Compliance Guide

EU AI Act Fines and Penalties: What You Risk for Non-Compliance 2026

Last Updated: February 3, 2026 8 min read By ActProof.ai Compliance Team
🇮🇹 Leggi in Italiano

EU AI Act fines under Article 99 reach up to €35 million or 7% of global annual turnover for the most serious infringements. Penalties are tiered by type of violation: prohibited AI practices, high-risk non-compliance, and transparency breaches. Full compliance is required by August 2, 2026.

Table of Contents

What are the EU AI Act fines and penalties?

The EU AI Act (Regulation (EU) 2024/1689) sets administrative fines for non-compliance. The maximum penalty is €35 million or 7% of the total worldwide annual turnover of the preceding financial year, whichever is higher, for the most serious infringements (e.g. prohibited AI practices under Article 5).

Source: European Commission – Regulatory framework on AI

How does Article 99 define the penalty tiers?

Article 99 of the EU AI Act establishes different levels of fines depending on the type of infringement. To be compliant, you must avoid all of the following:

Infringement type Maximum fine
Prohibited AI practices (Article 5)€35 million or 7% of global annual turnover
Non-compliance with obligations for high-risk AI systems (e.g. Risk Management, Technical documentation, conformity)€15 million or 3% of global annual turnover
Transparency obligations (e.g. Article 50 – chatbots, deepfakes)€15 million or 3% of global annual turnover
Other infringements (e.g. incorrect or incomplete information to authorities)€7.5 million or 1% of global annual turnover

Fines are imposed in addition to other corrective measures (e.g. order to bring the AI system into compliance, withdrawal from the market). For SMEs and start-ups, Member States may apply a lower cap under certain conditions, but compliance remains mandatory.

Source: Regulation (EU) 2024/1689 – Article 99 (eur-lex.europa.eu)

Who can be fined under the EU AI Act?

The following actors can be subject to administrative fines and penalties:

  • Providers: Organizations that develop AI systems (especially high-risk). Non-compliance with Risk Management, Technical documentation, Quality Management System, or conformity assessment leads to fines.
  • Deployers: Organizations that use high-risk AI systems under their authority. Breach of deployer obligations can lead to penalties.
  • Importers and distributors: Entities that place AI systems on the EU market. They must ensure compliance; otherwise they can be fined.
  • Producers of general-purpose AI models: Specific obligations and fines apply under the regulation for GPAI models.

Penalties apply to legal persons. Natural persons (e.g. responsible individuals) may also face sanctions where national law so provides.

How can you avoid EU AI Act penalties?

To avoid fines and penalties, you must implement full compliance before the applicable deadlines. The following steps are necessary:

  • Classify your AI systems: Determine if they are prohibited, high-risk, limited risk, or minimal risk. Do not deploy prohibited AI practices (Article 5).
  • Implement mandatory requirements for high-risk AI: Risk Management System (Article 9), Data governance (Article 10), Technical documentation (Article 11 and Annex IV), Human oversight (Article 14), Quality Management System (Article 17), and complete the conformity assessment.
  • Meet transparency obligations: If you deploy limited-risk AI (e.g. chatbots, emotion recognition), comply with Article 50 and inform users that they are interacting with an AI system.
  • Keep documentation up to date: Technical documentation and Post-market monitoring must reflect the current state of the AI system. Authorities can request evidence of compliance.
  • Plan for the August 2, 2026 deadline: Full compliance for most obligations is required by this date. Start now to avoid last-minute gaps and reduce the risk of penalties.

ActProof helps you automate EU AI Act compliance: AI-BOM, Policy-as-Code, bias monitoring, and documentation generation. Explore ActProof.

Who enforces the EU AI Act and imposes fines?

Enforcement is carried out by national competent authorities designated by each Member State. The European AI Office (within the European Commission) coordinates and supports the consistent application of the regulation. Market surveillance authorities can carry out checks, request documentation, and impose administrative fines in accordance with Article 99.

Source: European Commission – AI Act enforcement

Next steps and resources

To avoid EU AI Act fines, achieve full compliance by August 2, 2026: classify your AI systems, implement all mandatory requirements for high-risk AI, maintain Technical documentation and Post-market monitoring, and complete the conformity assessment. Use official sources for the latest implementing acts and guidance.

Related Articles

Complete Guide to EU AI Act Compliance by August 2026

Risk classification, mandatory requirements, and step-by-step compliance implementation.

EU AI Act Compliance Checklist 2026: Complete Step-by-Step Guide

Step-by-step checklist for risk assessment, documentation, QMS, and conformity.

How to Pass the AI Act Risk Assessment: Complete Guide 2026

Steps to pass the Risk Assessment and implement Article 9 for high-risk AI systems.

Back to Blog