The EU AI Act establishes three penalty tiers: EUR 35 million or 7% of turnover for prohibited practices, EUR 15 million or 3% for other violations including transparency, and EUR 7.5 million or 1.5% for supplying incorrect information. For SMEs, fines are capped at the lower of the percentage or fixed amount.
EU AI Act Penalties: Up to EUR 35 Million for Non-Compliance
What happened
Article 99 of the EU AI Act establishes one of the most significant penalty frameworks in EU technology regulation — potentially exceeding even GDPR fines for the most serious violations. With the first enforcement deadline (Article 5 prohibited practices) already past and Article 50 transparency obligations taking effect on August 2, 2026, understanding the penalty structure is now an operational necessity.
The three-tier penalty structure
Tier 1: Prohibited AI practices — the highest fines
Violations of Article 5 (prohibited AI practices) carry the most severe penalties:
- Up to EUR 35,000,000 or 7% of total worldwide annual turnover, whichever is higher
- Covers: social scoring, exploitation of vulnerabilities, real-time biometric identification (with narrow exceptions), subliminal manipulation, and other banned practices
- Already enforceable since February 2, 2025
Tier 2: Other obligations — where most organisations face risk
Non-compliance with most AI Act obligations falls under Tier 2:
- Up to EUR 15,000,000 or 3% of total worldwide annual turnover, whichever is higher
- Covers: Article 50 transparency obligations, GPAI model requirements, high-risk system requirements, conformity assessment failures, quality management, post-market monitoring
- This is the tier most relevant to the August 2, 2026 deadline
Tier 3: Incorrect information
- Up to EUR 7,500,000 or 1.5% of total worldwide annual turnover
- Covers: supplying incorrect, incomplete, or misleading information to notified bodies or national authorities
SME proportionality rule
For SMEs and startups, each fine is capped at the lower of the percentage or the fixed amount — not the higher. This means a startup with EUR 2 million turnover faces a maximum Tier 2 fine of EUR 60,000 (3% of EUR 2M), not EUR 15 million.
What to do now
- Classify your exposure. Map each AI system against the three tiers. Which systems could trigger Tier 1 (prohibited)? Which fall under Tier 2 (transparency, GPAI)?
- Prioritise by penalty severity. Address any potential Article 5 violations immediately — these carry the highest fines and are already enforceable
- Budget for compliance. The cost of compliance is orders of magnitude lower than the cost of a single penalty. Even the SME-capped minimum of 1.5-3% of turnover is significant
- Document everything. In an enforcement action, your documentation is your defence. If it is not documented, it cannot be demonstrated to a regulator
Find out which penalty tier applies to your AI systems.
Free AI Act Readiness Check Maps your AI systems to penalty tiers — 3 minutesThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Published June 17, 2026 by Sawai Gyoseishoshi Office, Hiroshima, Japan.