EU Representative for GDPR and the EU AI Act

If your company is outside the EU and offers goods, services or AI systems to people in the EU, EU law requires you to appoint a representative in the Union. We act as that representative, as lawyers, not a mailbox.

What we do

  • named representative with a Warsaw address
  • contact point for supervisory authorities and data subjects
  • handling of records and inquiries
  • escalation to your team with legal guidance, in English.

Two duties, one provider

GDPR Article 27 representative for non-EU controllers and processors, and EU AI Act authorized representative for non-EU AI providers. The Article 54 duty for providers of general-purpose AI models applies since August 2025. The representative duty for high-risk AI systems applies with the high-risk regime from 2 December 2027 after the 2026 amendments. One provider can hold every mandate.

The enforcement record

Failure to appoint a representative is fined up to EUR 10 million or 2% of worldwide turnover (Article 83(4)(a) GDPR). The Dutch DPA fined Locatefamily.com EUR 525,000 for exactly this failure. Clearview AI was fined EUR 600,000 in Italy for the same gap. The missing appointment is visible in any privacy policy, so enterprise procurement usually finds it before a regulator does.

Why a law firm?

If an authority contacts your representative, you want a lawyer answering, not a forwarding service.

$150, 30 minutes, with a lawyer. Credited toward your first invoice if we engage.