Yes — the EU AI Act can apply to your MENA or Gulf company even if you have no office in Europe. If you place an AI system on the EU market, or the output of your AI system is used inside the EU, you fall within its scope. The core obligations apply from 2 August 2026, and fines reach up to €35M or 7% of global annual turnover.
The two triggers that put a MENA or Gulf company in scope
The EU AI Act is extraterritorial. You do not need an EU entity, office, or server to be covered. You are in scope if either of these is true:
- You place an AI system (or general-purpose AI model) on the EU market — selling, licensing, or otherwise making it available to users or businesses in the EU.
- The output of your AI system is used in the EU — even if the system runs entirely on servers in the UAE, Saudi Arabia, Egypt, or Morocco, if its results (scores, recommendations, generated content, decisions) are used by people or companies inside the EU, the Act applies.
In practice, a Gulf SaaS company serving European customers, a North African agency delivering AI-generated work to EU clients, or a regional bank whose AI models score EU-based applicants can all be caught.
Which risk tier are you in?
The Act is risk-based. Your obligations depend on what your AI does, not on your size:
- Unacceptable risk (banned since February 2025): social scoring, manipulative or exploitative systems, most real-time biometric identification in public.
- High risk (the heavy tier, from 2 August 2026): AI used in hiring, credit and insurance, education, essential services, biometrics, and critical infrastructure. Requires risk management, data governance, human oversight, technical documentation, a conformity assessment, CE marking, and EU database registration.
- Limited risk (transparency): chatbots, AI-generated content, and deepfakes must be clearly disclosed to users.
- Minimal risk: most other AI (spam filters, recommendation engines) — no new obligations, but good practice still helps.
The deadlines that matter
- 1 August 2024 — the Act entered into force.
- 2 February 2025 — bans on unacceptable-risk systems took effect.
- 2 August 2025 — obligations for general-purpose AI (GPAI) models began.
- 2 August 2026 — the main obligations, including high-risk requirements, apply.
What non-compliance costs
Penalties are tiered: up to €35M or 7% of global annual turnover for prohibited practices; up to €15M or 3% for breaching other obligations; and up to €7.5M or 1% for supplying incorrect information to authorities — whichever is higher.
What a MENA or Gulf company should do now
- Inventory your AI. List every AI system and model you build, deploy, or resell, and where its output lands.
- Classify each one against the risk tiers to see what actually applies to you.
- Map the high-risk gaps — human oversight, documentation, data governance, transparency notices.
- Assign accountability and a remediation timeline before the August 2026 deadline.
- Get a readiness baseline. A structured assessment turns the regulation into a concrete, prioritized action list.
Owl & Goats helps MENA and Gulf companies do exactly this. Start with the free AI Readiness Audit to see roughly where you stand in two minutes, or go straight to the fixed-price EU AI Act Readiness Assessment for a full, prioritized compliance plan. You can also review our transparent pricing.
