Quick answer

How the EU AI Act applies to EEA/EFTA countries.

Updated June 2026 · MmowW AI Compliance

EU AI Act in EEA/EFTA Countries: Norway, Iceland, Liechtenstein

Overview

How the EU AI Act applies to EEA/EFTA countries. Implementation timeline, national authorities, and differences from EU member states.

EU AI Act Enforcement Framework

The EU AI Act establishes a multi-layered enforcement framework. At the EU level, the AI Office within the European Commission has direct enforcement authority over GPAI model providers. At the national level, each member state designates one or more competent authorities responsible for market surveillance and enforcement of all other AI Act obligations.

The Advisory Forum, composed of member state representatives, stakeholders, and experts, advises the Commission on AI Act implementation. The scientific panel of independent experts supports the AI Office in GPAI model evaluation and systemic risk classification.

Penalty Structure

The EU AI Act establishes three tiers of administrative fines. Tier 1 (highest): up to €35 million or 7% of worldwide annual turnover for violations involving prohibited AI practices. Tier 2: up to €15 million or 3% of turnover for most other violations, including transparency obligations. Tier 3: up to €7.5 million or 1% of turnover for providing incorrect, incomplete, or misleading information to authorities.

For SMEs and startups, proportionate maximum amounts apply — the lower of the percentage-based or absolute amount. This ensures penalties remain meaningful without being disproportionately destructive for smaller organisations.

Enforcement Process

Enforcement typically begins with a complaint, market surveillance activity, or referral from another authority. The competent authority conducts a preliminary assessment, followed by a formal investigation if warranted. Providers and deployers have the right to be heard before any penalty decision.

Authorities can request documentation, conduct on-site inspections, test AI systems, and order corrective measures including system modification, withdrawal, or recall. For GPAI models, the AI Office can conduct evaluations and issue binding compliance orders.

Cross-Border Enforcement

When an AI system operates across multiple member states, enforcement coordination mechanisms ensure consistent application. The lead authority principle applies where a provider is established — that member state's authority takes the lead, coordinating with other affected national authorities.

For GPAI models, the AI Office serves as the single enforcement point regardless of where the provider is established, simplifying cross-border enforcement for foundation models and large language models.

Practical Implications

Organisations should prepare for enforcement by maintaining comprehensive compliance documentation, establishing clear internal responsibility for AI Act compliance, training staff on their obligations, and creating incident response procedures for potential violations.

Early engagement with national authorities — through regulatory sandboxes, the AI Pact, or informal consultations — can help build positive regulatory relationships and demonstrate good-faith compliance efforts.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.