MEOK.AI
Sign inStart Free
Features
Pricing
Blog
About
🚀 Activate your agent

Free forever · No credit card

← All EU AI Act articles

EU AI Act Article 99 — Penalties

Article 99 is the part everyone wants to know up front. Three penalty bands. Highest is €35M or 7% of global turnover. Middle is €15M or 3%. Lower (false info to authorities) €7.5M or 1%. Discretion exists within the bands but the ceilings are real.

The three bands

Top tier
€35,000,000 or 7% turnover
Article 5 — prohibited AI practices. Subliminal manipulation, exploitation of vulnerabilities, social scoring, profile-based predictive policing, untargeted facial scraping, emotion recognition at work/school, biometric categorisation by sensitive attributes, real-time remote biometric ID in public.
Middle tier
€15,000,000 or 3% turnover
Provider obligations (Art. 16), deployer obligations (Art. 25 + 26 + 26(9) FRIA), transparency / watermarking (Art. 50), authorised representative (Art. 22), importer (Art. 23), distributor (Art. 24), Notified Body obligations.
Lower tier
€7,500,000 or 1% turnover
Supply of incorrect, incomplete, or misleading information to Notified Bodies + competent authorities. Lying to your regulator costs less than the underlying violation but still hurts.

SME special rule

Article 99(6) — for SMEs (incl. start-ups), the fine is the LOWER of the two amounts (cap or % turnover) rather than the HIGHER. Net effect: an SME with €1M turnover faces €70K (top tier) instead of €35M. Designed to keep the regulation from being a startup death sentence.

Calculate your max exposure

Free fine calculator

Enter your turnover + which articles are at risk. Get exact max exposure across the three bands. 30 seconds. Signed attestation.

Calculate exposure →

Frequently asked

What's the highest possible fine under the EU AI Act?

Article 99(3) — €35,000,000 OR 7% of total worldwide annual turnover for the preceding financial year, whichever is higher. This applies to violations of Article 5 (prohibited AI practices). For SMEs the rule reverses: the LOWER of the two. The objective: the fine must hurt.

What's the middle tier?

Article 99(4) — €15,000,000 OR 3% of total worldwide annual turnover, whichever is higher. Applies to non-compliance with: Article 16 (provider obligations), Article 22 (authorised representative), Article 23 (importer), Article 24 (distributor), Article 25 (deployer), Article 26 (deployer obligations including 26(9) FRIA), Article 50 (transparency / watermarking), the relevant requirements of Articles 27 + 28, the obligations of Notified Bodies.

What's the lowest tier?

Article 99(5) — €7,500,000 OR 1% of total worldwide annual turnover, whichever is higher. Applies to: supply of incorrect, incomplete, or misleading information to Notified Bodies + competent authorities. Designed to incentivise honest engagement with the conformity-assessment process.

How are penalties calculated for a multi-product violator?

Article 99(7) — when deciding the amount, supervisory authorities take into account: nature, gravity + duration of the infringement, number of affected persons, level of damage, intent or negligence, financial situation of the operator, prior infringements, cooperation with authorities, technical + organisational measures implemented by the operator. There's discretion within the cap.

Are GPAI providers subject to penalties?

Yes — Article 101 sets separate penalties for GPAI (general-purpose AI) providers: up to 3% of worldwide annual turnover OR €15M, whichever is higher, for non-compliance with Articles 51-55 (foundation-model transparency, training-data summary, copyright policy, systemic-risk obligations). Imposed by the EU AI Office, not member-state authorities.

What about EU institutions themselves?

Article 100 — different framework. EU institutions, bodies, offices, agencies are subject to administrative fines by the European Data Protection Supervisor (EDPS) up to €1.5M (Art. 5 violations) or €750K (other violations). Lower because public-sector EU bodies, not commercial.

£4,950 Audit-Prep Bundle →Free 90-sec scorecard →

Source: EU AI Act Regulation 2024/1689 Art. 99 · MEOK AI Labs · CSOAI LTD · UK Companies House 16939677