The Cost of Non-Compliance: EU AI Act Penalties and How Shaip Helps You Avoid Them

Introduction

The European Union’s Artificial Intelligence Act (EU AI Act) not only sets stringent requirements for AI systems but also imposes severe penalties for non-compliance. As businesses develop and deploy AI technologies, including Speech AI and Large Language Models (LLMs), understanding these penalties and taking proactive measures to avoid them is crucial. In this blog post, we’ll delve into the EU AI Act’s penalty structure and explore how Shaip can help you stay compliant.

EU AI Act Penalties

The EU AI Act establishes a three-tiered penalty system based on the severity of the infringement:

Tier 1: Non-compliance with prohibited AI practices

• Fines up to €30 million or 6% of the company’s worldwide annual turnover, whichever is higher.
• This applies to the most severe violations, such as using subliminal manipulation techniques or exploiting vulnerabilities of specific groups.

Tier 2: Non-compliance with requirements for high-risk AI systems, data governance, and transparency obligations

• Fines up to €20 million or 4% of the company’s worldwide annual turnover, whichever is higher.
• This applies to violations of requirements for high-risk AI systems, such as failing to implement a risk management system, not ensuring high-quality training data, or violating data governance and transparency obligations.

Tier 3: Non-compliance with transparency obligations

• Fines up to €10 million or 2% of the company’s worldwide annual turnover, whichever is higher.
• This applies to violations of other obligations and requirements, such as not registering the AI system in the EU database or not cooperating with the authorities.

How & Who decides the penalties?

The EU AI Act outlines general principles for determining penalties, aiming for sanctions that are effective, dissuasive, and proportionate to the specific circumstances of each case. The regulation sets maximum fine thresholds but allows for lower penalties based on the severity of the infringement.

When deciding on penalties, authorities may consider various factors such as:

• The specifics of the offense, including its nature, gravity, and duration
• Whether the violation was intentional or due to negligence
• Steps taken by the offender to mitigate negative impacts
• The offender’s history of previous fines
• Characteristics of the offender, including size, revenue, and market share
• Any financial gains or losses resulting from the infringement
• If the AI system was used for professional or personal purposes

The AI Act takes a proportional approach for small and medium enterprises (SMEs) and startups, prescribing lower fines based on their size, interests, and economic viability.

Responsibility for imposing penalties falls to authorities within each EU Member State rather than a centralized EU-wide body. Member States must incorporate the Act’s infringement provisions into their national laws. Depending on the country’s legal system, fines may be issued by competent courts or other national bodies.

The proposal states that the European Data Protection Supervisor (EDPS) should be considered the competent authority for the supervision of Union institutions, agencies, and bodies when they fall within the scope of this Regulation (Article 63). Additionally, Article 71 mentions that the Commission shall impose fines on Union institutions, agencies, and bodies falling within the scope of this Regulation.

Member States are expected to adhere to the guidelines and criteria established in the AI Act when implementing penalty structures, ensuring that the enforcement of the regulation is consistent across the EU while respecting the legal systems of individual countries.

How Shaip Helps You Avoid Penalties

Shaip’s comprehensive AI data solutions and model evaluation services are designed to help you navigate the complexities of the EU AI Act and avoid costly penalties: