Article 99 — Penalties (EU AI Act)

Article 99 of Regulation (EU) 2024/1689 — Penalties. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 99 of Regulation (EU) 2024/1689 establishes the administrative penalty framework for infringements of the EU AI Act. It sets out a three-tier structure of fines calibrated to the severity of the breach.

The most serious infringements — violations of the prohibited AI practices listed in Article 5 — attract fines of up to €35 million or 7% of total worldwide annual turnover, whichever is higher. Violations of other obligations imposed on providers, deployers, importers, and distributors — including those relating to high-risk AI systems, transparency obligations, and GPAI models — are subject to fines of up to €15 million or 3% of worldwide annual turnover. Supplying incorrect, incomplete, or misleading information to notified bodies or national competent authorities is penalised at up to €7.5 million or 1% of worldwide annual turnover.

For GPAI model providers, Article 99(3) cross-references the fine thresholds that apply to obligations under Chapter V (Articles 53–56), including systemic-risk obligations for providers of GPAI models with systemic risk. When the offending party is an SME or startup, the percentage-of-turnover ceiling applies where it produces a lower absolute figure than the fixed amount ceiling. National competent authorities are responsible for imposing and enforcing fines within their jurisdiction, while the AI Office holds enforcement competence over GPAI model providers at Union level.

What This Means in Practice

Article 99 is the enforcement backbone of the EU AI Act. Its tiered structure directly shapes how organisations should prioritise their compliance programmes.

For providers of high-risk AI systems, the 3%/€15 million tier applies to failures such as inadequate conformity assessments, missing technical documentation, non-compliant quality management systems, or failure to register systems in the EU database under Article 71. A medical device manufacturer deploying an AI-assisted diagnostic tool without completing the required conformity assessment under Annex VI, for example, faces exposure in this tier.

For any operator deploying prohibited AI applications — such as real-time biometric identification in public spaces outside the narrow exceptions, social scoring by public authorities, or subliminal manipulation techniques — the 7%/€35 million tier applies. These are the Act's hard prohibitions, and the penalty level signals that no business justification can offset a violation.

For GPAI model developers and deployers, fines under the 3% tier attach to failures around technical documentation, copyright transparency, and — for systemic-risk models — incident reporting and adversarial testing obligations.

For all operators, misinforming regulators during market surveillance investigations triggers the 1% tier. This is operationally significant: it means internal document management, audit trails, and cooperation protocols with authorities must be robust before regulators come knocking.

Proportionality factors — including the duration of infringement, degree of cooperation, and prior violations — guide authorities in setting the actual fine within the applicable ceiling.

Key Obligations

• Avoid prohibited practices (Article 5): Any deployment or placing on the market of AI systems that engage in practices listed in Article 5 — including real-time remote biometric identification in publicly accessible spaces (outside listed exceptions), social scoring, subliminal manipulation, and exploitation of vulnerabilities — exposes the operator to the highest penalty tier.
• Fulfil provider obligations for high-risk AI systems: Providers must maintain conformity assessments, technical documentation, quality management systems, and post-market monitoring. Failures in any of these areas are subject to the mid-tier fine.
• Comply with GPAI model obligations (Chapter V): Providers of general-purpose AI models must meet transparency, documentation, and copyright policy obligations; providers of GPAI models with systemic risk face additional requirements around incident reporting, model evaluations, and cybersecurity measures.
• Provide accurate information to authorities: All operators must cooperate with national market surveillance authorities and the AI Office, and must not supply incorrect or misleading information during investigations or conformity procedures.
• Ensure SME-proportionate compliance: While SMEs benefit from proportionality consideration in fine-setting, they are not exempt from substantive obligations — they must still comply with applicable requirements and are subject to enforcement.
• Maintain internal audit trails: Given that fines can be modulated by degree of cooperation and corrective actions taken, organisations should maintain evidence of compliance steps, incident response procedures, and good-faith engagement with regulators.

Relationship to Other Articles

Article 99 cannot be read in isolation — it is the enforcement expression of obligations defined throughout the Regulation.

The most direct links are to Article 5 (prohibited practices, triggering the top penalty tier) and Articles 8–15 (high-risk AI system requirements, the primary source of mid-tier violations). Article 53–56 (GPAI obligations) feed into the penalty structure for foundation model providers. Article 71 (EU database for high-risk AI systems) is a registration obligation whose breach is caught by the mid-tier.

Article 100 is the sibling provision for Union institutions and bodies, applying a parallel penalty regime administered by the European Data Protection Supervisor rather than national authorities.

Article 98 (penalties for non-compliance by notified bodies) and Article 101 (delegation of power concerning fines for GPAI providers) sit immediately adjacent in the penalty chapter and should be read together with Article 99 for a complete picture of the Act's enforcement architecture. Articles 74–79 (market surveillance and enforcement) define the procedural framework within which Article 99 fines are imposed.

Compliance Timeline

The EU AI Act entered into force on 2 August 2024 (twenty days after publication in the Official Journal). Article 99 itself became applicable on 2 August 2025, following the twelve-month transitional period under Article 113(2).

The phased application schedule is critical context for understanding when penalty exposure attaches to different obligations:

• 2 February 2025 — Prohibition provisions (Article 5) became applicable, meaning violations of prohibited AI practices have been subject to the 7%/€35 million fine tier since this date.
• 2 August 2025 — General applicability date for most of the Act, including Article 99 itself, GPAI model obligations (Chapter V), and the governance framework. The 3%/€15 million and 1%/€7.5 million fine tiers became operational from this date.
• 2 December 2026 — High-risk AI systems covered by Annex I (existing Union harmonisation legislation) must comply with the full high-risk requirements, making provider obligations under Articles 8–15 enforceable with fine exposure.
• 2 August 2027 — High-risk AI systems listed in Annex III that were already on the market before 2 August 2024 must comply, completing the phase-in for legacy high-risk deployments.

Organisations should map their AI portfolio against these dates to determine current and forward-looking penalty exposure under Article 99.