I am Constantin Răzvan Gospodin Florea — a Spanish-barred lawyer (ICATF nº 5961) now based in New York, helping NYC companies navigate the EU AI Act with the depth only a native European regulatory background provides. For any NYC business with European users, employees, or operations, the Regulation is already in force — and it is being read, interpreted, and enforced by people who learned law the way I did.
Most NYC advisors learned the EU AI Act by reading summaries written for a US audience. I learned EU law natively — through legal education in Romania and Spain, through years of practice in EU regulatory matters, as a member of the Spanish Bar. The difference is not cosmetic. It changes how the Regulation is read, which recitals matter, how national market surveillance authorities will interpret ambiguity, and where the enforcement risk actually sits.
EU Regulations are read differently than US statutes. Recitals carry real interpretive weight. Harmonised standards fill gaps left deliberately open in the text. National transposition variations matter even for directly applicable Regulations. I read them the way European lawyers read them — because that is how I was trained.
Annex IV technical documentation, Article 9 risk management systems, Article 10 data governance records — these will eventually be inspected by national market surveillance authorities staffed by European regulators. Documents drafted for that audience, in that register, survive inspection. Documents drafted for a US audience often do not.
Based in NYC means I work in your timezone, understand the US market context your company operates in, and coordinate with your US counsel and engineering teams directly. You do not need to run two-language, two-timezone, two-culture workstreams to get EU compliance done properly.
Article 2 of Regulation (EU) 2024/1689 reaches operators established outside the Union. For a NYC company, the practical test reduces to whether one of the following is true.
If your product — including an AI-embedded SaaS — is made available to users in the EU regardless of where your company is established, you are a provider within the meaning of Article 2(1)(a). This includes EU customers, EU subscriptions, and EU-targeted commercial activity.
Deploying an AI tool through an EU subsidiary, processing EU employee data through a US-hosted AI system, or operating an AI-driven service consumed by EU users triggers deployer obligations under Article 2(1)(b) and Article 26.
Article 2(1)(c) captures deployers established in third countries where the output of the AI system is used in the Union. For a NYC company running a model that generates decisions or recommendations consumed by persons in the EU, this is the trigger — and it is the one most often missed by US counsel.
Most NYC companies mapping their AI exposure for the first time discover that at least one of the three applies. High-risk application dates — 2 December 2027 for Annex III standalone systems, 2 August 2028 for AI in Annex I products, under the post-trilogue Digital Omnibus timeline — do not pause for discovery.
Most AEDTs used in NYC recruitment are simultaneously classified as Annex III high-risk AI systems under the EU AI Act. The regimes overlap in evidence base — bias data, governance documentation, candidate notice infrastructure — but diverge in specific obligations. An advisor fluent in both saves you duplicate workstreams.
Bias statistics (LL144 selection rate and impact ratio overlap with EU AI Act Article 10 bias examination). Data governance documentation. Candidate notice (LL144 pre-use notice overlaps with Article 26(11) deployer disclosure). Annual audit cadence (LL144 one-year window aligns with Article 9 iterative risk management).
EU database registration under Article 49 has no LL144 equivalent. Fundamental rights impact assessment under Article 27. Harmonised standards methodology. The Union discrimination acquis covers broader protected categories than NYC Human Rights Law.
Already running LL144 bias audits? A single integrated workstream covers both regimes.
Scope your dual compliance — free assessmentIn the early hours of 7 May 2026, the Council of the EU and the European Parliament reached provisional political agreement on the Digital Omnibus on AI (COM(2025) 836). Two fixed dates are confirmed: 2 December 2027 for Annex III standalone high-risk systems, 2 August 2028 for AI embedded in Annex I regulated products. The Commission's original conditional mechanism tying application to standards readiness was rejected. Both institutions intend to complete formal adoption before 2 August 2026. Until publication in the Official Journal, the original AI Act dates remain legally binding.
Two operational deadlines now fall on 2 December 2026 and matter immediately. First, a new Article 5 prohibition on AI systems generating non-consensual intimate imagery (NCII) and child sexual abuse material (CSAM). Second, a four-month transitional period for the Article 50(2) watermarking obligation closes — providers of generative AI on the EU market before 2 August 2026 must have machine-readable content marking production-ready by then. Article 4 (AI literacy) and the eight existing Article 5 prohibitions remain unchanged and enforceable since 2 February 2025. GPAI obligations under Chapter V apply since 2 August 2025.
The technical documentation required under Annex IV, the risk management system under Article 9, and the data governance evidence under Article 10 cannot be retrofitted quickly. Companies that treat the extension as a reason to defer are the companies whose first enforcement inquiry, whenever it arrives, will find them unprepared.
For the post-trilogue analysis see The Digital Omnibus on AI political agreement of 7 May 2026: what NYC companies should do now.
euaiactnyc is the public-facing presence for the EU AI Act practice operated through Lexara Advisory LLC. All client engagement runs through the parent entity.
A structured review determining whether your AI systems fall within Article 2 territorial scope, whether they are high-risk under Annex III, and which obligations follow. Delivered as a written memo with decision documentation that survives regulator inspection.
Drafting and structuring of the technical documentation required under Article 11 and Annex IV for providers, or the equivalent deployer records under Article 26. Written in the register that EU market surveillance authorities will actually inspect.
An integrated workstream aligning LL144 bias audit cadence with EU AI Act risk management, producing evidence usable by both regimes. Designed to be defensible if DCWP or an EU market surveillance authority reviews the file.
Constantin Răzvan Gospodin Florea — a Spanish-barred lawyer (Ilustre Colegio de Abogados de Santa Cruz de Tenerife, nº 5961) with legal training in Romania and Spain, and approximately a decade of practice under EU regulatory frameworks. IAPP AIGP candidate. Author of Guilty Algorithm, a 33-chapter editorial work on AI regulation across criminal justice, immigration, and surveillance.
Based in New York City. Operates Lexara Advisory LLC, an AI governance consulting firm specialised in the EU AI Act for US-based organisations.
The EU AI Act applies to non-EU providers and deployers through Article 2(1)(a), (b), and (c). A US-incorporated company with European users, EU-based employees, or whose AI outputs are used in the Union can fall under one or more of those scope grounds. The factual test is deployment reality, not place of incorporation.
EU Regulations are read differently than US statutes. Recitals carry interpretive weight, harmonised standards fill gaps left deliberately open, enforcement moves through national market surveillance authorities staffed by European regulators. Documents drafted for a US audience — even well-drafted ones — often miss registers and conventions the inspecting authority expects. An EU-trained lawyer reads and drafts natively. The quality gap matters most exactly when you would rather not be reading the compliance file — when the authority is reading it.
A provider (Article 3(3)) develops an AI system and places it on the market or puts it into service under its own name. A deployer (Article 3(4)) uses an AI system under its authority. Obligations differ — providers bear the primary conformity assessment and Annex IV documentation burden; deployers bear Article 26 operational obligations. Many NYC companies are deployers, not providers, for the AI tools they license.
No. LL144 and the EU AI Act measure bias with different methodologies and different protected categories. LL144 covers sex, ethnicity, race, and their intersections. The EU AI Act, aligned with the Union discrimination acquis, covers a broader set. An LL144-compliant audit may form part of the EU AI Act evidence base but does not discharge Article 10 expectations on its own.
I am a European lawyer (Spanish Bar, ICATF nº 5961) now based in NYC, advising on EU AI Act compliance. Lexara Advisory LLC is an AI governance consulting firm. Where a matter requires US legal representation — for example responding to a DCWP investigation or an EEOC charge — clients engage qualified US counsel, and I coordinate as the EU AI Act technical lead. This structure is how many global compliance matters are actually staffed: the best person for the European regulation drafts the European documentation, alongside the best person for the US proceeding.
EU AI Act guidance