EU AI Act Sanction Estimator — Calculate Your Maximum Fine

Estimate your maximum EU AI Act fine based on violation type and company turnover. Prohibited practices: €35M/7%. High-risk non-compliance: €15M/3%. For SMEs, the lower amount applies.

EU AI Act sanction tiers

Violation	Max fine (large org)	Max fine (SME/startup)
Prohibited practices (Art. 5)	€35,000,000 or 7% of global annual turnover	Lower of the two amounts
High-risk AI non-compliance (Chapters III & V)	€15,000,000 or 3% of global annual turnover	Lower of the two amounts
Incorrect/misleading information to authorities	€7,500,000 or 1% of global annual turnover	Lower of the two amounts

Estimating your exposure

For a large organisation with €1 billion global annual revenue:

Prohibited practice violation: up to €70,000,000 (7% > €35M absolute cap)
High-risk AI non-compliance: up to €30,000,000 (3% > €15M absolute cap)

For a mid-market company with €50 million global annual revenue:

Prohibited practice violation: up to €35,000,000 (cap applies — 7% = €3.5M, so cap applies; wait, for SME the LOWER applies — €3.5M)
High-risk AI non-compliance: up to €1,500,000 (3% of €50M = €1.5M, lower than €15M cap)

Key insight for SMEs: The "lower amount" rule significantly reduces SME exposure. A startup with €5M revenue faces a maximum of €350,000 for a prohibited practice (7% of €5M), not €35M.

Stacking with GDPR and NIS2

AI systems often process personal data and may be deployed in critical sectors. Fines can stack:

GDPR: Up to €20M or 4% global annual turnover for personal data violations
NIS2: Member state fines, typically up to €10M or 2% of global revenue for essential entities
AI Act: As above

A biometric identification system deployed without proper consent could simultaneously trigger all three. Total maximum exposure for a large organisation across all three: €70M (AI Act) + €20M (GDPR) + €10M (NIS2).

To reduce your exposure, complete the Compliance Checklist → and ensure all high-risk AI obligations are documented and implemented before your deadline.

AI Act meets DORA and NIS2

Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.

Explore regulation-dora.eu ↗

Frequently Asked Questions

How are EU AI Act fines calculated?

EU AI Act fines are calculated as the higher of an absolute cap or a percentage of global annual turnover: €35M or 7% for prohibited practices, €15M or 3% for most high-risk violations. For SMEs and startups, the lower of the two amounts applies — protecting smaller organizations from disproportionate fines.

Who has authority to impose EU AI Act fines?

National market surveillance authorities in each EU member state have sanctioning authority for AI Act violations. The EU AI Office can impose sanctions on GPAI model providers. Maximum fine levels are set by the AI Act, but actual fines depend on severity, duration, intent, cooperation, and remediation.

Is €35M the absolute maximum fine under the EU AI Act?

For individual provisions, yes. However, the AI Act fines can stack with fines from other EU regulations. A non-compliant high-risk AI system might simultaneously trigger AI Act fines, GDPR fines (up to €20M or 4%), and NIS2 fines, potentially compounding the exposure significantly.

Stay ahead of AI Act changes

Get compliance alerts when deadlines or obligations change.

No spam. One-click unsubscribe.