of their AI system is used within the EU. Regulation (EU) 2024/1689, Art. 2(1)(c).
When Does It Apply to a U.S. Small Business?
A U.S. small business is likely subject to the EU AI Act if:
- You sell AI-enabled products or services to customers in EU member states
- You use an AI system to make decisions about EU residents (hiring, credit, access to services)
- You develop an AI system that EU-based businesses purchase and deploy
- Your AI chatbot serves EU customers who interact with it from EU countries
A U.S. small business is likely NOT subject if you have no customers or business activity in EU member states, or your AI use is purely internal with no EU-facing outputs.
Risk Categories
Unacceptable Risk — Prohibited
AI systems posing unacceptable risks are banned: real-time remote biometric surveillance in public spaces by law enforcement, social scoring by governments, subliminal manipulation causing harm. Most small business AI tools do not fall here.
High-Risk AI — Substantial Obligations
AI used in employment, education, credit, essential services, law enforcement, migration, and administration of justice. Requires conformity assessments, technical documentation, human oversight, and EU database registration before deployment. A U.S. SMB using AI hiring tools affecting EU employees may qualify.
Limited Risk — Transparency Requirements
AI systems designed to interact with humans (chatbots), generate synthetic content, or perform emotion recognition must disclose their AI nature to EU users. This applies to EU-facing AI interactions regardless of where the business is based.
Minimal Risk — No Specific Requirements
Most AI applications (spam filters, recommendation engines, customer analytics) fall here and face no specific EU AI Act obligations beyond general EU law compliance.
Practical Guidance
- No EU customers: EU AI Act compliance is not required. Focus on applicable U.S. state laws.
- EU-facing chatbot: Disclose AI identity to EU users — this overlaps with U.S. best practices and Utah law, so the same disclosure satisfies both.
- AI hiring tools affecting EU employees: Assess whether your tool is high-risk under the Act. Third-party tool providers should supply conformity documentation.
- AI product development for EU market: Engage EU legal counsel. High-risk AI product deployment in the EU requires significant compliance infrastructure beyond standard SMB scope.