EU AI Act: The Role of Authorised Representatives
Updated: October 2025
The EU AI Act introduces key roles in the AI value chain, including authorised representatives (ARs) who act as intermediaries between non-EU AI providers and EU regulators. Authorised Representatives perform tasks specified in the mandate on behalf of non-EU providers, facilitating entry into the EU market.
Providers of high-risk AI systems or general-purpose AI models from third countries must appoint an AR within the EU. ARs, based in the EU, manage regulatory obligations and perform tasks specified in the mandate related to EU regulations.
ARs verify documentation, maintain records, provide information to authorities, and serve as a contact point for compliance issues. While specific qualifications are not listed, ARs ideally possess a strong understanding of EU regulations, technical aspects of AI, good communication skills, and knowledge of EU laws. They play a vital role in ensuring transparency and trustworthiness in the EU AI ecosystem.
Key Takeaways
• Mandatory appointment for market access: Non-EU providers of high-risk AI systems or general-purpose AI models must appoint an EU-based Authorised Representative before entering the EU market.
• AR responsibilities: Authorised Representatives verify compliance documentation, maintain records for 10+ years, communicate with EU authorities, and can terminate their mandate if providers fail to meet obligations.
• Required expertise: While no formal qualifications are specified, ARs need strong knowledge of EU AI regulations, technical understanding of AI systems, and effective communication skills.
Key Compliance Roles Introduced by the EU AI Act
The EU AI Act introduces several pivotal roles within the AI value chain, each tasked with specific compliance duties:
Provider
Develops AI systems or GPAI models and must comply with regulations when distributing or producing AI outputs in the EU market. Example: A software company creating AI-driven products for EU consumers.
Deployer
Utilises AI systems in real-world applications and must ensure compliance with regulations regarding data governance and incident reporting. Example: A healthcare provider using AI algorithms to assist in medical diagnostics.
Product Manufacturer
Incorporating AI systems into products requires adherence to regulations regardless of location if distributing in the EU market. Example: An automotive manufacturer integrating AI technology into self-driving vehicles sold in the EU.
Importer
Acts as a gatekeeper for AI systems entering the EU market from non-EU countries and must conduct due diligence before placement. Example: An EU-based company importing AI-powered gadgets from Asia.
Distributor
Companies that provide AI systems for distribution or use in the EU market must verify compliance of related providers and importers. Example: A technology company distributing AI software solutions to EU businesses.
Authorised Representative (AR)
Acts as an intermediary between non-EU AI providers and EU authorities, performing tasks specified in the mandate on behalf of the provider. Example: An EU-based consultancy appointed by a U.S. AI developer to oversee regulatory obligations in the EU.
What Exactly are Authorised Representatives and Who Should Appoint Them?
Providers of high-risk AI systems or general-purpose AI models based in third countries must appoint an AR within the EU before introducing their products to the Union market. This requirement emphasises the importance of having a local presence to navigate EU regulations effectively.
However, there is an exception to this obligation for providers of general-purpose AI models released under a free and open-source license. This license permits access, usage, modification, and distribution of the model, along with the public availability of parameters, model architecture information, and usage data, unless such models present systemic risks.
As defined in the EU AI Act, AR’s are individuals or entities located or established within the EU who have received and accepted a written mandate from a provider of a high-risk AI system or a general-purpose AI model. Their primary responsibility is to perform, on behalf of the provider, the obligations and procedures established by the regulation.
ARs serve as intermediaries between AI providers located outside the EU and regulatory bodies within Europe. Their crucial role is to ensure, within the framework of their mandate, that the provider has undertaken all measures and has all the required documentation prescribed by the strict regulations of the EU AI Act.
For example, let’s say a tech company based in the United States develops an AI system classified as high risk or general-purpose AI models and wants to sell it in the EU market. Before they can do so, they need to appoint an AR within the EU.
This representative will handle all communication with European regulatory authorities, ensuring that the company has all documentation in place and has taken prescribed actions to prove that the AI system meets all necessary compliance standards before it is made available for sale.
In summary, AR plays a crucial role in streamlining the regulatory process for AI providers operating outside the EU. By ensuring adherence to EU regulations, they contribute to building trust and transparency in the AI industry within Europe.
Key Responsibilities and Functions of AR’s
In the intricate domain of AI regulation in the European Union, ARs shoulder diverse responsibilities, encompassing verification and serving as regulatory liaisons. Let’s explore each of these roles in detail.
Representation
An Authorised Representative is any natural or legal person located or established within the EU who receives and accepts a written mandate from a provider of a high-risk AI system or a general-purpose AI model. This mandate empowers them to act on behalf of the provider, carrying out obligations and procedures mandated by the regulation.
Compliance and Verification
AR’s are tasked with verifying that the EU declaration of conformity and technical documentation have been prepared and that the appropriate conformity assessment procedure has been conducted by the provider.
Record Keeping
ARs keep essential documentation, including the contact details of the provider, EU declaration of conformity, technical documentation, and relevant certificates, available to the AI Office for at least 10 years after the AI system is placed on the market.
Provision of Information
They provide the AI Office, upon request, with all necessary information and documentation to demonstrate compliance with the regulation.
Cooperation with Authorities
ARs cooperate with competent authorities and the AI Office, upon request, in any action related to the AI system or general-purpose AI model. This may include actions to reduce and mitigate risks posed by the AI system or model.
Registration Obligations
They comply with registration obligations, if applicable, and ensure that correct information is provided to the EU database for high-risk AI systems.
Contact Person
Authorised Representatives serve as a contact person established within the EU for issues related to ensuring compliance with the regulation. They may be addressed by competent authorities on all matters concerning compliance and the Shell Act within the framework of the mandate issued by the provider.
Termination of Mandate
If an AR believes or has reasons to believe that the provider is not fulfilling its obligations under the regulation, they have the authority to terminate the mandate. In such cases, they inform the relevant market surveillance authority and, if applicable, the notified body about the termination and the reasons behind it.
To illustrate, let’s consider a scenario where a company based in the US develops a high-risk AI system intended for the EU market. Before making the system available in the EU, the US company must appoint an AR established within the EU. This AR will check if the company has appropriate documentation and measures in place to ensure the system meets all regulatory requirements, verify documentation, and cooperate with authorities if needed.
In summary, ARs serve as essential liaisons between non-EU AI providers and EU regulatory bodies, contributing to a safer and more transparent AI ecosystem within Europe.
Are There Any Specific Qualifications Required for This Role?
The EU AI Act does not explicitly list specific qualifications required for an AR. However, given the responsibilities of the role, the AR should ideally have a strong understanding of the EU AI Act, its requirements, and the technical aspects of the AI systems they represent.
The AR is expected to verify that the EU declaration of conformity and the technical documentation have been appropriately drawn up by the provider. This implies a need for technical knowledge to understand these documents and verify their accuracy.
Moreover, the AR must be capable of cooperating with competent national authorities and providing them with all the necessary information and documentation. This suggests a need for good communication skills and a thorough understanding of the AI system and its compliance with the EU AI Act.
It’s also worth noting that the AR must be established within the EU. This could imply a need for knowledge of EU laws and regulations, as well as the specific requirements of the EU AI Act.
Conclusion
The EU AI Act has introduced several roles within the AI value chain, including providers, deployers, product manufacturers, importers, distributors, and authorised representatives (ARs). ARs act as intermediaries between non-EU AI providers and EU regulatory bodies, performing tasks specified in the mandate on behalf of non-EU providers.
Providers of high-risk AI systems or general-purpose AI models based in third countries must appoint an AR within the EU before introducing their products to the EU market. ARs, located or established within the EU, fulfil regulatory obligations mandated by the regulation, ensuring that the EU declaration of conformity and technical documentation have been prepared and that the appropriate conformity assessment procedure has been conducted by the provider.
ARs have various responsibilities, including verifying documentation, record-keeping, providing information to authorities, cooperating with competent bodies, and serving as a contact person for compliance issues. They play a crucial role in streamlining the regulatory process for non-EU AI providers, contributing to trust and transparency in the AI industry within Europe.
While specific qualifications are not explicitly stated in the EU AI Act, Authorised Representatives should ideally possess a strong understanding of EU regulations, technical aspects of AI systems, good communication skills, and knowledge of EU laws and regulations. Their role is essential in ensuring trustworthiness in the AI value chain, enabling high-risk AI systems to comply with the EU AI Act and contributing to a safer and more transparent AI ecosystem within Europe.
If you need assistance with implementing AI within your business, reach out to our team at GDPRLocal.
Frequently Asked Questions
Do all AI providers need to appoint an Authorised Representative?
No, only providers of high-risk AI systems or general-purpose AI models based outside the EU need to appoint an AR. There’s an exception for providers of general-purpose AI models released under free and open-source licenses, unless they present systemic risks.
Can an Authorised Representative be held liable for non-compliance?
The AR acts on behalf of the provider within the scope of their mandate. If they believe the provider is not fulfilling regulatory obligations, they have the authority to terminate the mandate and must inform the relevant market surveillance authority.
How long must an Authorised Representative keep documentation?
ARs must maintain essential documentation—including the EU declaration of conformity, technical documentation, and relevant certificates—for at least 10 years after the AI system is placed on the market.