Which EU representative does your company need?
Four EU digital acts require companies without an establishment in the Union to designate a representative there — each under its own conditions, with its own tasks and its own name for the role: the GDPR and NIS2 speak of a representative, the DSA of a legal representative, the AI Act of an authorised representative (US spelling: authorized representative). Use this overview to compare the four duties side by side, then open the service page for the designation — or combination of designations — that matches your setup.
Software & appointed EU representation: Regingada UG (haftungsbeschränkt) · Legal advice exclusively: Kanzlei Theo Funk — separate mandate
The four representative duties at a glance
| Criterion | GDPR | DSA | AI Act | NIS2 |
|---|---|---|---|---|
| Legal act & norm | Article 27, Regulation (EU) 2016/679 (GDPR) | Article 13, Regulation (EU) 2022/2065 (Digital Services Act) | Articles 22 & 54, Regulation (EU) 2024/1689 (AI Act) | Article 26(3), Directive (EU) 2022/2555 (NIS2) |
| Who must appoint | Controllers and processors without an EU establishment whose processing falls under Article 3(2) GDPR — offering goods or services to, or monitoring the behaviour of, people in the Union (exemptions in Article 27(2)) | Providers of intermediary services — mere conduit, caching, hosting, including online platforms and online search engines — with no EU establishment that offer services in the Union | Providers established in third countries: of high-risk AI systems, before making them available on the Union market (Article 22(1)); of general-purpose AI models, before placing them on the Union market (Article 54(1)) | Entities of the kinds listed in Article 26(1)(b) — DNS service providers, TLD name registries, domain name registration services, cloud computing, data centres, CDNs, managed (security) service providers, online marketplaces, online search engines, social networking platforms — not established in the Union but offering services within it |
| Core tasks | Addressee — in addition to or instead of the controller or processor — for supervisory authorities and data subjects on all issues related to processing (Article 27(4)); maintains the record of processing activities (Article 30) | Addressee for Member State authorities, the Commission and the Board on all issues necessary for the receipt of, compliance with and enforcement of decisions (Article 13(2)); contact details notified to the Digital Services Coordinator (Article 13(4)) | Performs the tasks in the provider's written mandate: verifies the EU declaration of conformity and technical documentation, keeps documentation at the disposal of authorities, cooperates with them (Article 22(3); for general-purpose AI models: Article 54(3)) | Acts on the entity's behalf and can be addressed by competent authorities or CSIRTs in place of the entity; the entity is deemed to be under the jurisdiction of the Member State where the representative is established (Article 26(3)) |
| Applies since | 25 May 2018 | Fully applicable since 17 February 2024 | Article 54 (general-purpose AI models) applies since 2 August 2025 — models placed on the market before that date: transition until 2 August 2027 (Article 111(3)); Article 22 (high-risk) applies from 2 August 2026; for high-risk systems under Article 6(1) (Annex I products) from 2 August 2027 | Directive — Member States had to transpose it by 17 October 2024; the duty applies through national implementing law |
| Service page | GDPR Article 27 representative → | DSA legal representative → | AI Act authorised representative → | NIS2 EU representative → |
Pick your regime
-
GDPR · Art. 27
GDPR Representative
For controllers and processors outside the EU that offer goods or services to, or monitor, people in the Union.
To the service page → -
DSA · Art. 13
DSA Legal Representative
For providers of intermediary services — hosting, platforms, marketplaces, search engines — without an EU establishment.
To the service page → -
AI Act · Art. 22 & 54
AI Act Authorised Representative
For third-country providers of high-risk AI systems and of general-purpose AI models, before EU market entry.
To the service page → -
NIS2 · Art. 26(3)
NIS2 EU Representative
For DNS, cloud, data-centre, CDN, managed-service and platform entities that offer services in the Union without being established there.
To the service page →
Not sure which duty applies, or whether several apply together? Contact Regingada for representation and product scoping. Legal advice on representative obligations — Kanzlei Theo Funk (separate mandate).