Does the EU AI Act apply to a US company?

It can. The Act reaches providers and deployers whose AI systems are used in the EU, regardless of where the company sits — much as the GDPR did. We assess whether your systems fall in scope and which risk tier applies before building the compliance plan.

What are the EU AI Act risk tiers?

The Act sorts systems into prohibited, high-risk, limited-risk, and minimal-risk categories, with the heaviest obligations — conformity assessments, documentation, human oversight — falling on high-risk systems. We map your systems to the tiers so effort goes where the law requires it.

What US laws govern AI right now?

There is no single federal AI statute yet. Companies navigate a patchwork: state privacy laws, automated-employment-decision rules like New York City's Local Law 144, sector regulators, and active FTC and Copyright Office activity. We track the ones that touch your operations rather than all of it at once.

Can you guarantee we will be compliant?

No — and be wary of anyone who promises that on rules this unsettled. What we can do is build a documented, good-faith compliance program aligned to the current and anticipated requirements, which is what regulators and courts actually look for. The goal is defensibility, not a promise the law cannot support.

Should we engage with regulators, or just comply?

For companies whose operations are materially affected, both. Beyond building compliance, we draft comment letters and submissions to bodies like the FTC, Copyright Office, and NIST so your operational realities are represented while the rules are still being written.

Practice - AI Law - Policy and regulatory

AI Policy & Regulatory Engagement

The regulatory framework for artificial intelligence is actively being authored across multiple jurisdictions. We counsel enterprises on how to operate ahead of formal agency rulemaking, structuring internal compliance to align with the EU AI Act, the patchwork of state privacy laws, and emerging federal directives. For industry leaders, we draft comment letters and directly engage with policymakers to shape the regulations before they become law.

Begin the matter Review the steps

Matter: Compliance architecture
Register: Transactional
Counsel: Christopher Moye

Policy and regulatory

Operating ahead of rulemaking

Waiting for clarity is a strategic failure.

The problem

AI regulation is being written right now across the EU, the states, and federal agencies — and companies have to comply with rules that are still moving.

The EU AI Act's risk tiers, a growing patchwork of state privacy and automated-decision laws, and active FTC, Copyright Office, and NIST rulemaking all bear on systems being deployed today. Building compliance to the trajectory — not just the current statute — is what keeps a deployment from being rebuilt every time a rule lands.

Principles Â· 01

How we draft the matter.

Every engagement is composed against these commitments. They shape the protections we add, the questions we ask, and the document that leaves the file.

Â§ 01

Operating ahead of rulemaking

Waiting for clarity is a strategic failure. We architect compliance frameworks based on legislative trajectories, not just existing statutes.

Â§ 02

Jurisdictional harmony

The EU AI Act and state-level directives conflict. We design unified compliance structures that satisfy the most stringent global requirements.

Â§ 03

Active engagement

We do not just react to policy; we help author it. We draft the technical comments that influence agency determinations.

What we watch Â· 02

What can break the matter.

These are the terms, structures, and practical risks that usually decide whether the work holds when the file is tested.

GCCOMPLIANCE

EU AI Act Compliance

Mapping enterprise systems against the EU AI Act risk tiers and implementing the conformity assessments required for high-risk deployments.

ENTERPRISEHR

State-Level Patchwork

Navigating the contradictory landscape of state privacy laws, automated employment decision tools (AEDT) regulations, and consumer protection mandates.

FOUNDERBOARD

Agency Rulemaking

Drafting formal responses to FTC, Copyright Office, and NIST requests for comment to protect enterprise interests during the regulatory drafting phase.

The work Â· 03

Four steps. One engagement.

Each step is concrete; each step has a deliverable. The scope is defined, the matter moves, and the file closes.

01
Regulatory Mapping
We audit your planned AI deployments against the current and anticipated global regulatory landscape.
02
Gap Analysis
We identify areas where current data practices or model transparencies fail to meet emerging statutory requirements.
03
Framework Implementation
We draft the internal policies, bias-testing protocols, and documentation required to demonstrate good-faith compliance.
04
Policy Advocacy
We represent your operational realities in formal submissions to regulatory bodies to shape practical, survivable rules.

Proof

What stands behind the work.

What stands behind the work — credentials and representative engagements, stated plainly.

Authorship

AI policy and regulatory matters are handled by Christopher Moyé, Esq., who publishes on AI regulation and engages in agency rulemaking.

Scope of practice

EU AI Act risk-tier mapping, multi-state privacy and automated-decision compliance, internal AI governance frameworks, and formal agency comment submissions.

How the work is run

We map your deployments against the current and anticipated rules, then build compliance to the most stringent requirement so one framework covers many jurisdictions.

Common questions

Questions clients ask.

Plain answers to the questions that come up most. If yours is not here, send the facts — we answer in writing.

Does the EU AI Act apply to a US company?: It can. The Act reaches providers and deployers whose AI systems are used in the EU, regardless of where the company sits — much as the GDPR did. We assess whether your systems fall in scope and which risk tier applies before building the compliance plan.
What are the EU AI Act risk tiers?: The Act sorts systems into prohibited, high-risk, limited-risk, and minimal-risk categories, with the heaviest obligations — conformity assessments, documentation, human oversight — falling on high-risk systems. We map your systems to the tiers so effort goes where the law requires it.
What US laws govern AI right now?: There is no single federal AI statute yet. Companies navigate a patchwork: state privacy laws, automated-employment-decision rules like New York City's Local Law 144, sector regulators, and active FTC and Copyright Office activity. We track the ones that touch your operations rather than all of it at once.
Can you guarantee we will be compliant?: No — and be wary of anyone who promises that on rules this unsettled. What we can do is build a documented, good-faith compliance program aligned to the current and anticipated requirements, which is what regulators and courts actually look for. The goal is defensibility, not a promise the law cannot support.
Should we engage with regulators, or just comply?: For companies whose operations are materially affected, both. Beyond building compliance, we draft comment letters and submissions to bodies like the FTC, Copyright Office, and NIST so your operational realities are represented while the rules are still being written.