EU AI Act Article 99: Penalties, Fines, and the Three-Tier Framework
Article 99 EU AI Act: €35M/7%, €15M/3%, €7.5M/1% fine tiers explained. SME cap, Article 101 GPAI fines, worked examples. In force from 2 August 2025.
Article 99 of Regulation (EU) 2024/1689 is where member states' enforcement powers become concrete numbers. Three tiers of administrative fines apply, each expressed as "whichever is higher" of a fixed euro amount or a percentage of total worldwide annual turnover for the preceding financial year. For large companies, the percentage almost always bites harder than the fixed cap. For smaller companies, Article 99(6) reverses that logic entirely. Understanding which tier applies to which obligation — and to which actor — is the first step in calibrating your actual exposure.
Penalty provisions have applied since 2 August 2025, the same date GPAI obligations and EU AI Act governance structures came into force.
The Three Fine Tiers at a Glance
| Paragraph | Trigger | Fixed cap | Turnover % | Whichever is... |
|---|---|---|---|---|
| Art 99(3) | Breach of Article 5 prohibitions | €35,000,000 | 7% | Higher |
| Art 99(4) | Non-compliance with most other obligations | €15,000,000 | 3% | Higher |
| Art 99(5) | Incorrect/incomplete/misleading info to authorities | €7,500,000 | 1% | Higher |
| Art 99(6) | SMEs and start-ups — all tiers | Same fixed caps | Same % | Lower |
One figure you may have seen elsewhere — "€30 million or 6%" — does not exist in the Act. There are exactly three tiers. The figures above are the correct ones.
Article 99(3): The Article 5 Prohibition Tier
Violations of Article 5 — the banned practices — attract the highest penalties: up to €35,000,000 or 7% of total worldwide annual turnover, whichever is higher. Article 5 has applied since 2 February 2025, so enforcement against these violations is already live.
The six prohibited categories include: AI systems using subliminal or manipulative techniques causing significant harm; exploitation of vulnerable groups; public authority social scoring; real-time remote biometric identification in publicly accessible spaces (with three narrow law enforcement exceptions); biometric categorisation inferring sensitive attributes; and emotion recognition in workplaces or educational institutions.
For a company with €600 million annual turnover, 7% = €42 million, which exceeds the €35 million fixed cap. The authority imposes €42 million. There is no ceiling that protects large companies from the percentage calculation — that is the point of the "whichever is higher" structure.
These violations are absolute. Intent, partial mitigation, and good-faith compliance programmes can influence where within the tier a fine lands, but they cannot reduce the tier itself.
Article 99(4): Non-Compliance with Other Obligations
The middle tier — €15,000,000 or 3% of total worldwide annual turnover, whichever is higher — covers non-compliance with obligations other than Article 5. This is where most enforcement actions will concentrate, because it encompasses the full stack of high-risk AI requirements and supply-chain duties.
Obligations explicitly within this tier include:
- Article 16 — provider obligations (the overarching duty list for providers)
- Article 22 — authorised representatives of providers
- Article 23 — importer obligations
- Article 24 — distributor obligations
- Article 26 — deployer obligations
- Article 50 — transparency for limited-risk AI (chatbots, deepfakes, emotion recognition, synthetic content)
The high-risk technical requirements that providers must satisfy — risk management under Article 9, data governance under Article 10, technical documentation under Article 11, record-keeping under Article 12, transparency to deployers under Article 13, human oversight under Article 14, accuracy and cybersecurity under Article 15, quality management under Article 17, conformity assessment under Article 43, EU Declaration of Conformity under Article 47, CE marking under Article 48, and registration under Article 49 — all feed into Article 16's provider obligations, meaning failures against them ultimately fall under this tier.
A company with €50 million turnover facing a Tier 2 violation: 3% = €1.5 million. The fixed cap of €15 million does not apply unless the percentage calculation would exceed it, which for a €50 million company it does not.
Article 99(5): Incorrect or Misleading Information
Providing incorrect, incomplete, or misleading information to a notified body or competent authority carries a separate penalty: up to €7,500,000 or 1% of total worldwide annual turnover, whichever is higher.
This tier is procedural rather than substantive — it targets obstruction and misrepresentation during investigations or conformity assessment processes, not the underlying compliance failure itself. A company that has a genuine Article 10 gap but cooperates fully faces Tier 2 exposure. A company that fabricates its technical documentation during a regulatory audit adds Tier 3 exposure on top.
Article 99(6): The SME and Start-Up Cap
For companies that qualify as SMEs or start-ups under EU definitions, the "whichever is higher" rule reverses to "whichever is lower." This means the fixed cap applies if the percentage calculation would be smaller — not the other way around.
Worked example. A company with €2 million annual turnover violates a provider obligation under Article 16 (Tier 2). The calculation:
- Fixed cap: €15,000,000
- Percentage: 3% × €2,000,000 = €60,000
The SME pays €60,000, not €15 million. The protection is substantial. For an Article 5 violation by the same company: 7% × €2 million = €140,000, against a fixed cap of €35 million. The SME pays €140,000.
The cap applies to the fine calculation only — not to the underlying obligations. An SME must still implement the same risk management system, technical documentation, and conformity assessment as a multinational. The Act recognises resource constraints only in the penalty arithmetic.
To qualify, your organisation must meet the EU SME definition: fewer than 250 employees, annual turnover ≤€50 million, or balance sheet total ≤€43 million. Start-ups are generally treated on the same basis.
Article 99(7): Factors Considered When Setting the Fine
Article 99(7) directs member state authorities to consider the following factors when setting the fine amount within an applicable tier:
- Nature, gravity, and duration of the infringement and its effects
- Whether the infringement was intentional or negligent
- Actions taken to mitigate harm to affected persons
- Degree of responsibility of the provider or deployer
- Relevant prior infringements by the same operator
- Cooperation with the competent authority
- Size and market share of the operator
- Any other aggravating or mitigating circumstances
These factors do not change which tier applies — a Tier 1 violation remains Tier 1. But they determine where within the tier's range the authority sets the figure. A first-time infringement by a company that halted the system within 48 hours of discovery and provided full documentation may receive a substantially lower amount than the ceiling. Intentional concealment, repeat violations, or refusal to cooperate push toward the maximum.
A worked illustration. Take a 120-person HR-tech company (€18M turnover) that deploys a high-risk recruitment AI without completing its Article 9 risk management system — a clear Tier 2 breach. Maximum exposure: 3% × €18M = €540,000 (lower than the €15M fixed cap, so under Art 99(6) the SME pays €540,000). The authority then applies Art 99(7): the company self-reported the gap, remediated within 60 days, has no prior violations, and cooperated fully. In practice this profile would typically attract a figure well below the ceiling — possibly 20–40% of maximum. Contrast that with a company that concealed the gap after an authority inquiry: the Art 99(7) cooperation and mitigation factors invert, pushing toward the full €540,000 and potentially triggering additional Art 99(5) exposure for the misleading response.
The EU AI Act does not establish a formal leniency programme analogous to EU competition law. Voluntary self-disclosure is a mitigating factor under Art 99(7), but it does not guarantee immunity or a defined discount. Companies discovering compliance gaps have a practical incentive to remediate and document the remediation — but should take legal advice before deciding whether and when to approach an authority.
Article 100: Fines for EU Institutions and Bodies
When an EU institution, body, office, or agency falls within the scope of the EU AI Act, enforcement authority rests with the European Data Protection Supervisor (EDPS), not with member state competent authorities. Article 100 grants the EDPS equivalent fine powers for these entities.
This provision is relevant in practice for any organisation that builds or deploys AI systems on behalf of EU institutions, or for EU bodies themselves integrating AI in administrative workflows.
Article 101: GPAI Provider Fines (Commission-Level Enforcement)
General-purpose AI (GPAI) model providers face a distinct enforcement track. Under Article 101, the European Commission — not member state authorities — may impose fines on GPAI model providers for:
- Infringement of obligations under Chapter V of the Act
- Providing incorrect, incomplete, or misleading information in response to a Commission request
Fine ceiling: €15,000,000 or 3% of total worldwide annual turnover, whichever is higher. The same SME-favourable "whichever is lower" logic from Article 99(6) applies here too.
GPAI obligations have applied since 2 August 2025. The Digital Omnibus deferral that pushed the high-risk Annex III deadline to December 2027 does not affect Chapter V or Article 101.
Scope: Who Is Liable Under Article 99?
Article 99 assigns liability based on role and violation. The same system can expose multiple parties simultaneously.
Providers (Article 16) bear responsibility for failures in system design, technical documentation, data governance, conformity assessment, and post-market monitoring. If a provider fails to document training data under Article 10, that is a Tier 2 breach.
Deployers (Article 26) are responsible for failures in their deployment decisions: not following the provider's instructions of use, not implementing meaningful human oversight under Article 14, or misusing the system for a purpose outside its intended scope.
Importers (Article 23) and distributors (Article 24) carry their own supply-chain duties; breaches of those also fall under Tier 2.
Article 25 role shifts matter here: if a deployer substantially modifies a high-risk system or deploys it under its own name, it becomes a provider and assumes the heavier obligation stack — and the heavier enforcement exposure.
Where both a provider and a deployer contributed to a violation (for example, the provider omitted material limitations in the instructions of use, and the deployer proceeded without verifying them), both may receive separate fines.
Turnover Calculation: Group Structure and Consolidation
"Total worldwide annual turnover of the preceding financial year" means the consolidated revenue of the entire corporate group. A subsidiary cannot use its own standalone turnover to cap its exposure if the parent group has substantially higher revenue.
Example. A software subsidiary with €15 million annual turnover is 100% owned by a group with €800 million consolidated turnover. The subsidiary commits an Article 5 violation. The fine base is €800 million — 7% = €56 million, which exceeds the €35 million fixed cap. Under the "whichever is higher" rule, the authority imposes €56 million (the percentage), not €35 million (the fixed cap). The subsidiary cannot shelter behind its own €15 million revenue figure. This is a significant consideration for any company that is part of a larger group.
Practical Scenarios
Scenario A: Article 5 violation — social scoring by a regional authority
A municipal authority deploys an AI system scoring residents on social behaviour, informing access to public benefits. This violates Article 5(c) outright. Enforcement is via the national market surveillance authority or data protection authority. Fine ceiling: €35 million or 7%, whichever is higher.
Scenario B: Provider with incomplete technical documentation
An HR-tech company (€8 million annual turnover) classifies its CV-screening tool as high-risk under Article 6 and Annex III but fails to complete its Annex IV technical documentation pack before market placement, violating Article 11 (and by extension Article 16). Tier 2 applies: 3% × €8 million = €240,000. The fixed cap of €15 million is higher, so under Article 99(6) the SME pays the lower amount: €240,000. Mitigating factors (first violation, prompt remediation) may reduce this further within the tier.
Scenario C: Misleading information during audit
A provider under regulatory investigation provides a risk assessment that it knew was incomplete, omitting a known model bias. This adds a Tier 3 fine (up to €7.5 million or 1%) on top of whatever Tier 2 liability it already carries for the underlying compliance gap. The procedural violation is assessed separately from the substantive one.
Enforcement Procedure: Key Procedural Points
Member states designate competent authorities — national AI offices, existing sectoral regulators, or data protection authorities — to investigate and impose penalties. The EU AI Act does not create a single EU-wide enforcement body for standard AI system violations (GPAI enforcement is centrally handled by the Commission via Article 101).
Before any fine is imposed, an organisation must receive written notice of the alleged violation and a documented opportunity to respond. Procedural specifics follow each member state's administrative law. Most require a written decision with full reasoning, a proportionality assessment, and specific consideration of the Article 99(7) factors. Fines can be appealed in national courts; the burden of proof is on the authority.
Enforcement priority since February 2025 has focused on Article 5 prohibited practices. As the Article 50 limited-risk transparency obligations apply from August 2026, and as Annex III high-risk obligations reach full application in December 2027, the scope of active enforcement will expand accordingly.
How Confir Maps to Each Fine Tier
Confir's rule-based classification engine first establishes your role (Provider, Deployer, Importer, Distributor) and your system's risk tier — which directly determines which article obligations you carry and therefore which fine tier applies if you miss them.
For Tier 2 exposure, the assessment covers the full provider and deployer obligation stack: Article 16 provider duties, Article 26 deployer duties, the Article 9 risk management system, Article 10 data governance, Article 11 technical documentation, Article 13 transparency, Article 14 human oversight, and Article 17 quality management. The Compliance Health Score shows, control by control, what is in place and what is missing.
For Article 5 (Tier 1), the AIRC classification module applies Article 5 logic at intake — before anything else — to flag whether any system characteristic brings it within the prohibited categories. The intent is to surface that risk before deployment, not after an enforcement action.
Frequently Asked Questions
What are the three fine tiers under Article 99 of the EU AI Act?
Article 99 sets three administrative fine tiers. Under Article 99(3): up to €35,000,000 or 7% of total worldwide annual turnover (whichever is higher) for breaches of the Article 5 prohibitions. Under Article 99(4): up to €15,000,000 or 3% for non-compliance with most other obligations, including provider duties under Article 16, deployer duties under Article 26, and Article 50 transparency requirements. Under Article 99(5): up to €7,500,000 or 1% for providing incorrect, incomplete, or misleading information to notified bodies or competent authorities.
Do the "whichever is higher" and "whichever is lower" rules really make that much difference?
For a company with €600 million annual turnover, 7% = €42 million — significantly above the €35 million fixed cap, so the percentage applies. For an SME with €2 million turnover, 7% = €140,000 — far below the €35 million fixed cap. Article 99(6) means the SME pays the lower amount: €140,000. The direction of the comparison is everything.
Which Article 99 tier applies to a deployer that fails to implement human oversight?
Article 14 (human oversight) is a high-risk provider and deployer obligation whose breach falls under Article 99(4): up to €15,000,000 or 3% of turnover, whichever is higher. The same tier covers failures against Article 26 deployer duties more broadly. The €35M/7% tier under Article 99(3) applies only to Article 5 prohibition violations.
When did Article 99 penalty provisions come into force?
Penalty provisions under Article 99 have applied since 2 August 2025, along with GPAI obligations (Chapter V) and the EU AI Act governance structure. Article 5 prohibition enforcement began earlier, from 2 February 2025, when that chapter became applicable. The high-risk Annex III obligations (and their associated Article 99(4) fine exposure) apply from 2 December 2027 for stand-alone systems under the Digital Omnibus agreed in May 2026.
What factors affect the size of a fine within its tier?
Article 99(7) requires authorities to consider: the nature, gravity, and duration of the infringement; whether it was intentional or negligent; actions taken to mitigate harm; degree of responsibility; prior infringements; cooperation during the investigation; and the operator's size and market share. These factors can move the fine significantly within the tier's range but do not change which tier applies.
How are fines calculated for companies that belong to a corporate group?
The fine base is "total worldwide annual turnover" on a consolidated basis, meaning the entire group's revenue counts — not just the infringing subsidiary's standalone figures. A subsidiary with €10 million turnover owned by a €500 million group faces Tier 2 exposure calculated on €500 million: 3% = €15 million. Article 99(6)'s SME cap is assessed by reference to the group's actual size, not the subsidiary in isolation.
What is the difference between Article 99 and Article 101 fines?
Article 99 governs fines imposed by member state competent authorities for violations by AI system providers, deployers, importers, and distributors. Article 101 governs fines imposed by the European Commission specifically on GPAI model providers for violations of Chapter V obligations. The Article 101 ceiling is €15,000,000 or 3% of worldwide turnover, whichever is higher — the same structure as Tier 2, but through a separate, Commission-level enforcement track.
Related guides
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →