Database Registration · Article 71 · Updated 8 May 2026

EU AI Act Database Registration — What US Companies Need to Know

until the next EU AI Act obligation takes effect

What the EU database registration requirement means for US companies deploying high-risk AI — updated after the Digital Omnibus provisional agreement of 7 May 2026.

The registration obligation

Article 71 of the EU AI Act requires providers of high-risk AI systems listed in Annex III to register their systems in the EU database before placing them on the market or putting them into service. This obligation applies to all in-scope providers, including those based outside the EU whose systems' outputs are used within the Union.

The EU database is a publicly accessible repository managed by the European Commission. Its purpose is to enhance transparency and enable regulatory oversight. Registration must occur before deployment — not after. Retroactive registration is not compliant.

What must be registered

Under Annex VIII, the registration submission must include: the provider's name, address, and contact information; the name and description of the AI system; its intended purpose; the risk classification and the basis for that classification; the conformity assessment procedure followed; the Declaration of Conformity reference; and the Member States where the system is placed on the market or put into service.

For deployers that are public authorities or institutions using high-risk AI systems, separate registration obligations also apply.

When the registration deadline applies — current and proposed regimes

The Digital Omnibus on AI, provisionally agreed on 7 May 2026, proposes to delay the high-risk obligations — including the registration requirement that depends on a completed conformity assessment. Until the Omnibus is formally adopted and published in the Official Journal, the original timeline applies as written.

Annex III stand-alone systems (employment, finance, education, law enforcement, etc.):

  • Currently in force: registration must be completed by 2 August 2026
  • Proposed under the Omnibus: 2 December 2027

Annex I embedded systems (medical devices, machinery, vehicles):

  • Currently in force: registration aligned with 2 August 2027
  • Proposed under the Omnibus: 2 August 2028

The proposed deferral is not yet legally binding. Organizations should plan against the current dates and treat the deferral, if it materializes, as a supervening benefit.

Why registration cannot be done in isolation

Registration requires a completed conformity assessment, meaning the entire compliance process — risk management, data governance, technical documentation, human oversight design — must be finished before registration is possible. The database entry references the Declaration of Conformity, which is itself the output of a complete compliance program. This is why the registration deadline is, in practical terms, the deadline for everything that precedes it.

Even under the proposed Omnibus timeline, a typical high-risk compliance program requires 4 to 6 months from initiation to a Declaration of Conformity. Registration is the final step, not the first one.

Implications for US companies without an EU establishment

US companies with no EU presence must appoint an EU authorised representative under Article 22 of the Act. The authorised representative provides the EU contact point that registration requires — without this appointment, registration cannot proceed and the AI system cannot legally be offered in the EU market. The mandate must be in writing, and the representative must be established in one of the Member States where the system is placed on the market.

This is a structural requirement, not an optional convenience. The EU database itself will not accept a registration submission without a valid EU contact point, and providers that attempt to deploy without one face the standard high-risk non-compliance penalty regime: up to €15M or 3% of global annual turnover.

Lexara coordinates EU representative mandates for US providers through our partner SecureFound (Spain). The same regulatory exposure that triggers Article 71 registration also triggers Article 22 representation — the two obligations move together.

Database registration is a legal task, not a technical one

Registration requires precise descriptions of the system's purpose, its risk classification rationale, and the conformity assessment evidence. Errors or omissions in registration create enforcement exposure. Imprecise risk classifications, especially around Article 6(3) exemption claims, can be reviewed by national market surveillance authorities and challenged in the public registry. Drafting registration entries is closer to drafting a regulatory filing than completing a form.

Related reading

EU AI Act Compliance Audit · EU AI Act Timeline · EU Authorised Representative · EU AI Act Fines

Assess your exposure

Take our free 5-minute assessment to determine how these obligations apply to your organization under both the current and proposed regimes.

Start the assessment

Last updated 8 May 2026 to reflect the Digital Omnibus provisional agreement reached on 7 May 2026. Lexara Advisory LLC — AI governance consulting. Not legal advice under U.S. law. About the author.

LA

Lexara Assistant

AI compliance guidance

AI assistant — not a lawyer, not legal advice
We use cookies to analyze site traffic. No tracking without consent. Privacy Policy

Cookie Preferences

Strictly Necessary

Required.

Analytics

Google Analytics.