Hael
Sign inRequest a demo
EU AI Act · Requirements

EU AI Act penalties and fines explained

Updated 30 June 2026 · 5 min read
Key takeaway
The EU AI Act sets penalties on a sliding scale, with the most serious breaches attracting fines of up to 35 million euro or 7 percent of global annual turnover, whichever is higher. The penalty structure, set out in Article 99, is tiered by how serious the violation is, and includes lower caps for smaller companies. The figures are deliberately high, exceeding even those under the GDPR.
  • Penalties are tiered: up to 35M euro / 7% (prohibited), 15M / 3% (most obligations), 7.5M / 1% (false information).
  • For larger firms the fine is the higher of the sum or percentage; SMEs benefit from the lower cap.
  • Authorities can also order corrective measures or withdrawal from the EU market, not just fines.
  • The evidence that prevents penalties is the same evidence that builds buyer trust.
  • Current as of June 2026. This is general information, not legal advice.

The three penalty tiers

The Act's fines are structured in three main tiers:

  • Up to 35 million euro or 7 percent of global annual turnover for breaching the prohibitions on unacceptable-risk AI practices. This is the most serious tier.
  • Up to 15 million euro or 3 percent of global annual turnover for breaching most other obligations, including the requirements on high-risk systems, for providers and deployers.
  • Up to 7.5 million euro or 1 percent of global annual turnover for supplying incorrect, incomplete, or misleading information to authorities.

In each case, the fine is the higher of the fixed sum or the percentage for larger companies.

How SMEs and startups are treated

The Act applies the penalties proportionately to smaller organisations. For SMEs and startups, the fine is generally the lower of the fixed amount or the percentage, rather than the higher. This softens the impact, but it does not remove it, and even the lowest tier can be material for an early-stage company.

Beyond fines

Penalties are not the only enforcement tool. Authorities and the AI Office can request information, require access to systems, order corrective measures, and in some cases require a system to be withdrawn from the EU market. For many organisations, the operational disruption of a withdrawal or a forced remediation can matter as much as a fine.

When penalties apply

The penalties framework took effect alongside the phased obligations, with rules for penalties to be laid down by Member States from 2 August 2025. The fines attach to the obligations as they come into force, so prohibited-practice and GPAI breaches are already exposed, while high-risk penalties track the high-risk obligations as they apply.

The constructive way to read this

Fines make the headlines, but the more useful framing is that the Act rewards organisations that can demonstrate good governance. The same evidence that protects you from penalties (a clear inventory, documented risk decisions, and current records) is exactly what enterprise buyers and partners increasingly ask to see. Building that evidence is both a shield against penalties and an enabler of trust and sales.

Key terms

Article 99
The EU AI Act article that sets the penalty framework and tiered fines for breaches.
Unacceptable-risk practices
The prohibited AI uses, breaches of which attract the highest tier of fine.
Proportionate cap
The lower of the fixed amount or percentage applied to SMEs and startups, instead of the higher.
AI Office
The European Commission body overseeing implementation and enforcement of the AI Act.
Corrective measures
Remedial steps an authority can require, including withdrawal of a system from the EU market.

References

Related guides

Keep reading on EU AI Act.

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN