Three Tiers of Administrative Fines
The EU AI Act establishes a graduated penalty structure based on the severity of the violation. In every case, the higher amount applies — so large companies face percentage-based fines, while smaller companies face the fixed-amount floor.
| Violation Type | Max Fine | % of Global Revenue |
|---|---|---|
| Tier 1 — Prohibited Practices Deploying banned AI systems (social scoring, subliminal manipulation, etc.) | €35 million | 7% of global annual turnover |
| Tier 2 — High-Risk Violations Non-compliance with high-risk system requirements (Arts. 9-15, 43, 71) | €15 million | 3% of global annual turnover |
| Tier 3 — Incorrect Information Supplying incorrect, incomplete, or misleading information to authorities | €7.5 million | 1% of global annual turnover |
GDPR's maximum is €20M or 4% of global turnover. The EU AI Act's maximum is €35M or 7% — nearly double. The EU has signaled that AI governance violations are treated more seriously than data protection violations.
Beyond Fines: Other Consequences
Financial penalties are only part of the enforcement picture. Non-compliance triggers additional consequences:
- Market access restrictions — non-compliant AI systems can be withdrawn from the EU market entirely, cutting off revenue from 450 million consumers
- Mandatory recalls — market surveillance authorities can order the recall of non-compliant AI systems already in deployment
- Civil liability — affected individuals can bring civil claims for damages caused by non-compliant AI systems, including discrimination and fundamental rights violations
- Reputational damage — enforcement actions are public, creating negative press that affects customer and investor confidence
- Contract consequences — EU enterprise clients increasingly require AI Act conformity as a procurement condition; non-compliance blocks deals
Who Enforces the AI Act
Enforcement is distributed across EU member states through national market surveillance authorities, with coordination by the European AI Office. Each member state must designate at least one competent authority by August 2, 2025.
For US companies, the practical enforcement mechanism is often indirect: your EU customers and partners will require compliance evidence as a business condition, even before regulators knock on your door.
SME Considerations
The AI Act includes proportionality provisions for small and medium enterprises. SMEs and startups face reduced fines — the lower of the fixed amount or the percentage applies, not the higher. However, this only applies to entities that qualify as SMEs under EU definition (fewer than 250 employees and under €50M annual turnover).
A compliance assessment and documentation package costs a fraction of even the lowest penalty tier. Contact Lexara Advisory for a scope and risk assessment before enforcement begins.