How much can my company be fined under AI Act?
AI Act carries penalties of up to €35M or 7% of global turnover. This page breaks down every fine tier by article, explains who is at risk, and shows live enforcement examples.
The EU AI Act (Regulation 2024/1689) imposes strict penalties for non-compliance, with maximum fines reaching €35 million or 7% of global annual turnover for prohibited AI practices. Enforcement begins August 2, 2026, and penalties apply across all EU member states.
| Regulation | Regulation (EU) 2024/1689 — AI Act |
| Enforcement Deadline | August 2, 2026 (high-risk systems) |
| Maximum Fine (Prohibited Practices) | €35 million or 7% of global turnover |
| Maximum Fine (Other Violations) | €15 million or 3% of global turnover |
| Enforcer | National competent authorities + EU AI Office coordination |
Common Questions
- What triggers AI Act penalties?
- Penalties apply to: (1) prohibited AI practices (Article 5 — social scoring, real-time biometrics, emotion recognition); (2) high-risk AI systems placed on the market without conformity assessment; (3) failure to comply with transparency, documentation, or human oversight obligations; (4) non-compliance with record-keeping or training requirements.
- Are there penalty tiers under the AI Act?
- Yes. Three tiers apply: €35M/7% for prohibited practices and intentional non-compliance; €15M/3% for breaches of other obligations and risk management requirements; €7.5M/1.5% for providing incorrect or misleading information to authorities.
- When do AI Act penalties begin?
- Prohibited practices were enforceable from February 2, 2025. The bulk of high-risk system obligations and penalty mechanisms apply from August 2, 2026. Limited-risk and transparency obligations apply from various dates between 2025–2027.
- Do AI Act penalties stack with GDPR or other regulations?
- Yes. The AI Act operates independently of GDPR, NIS2, and other regulations. A single product breach can trigger penalties under multiple rules. For example, a high-risk AI system that processes personal data without consent may face AI Act fines, GDPR fines, and sector-specific penalties simultaneously.
- Can SMEs get reduced penalties under the AI Act?
- Yes. Article 58(4) allows national authorities to consider the SME status of a provider when setting penalties, and SMEs/start-ups may receive lower fine caps where proportionate to their size and market position.
- Who enforces AI Act penalties?
- Enforcement occurs at the national level via designated competent authorities in each EU member state, coordinated by the European AI Office. The Commission can also initiate enforcement in cases of cross-border breaches or systemic risks.
How AI Act penalties work
The EU AI Act (Regulation (EU) 2024/1689) establishes a three-tier penalty structure. The highest tier — up to €35M or 7% of global turnover — applies to violations of the prohibited AI practices in Article 5. The second tier — €15M or 3% — applies to most high-risk AI system and GPAI model violations. The third tier — €7.5M or 1.5% — covers incorrect or misleading information provided to authorities.
Fine tiers by article
Prohibited AI practices (Art. 5 violations)
€35,000,000
or 7% of global turnover
Applies to:
- Deploying AI systems that manipulate persons using subliminal techniques
- Social scoring by public authorities
- Real-time remote biometric identification in public spaces (beyond exceptions)
- AI systems exploiting vulnerabilities of specific groups
Non-compliance with high-risk AI system obligations (Art. 6–49) and GPAI model obligations (Art. 53–55)
€15,000,000
or 3% of global turnover
Applies to:
- Failure to conduct conformity assessment for high-risk AI systems
- Missing technical documentation (Annex IV)
- Failure to register high-risk AI systems in EU database
- GPAI models lacking transparency documentation
- Deployers of high-risk systems failing human oversight requirements
Supplying incorrect, incomplete, or misleading information to notified bodies or national authorities
€7,500,000
or 1.5% of global turnover
Applies to:
- Providing false declarations of conformity
- Misleading documentation provided to national market surveillance authorities
- Incorrect registration information in EU AI database
Stacked exposure with other EU regulations
If a business also processes personal data in its AI system, GDPR penalties can stack on top of AI Act penalties. A prohibited AI system that also violates GDPR Art. 5 could face both the AI Act's 7% fine and GDPR's 4% fine simultaneously, based on differing regulatory bases.
Calculate your stacked fine exposure →Frequently asked questions
What is the maximum fine under the EU AI Act?
The maximum EU AI Act fine is €35,000,000 or 7% of global annual turnover — whichever is higher — for violations of the prohibited AI practices under Article 5, such as social scoring, subliminal manipulation, or mass biometric surveillance.
Who can be fined under the EU AI Act?
Both providers (companies that develop or place AI systems on the market) and deployers (organisations that use AI systems in professional contexts) can be fined under the AI Act. Importers and distributors have separate compliance obligations that can also attract penalties.
When do EU AI Act penalties start applying?
Penalties for prohibited AI practices (Art. 5) have applied since 2 February 2025. Penalties for high-risk AI system obligations apply from 2 August 2026.
What is your stacked fine exposure across all EU regulations?
Calculate your combined risk across AI Act, GDPR, NIS2, AI Act, DORA, and more — free, no signup.
Open fine risk calculator — freeFor informational purposes only. This is not legal advice — consult qualified legal counsel for advice specific to your situation.
Last updated: