HomePenalties
EU AI Act · Article 99 · Enforcement

EU AI Act Penalties — Article 99

The EU AI Act establishes a three-tier penalty regime under Article 99, with administrative fines that exceed even GDPR penalties. Member States are responsible for enforcement, with upper limits set at the EU level.

Three Tiers of Administrative Fines

Tier 1 — Prohibited Practices (Article 99(3))

Non-compliance with the prohibited AI practices set out in Article 5 is subject to fines of up to EUR 35,000,000 or, if the offender is an undertaking, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher.

This is the highest tier, reserved for the most serious violations: social scoring, exploitation of vulnerabilities, untargeted facial recognition scraping, and other banned practices.

Tier 2 — Operator and Notified Body Obligations (Article 99(4))

Non-compliance with obligations of providers (Article 16), authorized representatives (Article 22), importers (Article 23), distributors (Article 24), deployers (Article 26), and notified bodies (Articles 31, 33) is subject to fines of up to EUR 15,000,000 or up to 3% of total worldwide annual turnover, whichever is higher.

This tier covers most registration-related violations, including failure to complete technical documentation, failure to conduct conformity assessment, and failure to register in the Article 71 database.

Tier 3 — Incorrect Information (Article 99(5))

Supplying incorrect, incomplete, or misleading information to notified bodies or national competent authorities is subject to fines of up to EUR 7,500,000 or up to 1% of total worldwide annual turnover, whichever is higher.

Factors Affecting Fine Amount

Article 99(7) lists the factors authorities must consider when determining the specific fine:

SME Protections

Article 99(6) provides that for SMEs, including start-ups, each fine shall be up to the percentages or absolute amount referred to in paragraphs 3, 4, and 5, whichever is lower. This means SMEs benefit from the lower of the two caps in each tier.

No Double Jeopardy

Article 99(8) specifies that when a violation also constitutes an infringement under other EU legislation (such as GDPR), only the higher of the applicable fines shall be imposed — not both.

Source

All penalty amounts are from Article 99 of Regulation (EU) 2024/1689 (EU AI Act), Official Journal version of 13 June 2024.

Related Resources

August 2026 Deadline — when enforcement begins

Step-by-Step Guide — how to achieve compliance before the deadline

Need Help With EU AI Act Registration?

Lexara Advisory guides US companies through every step — from classification to database submission.

Contact Lexara Advisory →

Lexara Advisory LLC is an AI governance consulting firm, not a law firm. This content is for informational purposes only and does not constitute legal advice.

Lexara AI Assistant

🤖 AI — not a human or lawyer

&9888;&xFE0F; AI Disclosure (EU AI Act · Art. 50): You are interacting with an automated AI system, not a human.
Hello. I can help you understand EU AI Act registration requirements. What type of AI system does your company use or develop?
Powered by Lexara Advisory LLC