EDPO Representative Services: Ensuring Compliance Across Jurisdictions

Companies that offer goods or services to individuals in the EU or the EEA or that monitor the behaviour of these individuals, must appoint an EU Representative under Article 27 of the GDPR it they don’t have an establishment in the EU or EEA.

EDPO assists your company by:

• Acting as your point of contact for Data Protection Authorities
  (DPAs) and for individuals in the EU.
Storing your record of processing activities (RoPA) as required
under the GDPR.

With EDPO as your EU Representative, you improve your GDPR compliance, streamline regulatory interactions, and mitigate legal risks in the European market.

Since Brexit, companies that offer goods or services to individuals in the UK or that monitor the behaviour of these individuals must appoint a UK GDPR Representative under the UK GDPR if they don’t have an establishment there.

EDPO’s UK representative services include:

• Acting as the point of contact for the UK’s Information Commissioner’s Office (ICO) and for individuals in the UK .
Storing your record of processing activities (RoPA) as required under the UK GDPR.

By partnering with EDPO UK, you ensure compliance with important requirements of the UK GDPR, maintain strong regulatory relations, and protect your business from enforcement actions.

Companies that offer goods or services to individuals in Switzerland or that monitor their behaviour may have to appoint a representative under the Swiss Federal Act on Data Protection (FADP) it their registered office or domicile is based outside of Switzerland.

EDPO Switzerland acts as your Swiss Data Protection Representative and our services include:

• Acting as your Swiss-based point of contact for the Swiss Federal Data Protection and Information Commissioner (FDPIC) and for individuals in Switzerland.
Storing your record of processing activities (RoPA) as required under the FADP.

With EDPO as your Swiss representative, you ensure compliance with important FADP obligations, and build trust with Swiss customers.

AI providers who do not have an establishment in the EU must appoint an AI Act Authorised Representative in the EU in accordance with Article 22 (for high-risk AI systems) or Article 54 (for general purpose AI models) of the EU AI Act, when they intend to make an AI system available or place it on the EU market.

EDPO assists providers by:

• Acting as the point of contact with the AI Office and the competent authorities and cooperating with them as required under the AI Act.
Verifying that the technical documentation is prepared and that compliance with specific obligations is fulfilled.
Retaining relevant documentation for 10 years after the system/model enters the market.
Ensuring that the AI system is correctly registered in the relevant EU database or, where the provider handles the registration directly, verifying that the submitted information is correct — in the case of high-risk AI systems.

With EDPO as the appointed AI Act Authorised Representative, providers strengthen their regulatory positioning in the EU, foster trust in their AI solutions, and mitigate legal and reputational risks in the European AI ecosystem.

Under the NIS2 Directive, certain entities based outside the EU that provide digital services or that operate critical infrastructure in the EU must appoint an EU Representative for cybersecurity compliance. EDPO helps businesses by serving as the main point of contact for EU authorities and for the Computer Security Incident Response Teams.

EDPO assists your company by:

• We register your company with the relevant EU authority and notify such authority of relevant updates, according to your written instructions, pursuant to Article 27 of the NIS2 Directive.
We ensure that we can be addressed by EU competent authorities and CSIRTs in the place of your company with regard to your obligations under the NIS2 Directive.
We assist you with your incident-reporting obligations with the competent EU authorities pursuant to Article 23 of the NIS2 Directive (excluding notifications to recipients of your services).
We cooperate, upon request and according to your written instructions, with the relevant EU competent authorities.
We provide our clients with English-language versions of requests it receives from EU competent authorities under the NIS2 Directive.

EDPO helps you stay compliant with important obligations of the NIS2 Directive, ensuring seamless coordination with EU authorities.

Under the DGA, companies not established in the EU that provide data intermediation services or data altruism services in the EU, may need to appoint a DGA Representative. EDPO acts as a point of contact for competent authorities under the DGA.

EDPO assists your company by:

• We cooperate with and comprehensively demonstrate to the competent authorities for data intermediation services or data altruism organisations, upon request, the actions taken and provisions put in place by these entities to ensure compliance with this Regulation.

With EDPO as your DGA Representative, you ensure compliance with important EU data-sharing rules, allowing you to engage in secure and lawful data sharing.

The DSA applies to intermediary services (e.g. online platforms, marketplaces, hosting services) that operate in the EU. Businesses that provide digital services in the EU have an obligation to appoint a DSA Representative if they don’t have an establishment in the EU. Our sister company, EDSR, acts as a bridge between your company and the Digital Services Coordinators (competent authorities under the DSA) in the EU. EDSR has offices in Belgium and Ireland.

EDPO assists your company by:

• We assist you for the purpose of being addressed in addition to or instead of your company, by the Member States’ competent authorities, the Commission and the Board, on all issues necessary for the receipt of, compliance with and enforcement of decisions issued in relation to the DSA.
We promptly notify you of requests and decisions that we receive from the Member States’ competent authorities, the Commission and the Board under the DSA.

We promptly reply to the Member States’ competent authorities, the Commission and the Board, upon your written instructions, in the language specified by your company pursuant to Article 11(3) of the DSA.

We support your notifications to the Digital Services Coordinator (DSC) by preparing pre-filled forms and submitting them to the relevant authority on your behalf.

We promptly notify you of requests and decisions that we receive from the Member States’ competent authorities, the Commission and the Board under the DSA.

Our sister company EDSR helps digital service providers meet important DSA obligations and enhance user trust. Our network of professionals can assist you in navigating this complex regulation with confidence.