EU AI Act Penalties and Fines

Fine Structure

For SMEs and startups, the regulation provides that the lower of the two amounts (fixed sum vs. percentage of turnover) applies. This ensures penalties remain proportionate for smaller organisations while still being meaningful.

Who Enforces the AI Act?

Enforcement operates at both the EU and national level:

• National Market Surveillance Authorities — Each EU Member State must designate one or more national competent authorities responsible for supervising the application and implementation of the AI Act. These are the primary enforcement bodies for most provisions.
• The AI Office (European Commission) — The newly established AI Office has exclusive competence over enforcement of rules on general-purpose AI models. It can investigate, request information, and impose fines on GPAI providers.
• The European AI Board — An advisory and coordination body that ensures consistent application of the regulation across Member States.
• Notified Bodies — Independent third-party organisations designated to carry out conformity assessments for certain categories of high-risk AI systems.

Factors in Determining Fines

When setting the amount of a fine, authorities consider the nature, gravity, and duration of the infringement; whether it was intentional or negligent; actions taken to mitigate harm; the size and market share of the infringer; previous infringements; the degree of cooperation with authorities; and the manner in which the infringement became known.

Beyond Fines

Financial penalties are not the only consequence. Authorities can also order the withdrawal or recall of non-compliant AI systems from the market, require corrective actions, and prohibit the placing on the market of AI systems that pose serious risks. Reputational damage and loss of market access within the EU are additional considerations.