Quick answer

The EU AI Act establishes a tiered fine structure: up to 35 million euros or 7% of global turnover for banned AI practices, up to 15 million euros or 3% for other violations, and up to 7.5 million euros or 1% for providing incorrect information. SMEs face proportionally lower fines.

Updated June 2026 · MmowW AI Compliance

Article 99: EU AI Act Penalties — What Fines Could You Face?

The Fine Structure

The EU AI Act takes a tiered approach to penalties, similar to GDPR. The severity of the fine depends on the type of violation. At the top level, using prohibited AI practices (like social scoring or manipulative AI) can result in fines of up to 35 million euros or 7% of the company's total worldwide annual turnover, whichever is higher.

For other violations — like failing to comply with high-risk AI requirements, not meeting transparency obligations, or not ensuring AI literacy — fines can reach 15 million euros or 3% of global turnover. Providing incorrect or misleading information to authorities can result in fines of up to 7.5 million euros or 1% of turnover.

Small Business Considerations

The EU AI Act recognizes that small and medium-sized businesses shouldn't face the same absolute fine levels as tech giants. For SMEs and startups, the fines are calculated based on the lower of the fixed amount or the percentage of turnover — whichever results in a smaller fine. This means a small business won't face a 35-million-euro fine if their turnover is far below that level.

However, even percentage-based fines can be painful for a small business. Three percent of annual turnover for a company earning 500,000 euros per year would be 15,000 euros — not devastating, but certainly worth avoiding.

What Triggers Enforcement

Regulators are more likely to investigate and impose fines when there's a complaint from an affected individual, a serious incident involving an AI system, evidence of systematic non-compliance, use of AI for prohibited purposes, or failure to cooperate with regulatory authorities.

In practice, enforcement will likely focus initially on the most serious violations and the largest companies. But this shouldn't make small businesses complacent — regulators may use complaints or incidents as triggers for investigation regardless of company size.

How to Minimize Your Risk

The best way to avoid fines is straightforward: take compliance seriously. Ensure AI literacy across your team. Document your AI use and governance practices. Conduct risk assessments for high-risk AI. Respond promptly to any incidents. Cooperate with authorities if questions arise. Regulators generally treat businesses that make genuine compliance efforts more favorably than those that ignore the law entirely.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.