EU AI Act Penalties: What Non-Compliance Actually Costs

A fine under the EU AI Act is not a theoretical number on a regulator's website. It is a calculation. Penalties apply from 2 August 2025, and the enforcement machinery — national market-surveillance authorities in every EU member state, the European Data Protection Supervisor, and the European Commission — is now operational. This page walks through what the three tiers actually cost, who enforces them, and what happens beyond the fine.

If you want the statutory text dissected paragraph by paragraph, see our companion page on Article 99 enforcement mechanisms. This page is about the practical bill.

---

The Three Fine Tiers at a Glance

Article 99 of Regulation (EU) 2024/1689 sets three penalty ceilings. Each is expressed as whichever is higher — the fixed euro amount or the percentage of total worldwide annual turnover for the preceding financial year. For large organisations, the percentage almost always wins.

The old myth of "€30 million or 6%" does not exist in the Act. Those figures appeared in early commentary and circulated widely; they are wrong.

---

Tier 1 — €35M or 7%: The Prohibition Ceiling (Article 99(3))

The highest tier is reserved for the Act's absolute prohibitions under Article 5. These are not obligations you can miss through negligence — they are bans. A system that has been in operation since before 2 February 2025 and falls squarely into a prohibited category has been non-compliant since that date.

The Article 5 prohibitions include: real-time remote biometric identification in publicly accessible spaces for law enforcement (outside narrow exceptions); AI that manipulates persons through subliminal techniques or by exploiting vulnerabilities; social-scoring systems used by public authorities to restrict rights or access to services; and systems that predict offending based solely on profiling.

A company with €500 million in worldwide turnover breaching Article 5 faces a potential ceiling of €35 million (the fixed cap is lower than 7% of €500M, so the fixed cap applies). A company with €10 billion in worldwide turnover faces a ceiling of €700 million.

---

Tier 2 — €15M or 3%: The Main Commercial Risk (Article 99(4))

This is the tier that most organisations in scope should be modelling. It covers failures across the broadest set of obligations, including:

• High-risk system requirements (Articles 9–15 and 17): risk management system, data governance, technical documentation, record-keeping, transparency to deployers, human oversight, accuracy and robustness.
• Provider obligations (Article 16) and quality management system (Article 17).
• Deployer obligations (Article 26): using systems per instructions, ensuring human oversight, monitoring performance, retaining logs for at least six months, notifying worker representatives before workplace deployment.
• Importer and distributor duties (Articles 23–24).
• Role-shift failures (Article 25): a deployer who rebrands or substantially modifies a high-risk system without assuming provider obligations.
• Article 50 transparency for limited-risk systems (chatbots, synthetic-content marking, deepfakes, emotion recognition).
• GPAI provider obligations (Articles 53–55).

A company with €5 million in worldwide turnover misclassifying a high-risk recruitment system and operating it without a risk management system, technical documentation, or human oversight faces a ceiling of €150,000 (3% of €5M). That is the calculation — not the headline €15 million.

---

Tier 3 — €7.5M or 1%: The Information Integrity Tier (Article 99(5))

The lowest tier targets a specific behaviour: giving competent authorities or notified bodies false, incomplete, or misleading information. This includes submitting a conformity assessment that misrepresents a system's performance, withholding material facts during a market-surveillance inspection, or providing inaccurate data to a notified body conducting an Annex VII assessment.

In practice, this tier is most relevant during enforcement proceedings. An organisation that discovers a compliance gap, reports it accurately, and cooperates fully is in a structurally different position from one that provides a sanitised picture.

---

The SME and Start-up Cap (Article 99(6)): Worked Example

Article 99(6) contains a genuine proportionality protection for small and medium-sized enterprises and start-ups. The rule is straightforward but often misread: for SMEs and start-ups, the fine is capped at the lower of the percentage amount or the fixed amount.

For a large company, the "whichever is higher" rule pushes penalties toward the percentage. For an SME, the rule flips: if the percentage is lower, that is the cap; if the fixed amount is lower, that is the cap.

Worked example — Tier 2 breach by a company with €2 million annual turnover:

• 3% of €2M = €60,000
• Fixed ceiling = €15,000,000
• The lower figure is €60,000 — that is the SME's maximum exposure for this breach.

The fine cannot exceed €60,000 in this scenario. The €15 million fixed ceiling is irrelevant. This is not discretion on the authority's part — it is the statutory floor Article 99(6) builds in.

For a Tier 1 breach (Article 5 prohibition) by the same company: 7% of €2M = €140,000, fixed ceiling €35M → the cap is €140,000.

The cap protects balance sheet; it does not eliminate the fine or the corrective orders that accompany it. And it does not apply if the company's worldwide group turnover exceeds the SME threshold, even if the EU-registered entity is small.

---

How Authorities Set the Fine Within the Tier (Article 99(7))

The ceiling is not the sentence. Article 99(7) requires competent authorities to weigh specific factors before fixing the actual amount:

Factors that pull the fine up:

• Nature, gravity, and duration of the breach.
• Whether the violation was intentional or reckless, versus negligent.
• Harm caused to affected persons or groups.
• Market share and economic power of the operator.
• Repeated infringements or failure to implement remediation ordered in a prior decision.

Factors that pull the fine down:

• Cooperation with the authority during the investigation.
• Measures taken proactively to mitigate harm.
• Degree to which financial responsibility is shared with other operators in the supply chain.
• Technical and organisational measures already in place at the time of the breach.
• Early, voluntary disclosure of the problem.

An organisation with documented evidence of a good-faith compliance program — risk classifications, audit trails, training records, incident logs — is materially better positioned than one that cannot demonstrate any prior effort. The documentation is not just about avoiding a fine; it is the evidence that determines where within the tier the fine lands.

---

Who Enforces: Three Enforcement Tracks

National Market-Surveillance Authorities

For AI systems placed on the EU market or put into service, the primary enforcement body is the national market-surveillance authority designated by each member state. Most member states are in the process of designating or have designated these authorities. They have the power to demand documentation, conduct inspections, issue corrective orders, and impose Article 99 fines.

If a serious incident occurs, the authority of the member state where the incident occurred takes the lead.

The EDPS — for EU Institutions (Article 100)

When the operator is an EU institution, body, office, or agency, Article 99 fines do not apply. Instead, the European Data Protection Supervisor (EDPS) acts as the competent authority under Article 100, with its own fine schedule: up to €1.5 million (Tier 1 equivalent) or up to €750,000 (Tier 2 equivalent). The structure mirrors Article 99 but is calibrated to public-body scale.

The Commission — for GPAI Providers (Article 101)

Providers of general-purpose AI models are supervised at EU level by the European Commission, acting through the AI Office. Under Article 101, the Commission may impose fines of up to €15 million or 3% of total worldwide annual turnover on GPAI providers for breaches of Chapter V obligations (Articles 53 and 55). This is not an Article 99 fine — it is a parallel track for a specific category of operator.

---

Beyond the Fine: Non-Financial Consequences

The fine is one outcome. The others can be more disruptive.

Withdrawal from the market. A competent authority that finds a high-risk system does not meet the requirements can order its withdrawal or recall — meaning the system is removed from EU operations, often before any fine is calculated. A product that generates revenue cannot generate revenue if it is withdrawn.

Corrective orders. Authorities can require technical modifications, documentation overhauls, or redesigned oversight mechanisms within defined timeframes. Non-compliance with a corrective order compounds the original violation.

Article 82 civil claims. The AI Act sits alongside, not above, national civil liability law. Individuals harmed by a non-compliant high-risk system can bring civil claims under national tort and product liability frameworks. Article 82 does not establish a new EU-level private right of action, but it does not foreclose existing ones. In some member states, regulatory non-compliance is treated as evidence of negligence in tort proceedings.

Reputational and commercial effects. Enforcement actions are public. A named investigation, a published corrective order, or a fine decision creates a procurement liability — public bodies and large enterprise customers often require evidence of AI Act compliance. Being the subject of an enforcement action can disqualify you from tenders.

---

Enforcement Is Already Live

Penalty provisions under Article 99 applied from 2 August 2025. This is not a future date. It is now 2026, and the enforcement timeline runs as follows:

• 2 February 2025 — Article 5 prohibitions live. The Tier 1 ceiling applied from this date.
• 2 August 2025 — GPAI obligations (Chapter V), governance structures, the AI Office, and the full Article 99 enforcement framework all applied.
• 2 August 2026 — General application of the Act, including Article 50 limited-risk transparency obligations (chatbots, synthetic-content marking).
• 2 December 2027 — High-risk Annex III stand-alone systems (deferred by the Digital Omnibus agreed in May 2026; original deadline was 2 August 2026).
• 2 August 2028 — High-risk AI embedded in Annex I regulated products.

The Digital Omnibus deferral applies only to the high-risk regime. Prohibition fines, GPAI fines, and the general enforcement apparatus are already fully operative.

---

Worked Scenarios: What the Fine Looks Like

Scenario 1 — Start-up using a third-party GPAI model in a CV-screening tool (€1.2M turnover)

The company deploys the tool for a public-sector client without classifying it under Annex III (employment, point 4) or establishing a risk management system (Article 9) or human oversight mechanism (Article 14). This is a Tier 2 breach.

3% of €1.2M = €36,000 — the SME cap (lower of percentage vs fixed) applies. That is the fine ceiling. The authority also orders the system withdrawn from the public-sector client until compliant documentation is produced.

Scenario 2 — Regional bank deploying creditworthiness scoring (€85M turnover)

The system is correctly identified as high-risk (Annex III, point 5(b)). A technical documentation package exists but does not meet the Annex IV requirements — key bias-testing results are missing. An inspection is triggered by a customer complaint. The authority finds Tier 2 non-compliance.

3% of €85M = €2.55M — this is the ceiling. The bank cooperated with the inspection and had partial documentation, so the authority fixes the fine at €900,000, citing mitigating factors under Article 99(7).

Scenario 3 — SaaS provider supplying misleading performance data to a notified body (€22M turnover)

During an Annex VII conformity assessment, the provider submits accuracy benchmarks that omit underperformance on certain demographic groups. The notified body later identifies the discrepancy. This is a Tier 3 violation.

1% of €22M = €220,000 — the lower figure versus €7.5M. However, the intentional nature of the omission is an aggravating factor. The authority applies the full €220,000 and refers the matter to the national prosecutor for review of potential fraud liability under national law.

---

How Confir Helps

Confir does not reduce fines by giving you a piece of paper. It builds the evidence base that authorities and notified bodies actually examine.

The classification step — Annex III scoping and Article 5 screening — determines whether your system is subject to Tier 1 or Tier 2 exposure in the first place. Misclassification is itself a Tier 2 violation. Confir's rule-based, deterministic engine applies the Article 6(3) filter and the Annex III point-by-point logic; the same intake produces the same finding every time, and the rule that fired is human-readable audit evidence.

From classification, Confir drives the structured assessment that produces the Article 11/Annex IV technical documentation pack, the Article 27 FRIA for qualifying deployers, and the Article 47 Declaration of Conformity. The compliance health score and audit log give you a timestamped record of when each control was addressed — the kind of documentation Article 99(7) mitigating factors require.

---

Frequently Asked Questions

What is the maximum fine under the EU AI Act?

The highest ceiling is €35 million or 7% of total worldwide annual turnover — whichever is higher — under Article 99(3). It applies only to breaches of the Article 5 prohibitions. For most other obligations (high-risk requirements, provider and deployer duties), the ceiling is €15 million or 3% under Article 99(4). Incorrect information supplied to authorities or notified bodies carries a ceiling of €7.5 million or 1% under Article 99(5).

When did EU AI Act penalties start applying?

The full Article 99 enforcement framework has applied since 2 August 2025. The Article 5 prohibitions — which carry the highest fine ceiling — have applied since 2 February 2025. These are not future dates.

What does the SME and start-up cap actually do?

Article 99(6) caps the fine for SMEs and start-ups at the lower of the percentage amount or the fixed ceiling. A company with €2 million turnover facing a Tier 2 breach is capped at €60,000 (3% of €2M), not €15 million. The cap is statutory, not discretionary. It applies per breach, and it does not eliminate corrective orders or market-withdrawal requirements.

Which authority issues fines — national or EU?

For most operators, the national market-surveillance authority of the relevant member state. For EU institutions, the EDPS under Article 100. For GPAI model providers, the European Commission through the AI Office under Article 101 (a separate fine track, up to €15M or 3%).

Can a deployer be fined, or only providers?

Both can be fined. Providers face Tier 2 exposure primarily through failures in the Article 9–17 technical and governance stack. Deployers face Tier 2 exposure for breaches of Article 26 — failure to use systems per instructions, maintain human oversight, monitor performance, retain logs (at least six months), or notify worker representatives before workplace deployment. The fine tiers are identical; the triggering obligations differ by role.

Does a fine under Article 99 preclude civil liability?

No. A regulatory fine and a civil claim are separate proceedings. An individual harmed by a non-compliant high-risk system can bring a claim under national tort or product liability law regardless of whether a fine has been imposed. In some jurisdictions, a finding of regulatory non-compliance supports the claimant's case in civil proceedings.

Do penalties apply to non-EU companies?

Yes. Article 99 applies to any provider or deployer placing AI systems on the EU market or putting them into service in the EU, irrespective of where the company is registered. Turnover for the percentage calculation is worldwide, not EU-only. A company established in the US, Canada, or elsewhere has the same fine exposure as an EU-registered competitor serving the same market.

---

Related guides

• Article 99 enforcement mechanisms
• risk classification levels
• Article 5 prohibited practices
• EU AI Act overview