AI compliance​ Article 99 EU AI Act Article 99 penalties​ Corrective measures​ EU AI Act penalties EU AI Act​ High-risk AI systems​ Prohibited AI practices​ SMEs and startups​

EU AI Act- Article 99 Penalties

Oct 16, 2025by Alex .

 Introduction

The European Union's Artificial Intelligence Act (EU AI Act) is a groundbreaking regulation aiming to address the ethical and legal challenges posed by artificial intelligence. Article 99 of the EU AI Act introduces strict EU AI Act penalties and compliance obligations for organizations deploying artificial intelligence systems within the European Union. Understanding these penalties is crucial for businesses operating within the EU or dealing with EU citizens. In this article, we will delve into the fines and penalties associated with the EU AI Act, focusing on Article 99.

EU AI Act- Article 99 Penalties

The EU AI Act is a comprehensive legal framework designed to regulate AI technologies within the European Union. Its primary goal is to ensure that AI systems are safe, transparent, and respect fundamental rights. The Act categorizes AI systems based on risk levels, ranging from minimal to unacceptable. High-risk AI systems, such as those used in critical infrastructure, education, and law enforcement, face stricter regulations and compliance requirements.

Overview of Article 99: Penalties for Non-Compliance

The EU AI Act establishes a tiered penalty regime with fines up to €35 million or 7% of worldwide annual turnover for the most severe violations, alongside corrective measures, warnings, and obligations tailored by severity and actor type, including specific rules for general-purpose AI providers. Penalties began applying from August 2, 2025, with some GPAI-related sanctions taking effect in 2026, and Member States were empowered to set effective, proportionate, and dissuasive enforcement frameworks that consider SMEs’ viability.

Types of Penalties

  • Administrative fines scale up to the higher of fixed euro amounts or a percentage of total worldwide turnover, with the top tier reaching €35 million or 7% for prohibited practices under Article 5, and other tiers at €15 million or 3% and €7.5 million or 1% for specified infringements, including supplying incorrect information to authorities. These penalties for AI regulation violations are among the strictest introduced under any global AI governance law.

  • Corrective measures include orders to cease deploying non-compliant systems, impose changes to attain conformity, and other non-monetary remedies determined by national authorities under Article 99, as part of Member State penalty frameworks mandated by August 2, 2025.

  • Public warnings and non-monetary sanctions form part of national enforcement tools to inform the public of non-compliance and prompt remediation, sitting alongside fines within the Act’s broader AI governance compliance EU architecture.

Calculation of Fines

  • Up to €7.5 million or 1% of worldwide turnover applies for supplying incorrect, incomplete, or misleading information to notified bodies or national competent authorities, whichever is higher, except SMEs/startups where the lower cap applies between amount and percentage.
  • Up to €15 million or 3% of worldwide turnover applies for breaches of certain obligations under the Act outside prohibited practices, with the higher of amount or percentage used, and SME/startup proportionality adjustments set to the lower of the two.
  • Up to €35 million or 7% of worldwide turnover applies for infringements related to prohibited AI practices in Article 5, reflecting the highest severity tier in the penalty structure. These €35 million AI penalties represent one of the most significant enforcement mechanisms within the EU Artificial Intelligence Act penalties framework.

Factors Influencing Penalties

  • Nature, gravity, and duration guide penalty calibration by competent authorities, aligning with Article 99’s requirement for Member States to lay down effective, proportionate, and dissuasive penalties in national law.

  • Intentional or negligent character, prior infringements, and cooperation with authorities can increase or mitigate penalties, consistent with EU AI Act enforcement principles and national frameworks implementing Article 99.

  • SME and startup considerations require authorities to safeguard economic viability; for these entities, caps apply using the lower of the amount and the percentage thresholds defined in Article 99(6). 

Importance of Compliance

  • Non-compliance risks significant financial exposure and reputational damage, especially for prohibited uses and high-risk system obligations, making early alignment with risk-based duties critical for organizations operating in or impacting the EU market.
  • Effective compliance also reduces enforcement uncertainty as Member States operationalize their penalty regimes and oversight processes, which began to apply from August 2, 2025, with staged obligations across 2025–2027. Building a strong EU AI compliance framework and adopting a proactive AI compliance strategy can significantly reduce regulatory risks.

Steps to Ensure Compliance

  • Conduct a risk assessment: Map AI uses, classify by risk category (unacceptable, high, limited, minimal), and identify high-risk deployments under Annex III that trigger QMS, risk management, data governance, human oversight, technical documentation, and post-market monitoring. Conducting an AI risk assessment is essential for achieving EU AI Act implementation readiness.
  • Implement compliance measures: Establish governance, documentation, vendor assurance, and transparency controls suitable to the system’s risk level, and prepare for registration and conformity assessment where required for high-risk systems. Organizations should also maintain a structured AI governance framework to support long-term compliance efforts.

  • Monitor and review: Maintain continuous post-market monitoring, incident handling, and periodic reviews to keep technical documentation and controls current throughout the lifecycle.
  • Engage with authorities: Track national implementation, interact with market surveillance bodies, and prepare for phased obligations and GPAI-specific compliance milestones, with some GPAI fines applying from August 2, 2026.

Key Timelines and GPAI Notes

  • Penalties under Article 99 apply from August 2, 2025, alongside new governance structures, while many substantive duties phase in through 2026–2027, and GPAI administrative fines under Article 101 begin August 2, 2026.
  • Providers of general-purpose AI models face a distinct regime where the European Commission can impose up to €15 million or 3% for violations such as failure to provide documentation or access for evaluation, applying the higher cap for non-SME entities. These emerging general-purpose AI compliance obligations are expected to shape future AI governance and transparency standards across Europe.

Conclusion

The EU AI Act, and specifically Article 99, sets out clear penalties for non-compliance, emphasizing the importance of adhering to the regulation. By understanding and addressing EU AI Act penalties and Article 99 penalties associated with the Act, organizations can avoid significant financial and reputational damage. Compliance with the EU AI Act is not only a legal obligation but also a commitment to ethical and responsible AI development and deployment. By taking proactive steps to ensure EU AI compliance, organizations can foster trust and confidence in their AI systems among stakeholders and the public.

More from: AI compliance​ Article 99 EU AI Act Article 99 penalties​ Corrective measures​ EU AI Act penalties EU AI Act​ High-risk AI systems​ Prohibited AI practices​ SMEs and startups​
Back to EU AI Standard