The EU’s Digital Services Act (DSA) affects businesses both inside and outside the EU. It applies to companies that provide ‘intermediary services’ like transmitting, storing, or hosting information online, as well as online search engines. If these companies serve or target a significant number of users in the EU, they must follow the DSA rules, no matter where they are based.
For non-EU-based providers, the DSA mandates the appointment of a legal representative within the EU. This representative is crucial for ensuring effective oversight and compliance with the DSA’s regulations, and for facilitating cooperation with the relevant EU authorities.
At Kanto, we offer these representation services and can serve as your legal representative. We handle all communications and coordination with relevant authorities, the European Commission, and the European Board for Digital Services, ensuring that you meet the requirements of the DSA.
Unsure about the requirements or whether your company falls under the scope of the DSA? Click here to visit our FAQ section for more details.
Under Article 27 of the GDPR, companies established outside the European Union (EU) must appoint an EU representative if they:
- Offer goods or services to individuals in the EU, even if provided for free.
- Monitor the behaviour of individuals within the EU, such as cookie profiling.
The GDPR representative requirement applies to both data controllers and processors, meaning it covers businesses that process personal information for their own purposes as well as those processing it on behalf of another company.
For example, you need a GDPR representative if you run an online shop or marketplace targeting EU customers, provide a cloud-based software solution, or offer an AI service on a SaaS basis. We can provide these services to you and act as your Article 27 Representative in the EU.
Unsure about the requirements? Click here to visit our FAQ section for more details.
UK Data Protection Representative Services
If your organisation processes personal data of individuals in the UK but does not have a physical presence in the country, you may be required to appoint a UK Data Protection Representative under the UK GDPR.
Our UK Data Protection Representative Service ensures compliance with legal requirements by acting as your official point of contact for data subjects and the UK Information Commissioner’s Office (ICO).
Unsure about the requirements? Click here to visit our FAQ section for more details.
Swiss Data Protection Representative Services
If your business is based outside Switzerland but processes personal data of Swiss individuals, you may be required to appoint a Swiss Data Protection Representative under the Swiss Federal Act on Data Protection (FADP).
Our services include acting as your official contact for Swiss data subjects and the Swiss Data Protection Authority (FDPIC), managing data subject requests, handling data breach notifications, and ensuring compliance with Swiss data protection regulations.
Unsure about the requirements? Click here to visit our FAQ section for more details.
If your business handles personal data in the EU, UK, or Switzerland, you’re legally required to follow data protection laws. But hiring a full-time expert isn’t always realistic and figuring it out yourself takes time you don’t have.
We offer Data Protection Officer as a Service—practical, no-fuss support to keep your company compliant without unnecessary complexity. Whether it’s reviewing policies, responding to customer data requests, or managing a security issue, we handle it so you can focus on running your business.
What You Get:
- Straightforward guidance – No legal mumbo jumbo, just clear answers to your questions.
- Proactive compliance – We keep up with changing laws and tell you what actually matters.
- Help when it counts – Whether it’s a routine check or an urgent issue, we’re here when you need us.
- Flexible and cost-effective – Expert support, without the commitment of hiring in-house.
Want to know how this works in real life? Check out our FAQ for the details.
The European Union’s Artificial Intelligence Act introduces strict legal requirements for companies developing or offering high-risk AI systems or general-purpose AI models in the EU. If your business is based outside the EU but provides AI-powered products or services within the region, you may be required to appoint an AI Act Authorised Representative.
We act as your designated representative in the European Union, ensuring that your AI system meets regulatory requirements and serving as your official point of contact for European authorities.
Who Needs an Authorised Representative?
Non-EU businesses developing or providing:
- High-risk AI systems – AI used in sensitive areas like healthcare, employment, education, or regulated industries.
- General-purpose AI models – Large-scale AI models capable of performing multiple tasks and being integrated into various applications.
If your AI falls into these categories, failing to appoint a representative could lead to fines of up to 15 million euros or 3% of global turnover, as well as restrictions on access to the EU market.
How We Help
- Regulatory Compliance – We verify that your AI meets EU legal requirements, including documentation and conformity assessments.
- Official EU Contact – We communicate with European regulators on your behalf and manage compliance requests.
- Risk Management – We help you stay ahead of legal changes and reduce the risk of penalties or business disruptions.
- Documentation & Reporting – We maintain required records and assist with mandatory reporting obligations.
Why Act Now?
Although the requirement takes effect in August 2026, compliance with the AI Act involves technical documentation, risk assessments, and ongoing monitoring. Preparing early ensures a smooth transition and minimizes last-minute legal risks.
Get in touch to discuss how we can support your AI compliance strategy.
