Why the increase in business representatives in the EU?

Recent EU digital laws have introduced extraterritorial obligations that require foreign companies to appoint law-specific company representatives in one or more EU member states.

Which new extraterritorial laws require representatives?

Foreign companies that profile or offer services to individuals located in the EU, Iceland, Liechtenstein or Norway are already familiar with Article 27 of the EU General Data Protection Regulation that requires them to appoint a GDPR representative. More recently, organizations outside the EU that are classified as information society and communications services, or host, store and disseminate user-generated content, offer critical infrastructures in the EU, or provide artificial intelligence systems or license general purpose AI models, need to assess whether they are bound by the new EU digital laws.

Depending on the answer, they may need to appoint multiple representatives to meet specific digital laws and deadlines. The date for the GDPR, Addressing Terror Content Online Regulation, Digital Services Act, Data Governance Act, and NIS2 Directive has already passed. The deadline to appoint AI authorized representatives for the AI Act general purpose AI models with systemic risks is 2 Aug. 2025 and 2 Aug. 2026 for high-risk AI systems. Lastly, the EU e-Evidence package includes a directive to designate "at least one legal representative by 18 August 2026." 

What is the motivation behind requiring businesses to appoint representatives?

There are two primary reasons behind the legislative trend requiring foreign organizations to appoint company representatives in the EU.