Reference

EU AI Act: compliance, deadlines and penalties by the numbers

Updated June 16, 2026 · By Max Langley, AI Audits EU

A sourced reference on who the EU AI Act covers, when the obligations bite, what non-compliance costs, and what compliance itself costs. Figures are cited; use them, and link back if they help.

€35M / 7%

top fine: amount or global turnover, whichever is higher

Aug 2026

most high-risk obligations become enforceable

Extraterritorial

applies regardless of where your company is based

Does the EU AI Act apply to US or UK companies?

Yes. The Act applies to any provider or deployer that places an AI system on the EU market or whose system output is used in the EU, regardless of where the company is established. A US or UK business with no EU office can still be fully in scope.

What are the EU AI Act compliance deadlines?

The Act entered into force in August 2024. Prohibited practices and AI-literacy duties applied from February 2025, general-purpose AI model rules from August 2025, and most high-risk obligations become enforceable on 2 August 2026, with an extended deadline of August 2027 for high-risk AI embedded in regulated products.

What are the penalties?

Fines are tiered. Prohibited AI practices carry penalties up to EUR 35 million or 7% of global annual turnover, whichever is higher. Most other obligations, including high-risk requirements, reach up to EUR 15 million or 3%, and supplying incorrect information to authorities up to EUR 7.5 million or 1%.

What counts as a high-risk AI system?

Annex III lists high-risk uses: employment and worker management, biometrics, critical infrastructure, education, access to essential private and public services such as credit and insurance, law enforcement, migration and border control, and the administration of justice.

What does EU AI Act compliance cost?

Estimates vary widely. Industry figures put first-year compliance for a single high-risk system around EUR 50,000 to 80,000, third-party conformity assessment by a notified body at roughly EUR 10,000 to 40,000, and full compliance programmes at EUR 100,000 to 300,000. A scoped readiness assessment is far cheaper and the usual starting point.

Do most companies need a notified body?

No. Most high-risk systems are self-assessed through internal conformity assessment, which is the technical documentation a provider prepares and maintains. Only certain high-risk categories legally require third-party assessment by an accredited notified body.

Sources

European Commission, regulatory framework for AI (the EU AI Act), digital-strategy.ec.europa.eu.
EU Artificial Intelligence Act portal, artificialintelligenceact.eu.
Compliance cost estimates compiled in EU AI Act compliance cost statistics.

Not sure where you stand?

Start with a readiness assessment: we classify your system, tell you your risk tier, and map your gaps before you spend on full compliance.

Get a quote How the assessment works

This page is an informational reference, not legal advice. Confirm your obligations with qualified counsel.