AI Act Fines Explained: €35M, 7% of Global Revenue, and How to Avoid Them

The EU AI Act is the first AI regulation in the world with GDPR-scale teeth. Its top fine tier — €35 million or 7% of total worldwide annual turnover, whichever is higher — exceeds the GDPR maximum (€20M or 4%). For multinationals turning over more than €500 million, the percentage clause is the binding one. For a €5 billion enterprise, a single non-conformity event can cost €350 million.

This guide explains, plainly, the Article 99 fine structure, what triggers each tier, the enforcement timeline through 2027, the real signals from national authorities to date, and a three-step audit-readiness framework that converts the fine risk into a procurement decision rather than a budget line.

The honest message: most of these fines are avoidable with operational discipline that is well within reach. The expensive failures of 2026–2027 will not be the organizations that did not know — they will be the organizations that knew, and ran without evidence anyway.

The Headline Numbers

The EU AI Act's fining provisions are concentrated in Article 99 (penalties for operators) and Article 101 (penalties for general-purpose AI providers). Three fine tiers apply to operators (providers, deployers, importers, distributors, authorized representatives):

A separate regime applies to general-purpose AI models (Article 101): up to €15,000,000 or 3% of total worldwide annual turnover for non-compliance with provider obligations. SMEs and start-ups face the same percentage caps but with reduced absolute ceilings under Article 99(6).

The "whichever is higher" formulation matters. For an enterprise with €5 billion in worldwide annual turnover, the percentage cap dominates: 7% is €350M, far above the €35M floor. For a €100 million SME, the absolute cap dominates: €35M, far above 7% (€7M). Either way, the floor in Tier 1 is €35M for serious AI Act violations — comparable to GDPR's worst day.

National competent authorities (in Italy: AgID coordinated with the Garante; in Spain: AESIA; etc.) will levy fines, with proceeds typically flowing to national budgets. Cross-border cases are coordinated through the EU AI Office and the AI Board.

What Triggers Tier 1: €35M / 7%

Tier 1 fines apply only to violations of Article 5 — prohibited AI practices. The list is short, deliberate, and aimed at protecting fundamental rights:

1. Subliminal, manipulative, or deceptive techniques materially distorting behavior, causing significant harm.
2. Exploitation of vulnerabilities based on age, disability, or socio-economic situation, materially distorting behavior, causing significant harm.
3. Social scoring by public authorities or on their behalf, leading to detrimental treatment outside the original context or disproportionate to gravity.
4. Real-time remote biometric identification in publicly accessible spaces for law enforcement (with narrow exceptions for serious threats — terrorism, missing persons, suspects of serious crimes — under judicial authorization).
5. Predictive policing based solely on profiling or personality traits.
6. Untargeted scraping of facial images from the internet or CCTV to build facial recognition databases.
7. Emotion recognition in workplaces and education (with medical and safety exceptions).
8. Biometric categorization to deduce race, political opinions, trade-union membership, religion, sexual orientation (with narrow law-enforcement exceptions).

Most enterprise AI deployments do not approach these. The risk is not in mainline use cases (sales pipelines, recruitment scoring, customer service, content moderation) — it is in edge features that drift toward Article 5 territory: an emotion-detection module bolted onto a workplace productivity app; a "personality fit" score in a hiring platform that crosses into emotion-recognition; a customer-segmentation model that derives political opinions from purchase data.

The defensible position is explicit feature scoping. Any AI feature that touches biometric data, emotion, vulnerability profiling, or scoring against social outcomes deserves a documented Article 5 review before development starts, not after legal sees the marketing copy.

What Triggers Tier 2: €15M / 3%

Tier 2 covers the bulk of operator obligations for high-risk AI (Annex III) and general transparency duties under Article 50. Practical triggers:

• Deploying a high-risk system without conformity assessment (Article 43) or without registration in the EU AI database (Article 49 / 71).
• Failing to maintain a risk-management system for a high-risk AI system (Article 9).
• Inadequate data governance — training, validation, or test data fails the quality requirements (Article 10).
• Missing technical documentation per Annex IV (Article 11).
• No automatic logs of operation (Article 12) — see /blog/ai-audit-trail-implementation-guide.
• Inadequate transparency to deployers — instructions for use missing capabilities, limitations, or foreseeable misuse (Article 13).
• Inadequate human oversight — operators cannot effectively monitor, intervene, override (Article 14).
• Inadequate accuracy, robustness, cybersecurity disclosed in IFU (Article 15).
• Failing deployer obligations — using a system contrary to IFU; failing to assign oversight; failing to retain logs for six months minimum; failing to conduct fundamental rights impact assessment where required (Article 26, 27).
• Failing transparency obligations for chatbots, deepfakes, AI-generated content (Article 50).
• Failing post-market monitoring obligations for providers (Article 72).
• Failing serious-incident reporting obligations (Article 73).

This is the tier most enterprise compliance programs are aimed at. It is also where audit evidence — or its absence — decides outcomes. A regulator asking for an Article 12 audit trail and receiving "we have a SIEM that captures system logs" without inference-level detail is producing a Tier 2 finding.

What Triggers Tier 3: €7.5M / 1.5%

Tier 3 is the "lying to the regulator" tier. It applies when an operator supplies incorrect, incomplete, or misleading information to notified bodies or national competent authorities in response to formal requests. Examples:

• Submitting a conformity declaration based on a technical file that materially overstates the system's testing.
• Responding to a market-surveillance information request with fabricated logs.
• Misrepresenting the scope or purpose of a deployed AI system in registration filings.

In practice, Tier 3 fines layer on top of Tier 1 or Tier 2. A regulator that finds the underlying violation also finds the cover-up, and both fines apply. For organizations with mature compliance functions, Tier 3 is essentially never the binding constraint — but Tier 3 is what unmakes a senior compliance officer's career when discovered.

Enforcement Timeline (2025 → 2027)

The AI Act entered into force on 1 August 2024. Its application is phased — different obligations bite at different dates. Knowing the calendar is essential:

The practical implication: August 2026 is the deadline most enterprises are racing. Recruitment AI, credit-scoring AI, customer-classification systems with significant impact, AI in essential public services — all fall into Annex III and must satisfy the full obligation stack from that date.

Real Enforcement Signals to Date

National regulators have been preparing the apparatus. Public signals through Q1 2026:

European Commission / EU AI Office. Operational since 2025; has issued guidance on prohibited practices and general-purpose AI codes of practice; conducting market surveillance preparatory work; coordinating with national authorities through the AI Board. No headline fines yet — the high-risk obligations only begin to bite in August 2026.

Italy — Garante per la Protezione dei Dati Personali. The Garante has been the most active EU DPA on AI-adjacent enforcement: the OpenAI ChatGPT provisional ban in 2023 (lifted after remediation), the Replika action, multiple enforcement actions on AI services breaching Article 22 GDPR (automated decision-making), and DPIA-failure actions throughout 2024–2025. The Garante is also Italy's lead authority for the AI Act's interaction with personal data. Italian deployments of generative AI without clear DPIAs and lawful-basis records are exposed today, before the Act's high-risk regime even bites.

Spain — AESIA (Agencia Española de Supervisión de la Inteligencia Artificial). The first dedicated AI authority in the EU, operational since 2024. Has published initial guidance, conducted preparatory consultations, and is staffing market-surveillance functions. AESIA is expected to be among the first authorities to bring high-risk AI enforcement actions.

France — CNIL. Active on AI-and-personal-data through the GDPR; preparing for AI Act-specific enforcement under coordination with national competent authorities. CNIL's "AI action plan" published in 2023–2024 maps GDPR obligations onto AI systems with detail relevant to Article 26 deployer obligations.

ECB — Banca d'Italia. AI guidance for banks issued through 2024–2025 covers governance, model risk management, third-party AI risk, and operational resilience under DORA. Banks face overlapping enforcement: AI Act, DORA, EBA guidelines, sectoral supervision. The first AI Act Tier 2 fine in the financial sector is widely expected to be coordinated with sectoral supervisors.

Germany — Federal Network Agency / BSI. Federal-level AI Act competent authority structure being finalized in 2025–2026. BSI publishes AI security guidance increasingly aligned with AI Act technical requirements.

The general pattern. No publicly announced AI Act Tier 1 or Tier 2 fines exist as of Q1 2026 — the high-risk obligations are not yet in effect. Significant enforcement is anticipated from late 2026 onwards. Organizations that interpret "no fines yet" as "no urgency" are mis-reading the timeline.

How to Avoid Fines: A Three-Step Audit-Readiness Framework

Most non-conformity findings are avoidable with operational discipline. The framework below is small enough to deploy with existing teams and large enough to satisfy the Article 12 / Article 14 / Article 26 evidence bar.

Step 1 — Inventory and risk-classify every AI system in scope

You cannot defend what you have not enumerated. Build a single AI systems inventory covering:

• Each AI system or AI-touched workflow with a unique ID.
• Risk classification per Article 6 (prohibited / high-risk / limited-risk / minimal / GPAI).
• Annex III sub-category reference where applicable.
• Data categories processed.
• Provider vs deployer role.
• Owner accountable inside the organization.

Knowlee implements this in AI-SYSTEMS-INVENTORY.md (system-level) plus the automation registry (job-level — every running automation has its own classification record). The inventory is not a one-off; it is regenerated whenever a new system is added or modified. ISO/IEC 42001:2024 §8.4 is the framework that operationalizes inventory maintenance — see /blog/iso-42001-implementation-guide.

The inventory itself is the cheapest insurance against Tier 2. A regulator's first question — "show me the list" — has to have an answer that takes minutes, not weeks.

Step 2 — Implement automatic logs and human-oversight gates as primitives, not policies

Article 12 says "automatic." Article 14 says "effective." Both fail the moment they live as policies in a wiki rather than enforced behaviors in the runtime.

Concrete operational rules:

• Every AI inference must produce a log line capturing input fingerprint, model version, output, timestamp, operator identity, and outcome. The log must be retained for the system's lifecycle and exportable on request.
• Every high-risk system action must be gated by a recorded human approval before execution, not asserted afterward. The gate must be technical (the system cannot run without the signature), not procedural.
• Logs and approvals must be queryable in a way that lets a compliance officer answer "for inference X at time T, who approved, on what model version" in under five minutes.

Knowlee operationalizes this through the agent runtime wrapper streaming JSONL for every agent runtime call, per-job logs under the audit trail, and the cron scheduler refusing to execute jobs flagged "human-oversight required" set to true without approver and approval timestamp. The approvals append to the approvals log, which becomes the Article 14 evidence file. See /blog/ai-audit-trail-implementation-guide for the full implementation.

Step 3 — Operate a quality management system aligned with Article 17 / ISO 42001

Article 17 obliges providers of high-risk AI to operate a QMS. ISO/IEC 42001:2024 is the international standard that operationalizes one specifically for AI. The minimum viable QMS for AI Act audit readiness:

• A documented AI policy approved by senior leadership.
• An AI Management System scope statement.
• Defined roles (AI Compliance Officer / AI Governance Lead / DPO if applicable).
• A risk register linked to controls linked to evidence.
• A gap register tracking open compliance items with priorities and owners.
• An incident register and reporting workflow.
• An internal-audit cadence (annual minimum; quarterly preferred for high-risk-heavy organizations).

These artifacts are not bureaucracy — they are the specific objects a market-surveillance authority asks for. Operating without them turns every information request into a fire drill.

The three-step framework converts AI Act fine exposure from an abstract risk into a manageable operational program. Most of the cost is one-time setup; ongoing operation is in the noise of mature compliance functions.

The Knowlee Hedge: AI Act Ready by Design

Knowlee's positioning as AI Act Ready by Design is exactly this hedge expressed at the architecture level. Every job in the registry carries the Article 6 / Article 9 / Article 12 / Article 14 metadata as required fields. The audit trail is the system's stdout. The QMS is operationalized in compliance-iso42001/ files version-controlled alongside the code.

This is a deployer's hedge. For organizations that buy AI rather than build it, the most expensive failure mode is shadow AI — workloads running outside the compliance perimeter, accruing audit exposure that is invisible until a regulator asks. Knowlee absorbs those workloads into a runtime where the compliance evidence is a side effect of running them. The fine risk falls because the runtime, not a quarterly export, is the evidence.

It is not the only valid architecture. Building AI governance from primitives in IBM watsonx.governance, Domino, or Credo AI is also defensible. The bolt-on path — adding an AI Act module to OneTrust without rerouting AI inference through it — is the path most likely to produce a Tier 2 finding when a regulator drills into a specific inference.

FAQ

What is the maximum fine under the EU AI Act?

The maximum fine is €35 million or 7% of total worldwide annual turnover, whichever is higher, for violations of Article 5 (prohibited AI practices). For most enterprises, the percentage cap dominates: a €5 billion company faces up to €350M for a Tier 1 violation. The next tier — €15M or 3% — covers violations of high-risk operator obligations. The lowest tier — €7.5M or 1.5% — covers supplying incorrect or misleading information to notified bodies or competent authorities.

When do AI Act fines start applying?

Article 5 (prohibited practices) fines apply from 2 February 2025. Penalties for general-purpose AI providers (Articles 51–55) apply from 2 August 2025. The bulk of high-risk AI obligations — and the associated Tier 2 fines — apply from 2 August 2026. Full application by 2 August 2027.

Have any AI Act fines been issued yet?

As of Q1 2026, no public AI Act-specific fines under Articles 99 or 101 have been announced — most high-risk obligations only begin to apply in August 2026. National authorities have been actively enforcing AI-adjacent issues under existing frameworks (notably the Italian Garante under GDPR Article 22 and the OpenAI provisional ban in 2023). The first AI Act Tier 2 actions are widely expected from late 2026 onward.

Does the AI Act apply to non-EU companies?

Yes. The AI Act has extraterritorial reach (Article 2). It applies to providers placing AI systems on the EU market regardless of provider location, and to deployers using AI systems where the output is used in the EU. A US company building a recruitment AI that scores EU-resident candidates falls under the Act even if its data centers are in Virginia.

What is the difference between provider and deployer obligations?

Providers are organizations that develop AI systems or have them developed and place them on the market under their own name. Deployers are organizations that use AI systems under their own authority (most enterprise buyers). Providers carry the Article 8–15 design and conformity-assessment obligations. Deployers carry Article 26 use-and-oversight obligations. Most enterprises are deployers; many are also providers of AI features they have built themselves.

What is a "fundamental rights impact assessment" (FRIA)?

Under Article 27, certain deployers — public-sector deployers and deployers of high-risk AI in essential private services (banking, insurance, etc. as listed in Annex III) — must conduct a Fundamental Rights Impact Assessment before first use. The FRIA examines the system's purpose, deployment context, affected categories of natural persons, foreseeable risks of harm to fundamental rights, and oversight measures. Skipping the FRIA where required is a Tier 2 violation.

How do AI Act fines stack with GDPR fines?

They stack. An AI system processing personal data without lawful basis violates GDPR (€20M or 4% cap) and may simultaneously violate AI Act obligations (€35M / 7% or €15M / 3% cap). National authorities increasingly coordinate. The Italian Garante explicitly handles both regimes in parallel; ECB and Banca d'Italia coordinate AI guidance with DORA enforcement. Multi-regime exposure is the realistic case for most regulated AI deployments.

Can SMEs and start-ups face the same fines?

The percentage caps (7%, 3%, 1.5%) apply to all operators. The absolute caps (€35M, €15M, €7.5M) are reduced for SMEs under Article 99(6), proportional to economic capacity. In practice, this means SMEs face the percentage cap as the binding constraint — which for small businesses is a smaller number in absolute terms, but a more painful one as a share of turnover.

Related Reading

• /blog/ai-act-compliance-software-guide — the buyer's guide to the platforms that produce the evidence regulators demand.
• /blog/ai-audit-trail-implementation-guide — what an Article 12 audit trail must capture.
• /blog/high-risk-ai-systems-checklist — the 25-point Annex III audit checklist.
• /blog/eu-ai-act-business-guide — the foundational reference on the Act.
• /blog/ai-compliance-checklist-2026 — the operational readiness checklist for 2026.
• /blog/ai-compliance-regulation-hub — the cross-cluster hub.
• /blog/ai-act-adeguamento-aziende-italia — the Italian-language pillar (lang: it) for Italian readers.
• /glossary/ai-act-fines, /glossary/ai-act, /glossary/high-risk-ai-systems.