The AI Act applies to a broad range of entities involved in the lifecycle of artificial intelligence systems. Specifically, it applies to:

• Providers of AI systems or general-purpose AI models that are placed on the market or put into service in the EU, regardless of whether they are established in the EU or in a third country.
• Deployers of AI systems established or located in the EU.
• Providers and deployers in third countries if the AI system’s output is used in the EU.
• Importers and distributors of AI systems making them available in the EU market.
• Product manufacturers incorporating an AI system into their products and placing them on the EU market under their name or trademark.
• Authorized representatives of providers that are not established in the EU.

The AI Act does not apply to:

• AI systems used exclusively for military, defense, or national security purposes.
• AI systems used by public authorities in third countries under international cooperation agreements on law enforcement and judicial cooperation with the EU.
• AI systems used for scientific research and development, unless they are high-risk or prohibited AI systems.
• AI systems released under free and open-source licenses, unless they are classified as high-risk or fall under prohibited AI practices ​AI Act.

An Authorised Representative acts as a liaison between the provider of an AI system and the relevant EU authorities, including the AI Office.

The Authorised Representative of a GPAI must:

• Verify that the technical documentation is prepared and that compliance with obligations is fulfilled.
• Retain relevant documentation and provider contact details for 10 years after the model enters the market.
• Provide the AI Office, upon a reasoned request, with all necessary information to demonstrate compliance.
• Cooperate with the AI Office and authorities when requested, including for actions involving the system.
• Serve as the point of contact for the AI Office and competent authorities to address compliance issues on behalf of the provider.
• Terminate their mandate and notify the AI Office if the provider violates its obligations, providing the reasons.

The Authorised Representative of a high-risk AI provider must:

• Verify that the EU declaration of conformity and the technical documentation have been drawn up, and that an appropriate conformity assessment procedure has been carried out by the provider.

• Retain the documentation and provider contact details for 10 years after the AI system is placed on the market or put into service.

• Provide the competent authorities, upon a reasoned request, with all necessary information and documentation to demonstrate the conformity of the high-risk AI system with the applicable requirements

• Cooperate with competent authorities, upon a reasoned request, in any action taken in relation to the high-risk AI system, particularly to reduce or mitigate the risks it may pose.

• Ensure that the AI system is correctly registered in the relevant EU database, or, if the provider handles the registration directly, verify that the submitted information is correct.

• Terminate the mandate and immediately inform the relevant market surveillance authority and, where applicable, the notified body, including the reasons for termination.

• Failure to appoint an Authorised Representative → Fines up to €15 million or 3% of global annual turnover.
• Prohibited AI Practices → Fines up to €35 million or 7% of global annual turnover.
• Failure to comply with key obligations → Fines up to €15 million or 3% of global annual turnover.
• Providing false or misleading information → Fines up to €7.5 million or 1% of global annual turnover.

The AI Act sets out a phased timeline for appointing an authorised representative within the EU, depending on the type of AI system:

• 2 August 2025 → Providers of general-purpose AI (GPAI) models must appoint an Authorised Representative in the EU, PRIOR to placing the GPAI on the EU market.
• 2 August 2026 → Providers of high-risk AI systems are required to appoint an Authorised Representative in the EU, PRIOR to making the high-risk AI system available on the EU market.

Open-source AI models are generally exempt from the requirement to have an authorised representative unless they pose systemic risks.

A general-purpose AI model is considered to pose systemic risks if it has high-impact capabilities or significant market reach that could lead to serious negative effects, including:

• Major accidents or disruptions in critical sectors.
• Significant harm to public health and safety.
• Threats to democratic processes, public and economic security.
• The dissemination of illegal, false, or discriminatory content​.

If an open-source AI model meets these conditions, it is subject to transparency, risk assessment, and mitigation obligations, including the appointment of an authorised representative to ensure compliance.