EU AI Act Penalties

Philip Mohr
3 min read

The EU AI Act imposes strict fines on AI providers, deployers, and market operators, with penalties reaching €35 million or 7% of global turnover for severe violations, effective from August 2, 2025. Fines vary by entity and violation type, considering factors like severity, financial gain, and cooperation. Read on for a breakdown of penalty amounts and key considerations—and don’t miss the one-pager summary for a quick reference!

Entities subject to Penalties

There are three key entities involved in penalties:

  1. Operators of AI systems
  2. Providers of general-purpose AI models
  3. Union institutions, agencies and bodies

Penalties for Operators of AI Systems

Non-Compliance with the Prohibitions

The highest fines are imposed for the use or distribution of AI systems that are explicitly prohibited under the EU AI Act. Violating these prohibitions can result in penalties of up to €35 million or 7% of a company’s global annual turnover.

Non-Compliance with the Obligations

Failure to comply with operator or notified body provisions (except those in Article 5) may result in fines of up to €15 million or 3% of global annual turnover, whichever is higher.

  1. Obligations of the providers of HRAIs under Article 16
  2. Obligations of authorized representatives under Article 22
  3. Obligations of the importers of HRAIs under Article 23
  4. Obligations of the distributors of HRAIs under Article 24
  5. Obligations of the deployers of HRAIs under Article 26
  6. Requirements and obligations of notified bodies under Articles 29-34
  7. Transparency obligation for providers and users of certain AI systems under Article 50

Supply of incorrect, incomplete or misleading information to notified bodies 

Providing false, incomplete, or misleading information to notified bodies or national authorities may result in fines of up to €7.5 million or 1% of global annual turnover, whichever is higher.

Considerations for SMEs and Startups

For SMEs, including start-ups, fines will be based on the lower amount between the percentage of turnover and the fixed value.

All you need to know about the EU AI Act
in one Cheat Sheet

Get Free PDF Now

Penalties for Providers of general-purpose AI models

The European Commission may impose fines of up to 3% of a provider’s total worldwide annual turnover from the preceding financial year or €15 million, whichever is higher, if a general-purpose AI model provider is found to have intentionally or negligently:

  1. Violated GPAI-relevant provisions.
  2. Failed to comply with a request for document or information pursuant to Article 91 or supply of incorrect, incomplete or misleading information.
  3. Failed to comply with a requested mitigation measure.
  4. Failed to make available to Commission access to the general-purpose AI model or general-purpose AI model with systemic risk to conduct certain evaluations.

Penalties for Union Institutions, Agencies and Bodies

Under Article 100, the European Data Protection Supervisor (EDPS) has the authority to impose administrative fines on EU agencies, bodies, and institutions. Non-compliance with the prohibitions of the Act referred to in Article 5 may result in fines of up to €1.5 million, while violations of other obligations, other than those laid down in Article 5, may incur fines of up to €750k.

EU AI Act: Fines at a Glance

This one-pager summarizes everything explained above, offering a quick overview of fine amounts by entity type and violation category, including prohibited AI practices, misrepresentation to authorities, and other breaches.

Factors in Determining Administrative Fines

When determining whether to impose an administrative fine and assessing its amount, all relevant circumstances of the case shall be considered. The following factors may be taken into account, according to the Article 99:

  1. The nature, gravity and duration of the infringement and of its consequences
  2. Previous fines
  3. The size, the annual turnover and market share of the offender
  4. The degree of cooperation with the national competent authorities
  5. The degree of responsibility of the operator taking into account the technical and organisational measures.
  6. The manner in which the infringement became known to the national competent authorities
  7. The intentional or negligent character of the infringement
  8. Any action taken by the operator to mitigate the harm

To ensure compliance and avoid hefty penalties, organizations must understand their obligations under the EU AI Act. Check out the EU AI Act Checklist(Insert link once Checklist Posting is done) for a step-by-step guide to meeting regulatory requirements and staying compliant.

About the author
Philip Mohr

Philip Mohr

Philip Mohr, a certified AIGP, is an AI governance consultant with over a decade of expertise in product management, data governance and privacy, leading initiatives at Addtrust (addtrust.com).

Read next

EU AI Act Emotion Recognition

Easy EU AI Act Checklist

EU AI Act Summary

EU AI Act Timeline

#1 Resource on EU AI ACT Compliance

Sign up to get access to free resources and checklists

#1 Resource on EU AI ACT Compliance

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to #1 Resource on EU AI ACT Compliance.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.