Article 54 of Regulation (EU) 2024/1689 — Authorised representatives of providers of general-purpose AI models established outside the Union. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 54 of Regulation (EU) 2024/1689 (the EU AI Act) establishes the obligation for providers of general-purpose AI (GPAI) models that are established in third countries — that is, outside the European Union — to designate an authorised representative before making their models available in the Union.
The article requires that such providers appoint, by written mandate, a natural or legal person established or with a registered office in the Union to act as their authorised representative. The mandate must empower the representative to perform specified tasks on the provider's behalf, including: verifying that the provider has fulfilled obligations relating to technical documentation under Article 53; cooperating with and making available to the AI Office and competent national authorities all information and documentation necessary to demonstrate compliance; and receiving communications and enforcement notices issued by Union supervisory bodies.
The authorised representative must be capable of performing the tasks defined in the mandate and must be provided with all necessary means by the provider to fulfil those tasks effectively. The provider must inform the AI Office of the name, address, electronic mail address, and telephone number of its authorised representative. The representative's details must also be included in the technical documentation required under Article 53 and Annex XII.
Article 54 draws a clear boundary: the designation of an authorised representative does not relieve the provider established outside the Union of its own legal responsibilities under the Regulation.
What This Means in Practice
Article 54 is the mechanism through which the EU AI Act extends its reach beyond Union borders to capture non-EU providers of general-purpose AI models. Any organisation headquartered outside the EU — including those based in the United States, United Kingdom, China, Canada, or any other third country — that makes a GPAI model available within the EU (whether through an API, a product, a platform, or any other distribution channel, and regardless of whether access is paid or free) must establish a formal legal presence through an authorised representative.
In practice, this means non-EU GPAI providers must take the following steps before placing their model on the Union market or, at the latest, by the date on which GPAI obligations become applicable. They must identify a suitable natural person or legal entity — such as a law firm, a compliance consultancy, or a dedicated subsidiary — established within the EU and willing to accept the mandate. The mandate must be formalised in writing, specifying the scope of the representative's authority and the obligations they undertake.
The authorised representative is not merely a postal address. They must actively liaise with the AI Office and national competent authorities, facilitate document requests, and respond to compliance enquiries. Providers must equip their representative with up-to-date technical documentation and prompt access to all compliance materials.
For example, a US-based foundation model provider offering API access to EU businesses would need to appoint an EU-based entity — whether a local subsidiary, a third-party representative service, or a law firm — and register that representative with the AI Office before the GPAI provisions apply.
Key Obligations
- Mandatory appointment: Providers of GPAI models established outside the EU must designate an authorised representative by written mandate before making their model available in the Union market.
- EU establishment requirement: The authorised representative must be a natural or legal person established in the EU or with a registered office within the Union.
- Scope of mandate: The written mandate must empower the representative to carry out specified compliance tasks, including verifying technical documentation, cooperating with the AI Office, and receiving official communications.
- Notification to the AI Office: The provider must notify the AI Office of the authorised representative's contact details (name, address, email, telephone number), and those details must be included in the technical documentation under Article 53 and Annex XII.
- Adequate resourcing: The provider must supply the authorised representative with all means necessary — including access to documentation, records, and personnel — to fulfil their responsibilities effectively.
- Provider liability is not transferred: Appointing an authorised representative does not discharge the non-EU provider from its own direct obligations under the EU AI Act; both parties may face enforcement measures.
Relationship to Other Articles
Article 54 must be read as part of the broader framework governing general-purpose AI models set out in Title V (Articles 51 to 56). It operates in close conjunction with Article 53, which establishes the core obligations of GPAI model providers — including drawing up technical documentation, providing information to downstream providers, and maintaining a copyright policy — since the authorised representative's core function is to verify and facilitate compliance with those obligations.
It also connects to Article 51 and Article 55, which identify GPAI models with systemic risk and impose additional requirements on their providers; the authorised representative must be equipped to support compliance with those enhanced obligations as well. Article 56 governs the AI Office's supervisory powers over GPAI models, making Article 54 foundational to the Office's enforcement capacity vis-à-vis non-EU providers. More broadly, Article 54 mirrors the approach taken in Article 22 for high-risk AI system providers, ensuring consistency across the Regulation's extraterritorial reach. Recital 109 of the Regulation provides interpretive context for the rationale behind this requirement.
Compliance Timeline
The EU AI Act entered into force on 1 August 2024, twenty days after publication in the Official Journal of the European Union. The Regulation applies in phases:
- February 2025: Prohibitions on unacceptable-risk AI practices (Article 5) became applicable.
- August 2025: Obligations for general-purpose AI models under Title V — including Articles 51 to 56 and therefore Article 54 — became applicable. Non-EU providers of GPAI models that were already making their models available in the Union were required to have designated and registered their authorised representative by this date.
- August 2026: Governance and general obligations for certain AI systems (Title III, Chapter 1) become applicable.
- December 2026 / August 2027: Full application of high-risk AI system obligations under Annex I and Annex III respectively.
For non-EU GPAI providers, Article 54 is therefore already operative as of August 2025. Providers that have not yet appointed an authorised representative are in breach of the Regulation and exposed to enforcement action by the AI Office and national competent authorities, including the significant administrative fines provided for under Article 101.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Any provider of a general-purpose AI model that is established outside the European Union and makes that model available in the Union market must appoint an authorised representative by written mandate. This applies regardless of whether the model is made available for a fee or free of charge.
The authorised representative must be capable of performing the tasks specified in the mandate, including verifying that the provider has drawn up the required technical documentation, fulfilling obligations toward the AI Office, and cooperating with competent authorities. The representative acts as the provider's point of contact within the Union.
Yes. The designation of an authorised representative does not absolve the non-EU provider of its own obligations under the EU AI Act. Both the provider and the authorised representative can be held jointly responsible, and competent authorities may take enforcement action against either party.
Article 54 applies to all providers of general-purpose AI models established outside the Union, including those whose models are classified as presenting systemic risk under Article 51. Providers with systemic risk models face additional obligations under Articles 55 and 55a, which the authorised representative must also be capable of facilitating.
The authorised representative must be established or have its registered office within the European Union, ensuring that Union authorities and the AI Office have a legally accessible point of contact within the EU legal jurisdiction.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.