Acuity AI Advisory

EU AI Act FAQ

What are the penalties for breaching the EU AI Act?

Quick answer

The EU AI Act's penalty structure is tiered: up to €35 million or 7% of global annual turnover (whichever is higher) for using prohibited AI practices; up to €15 million or 3% of global annual turnover for other violations of the Act; up to €7.5 million or 1.5% of global annual turnover for providing incorrect or misleading information to regulators. For Irish organisations, these fines are enforced by sectoral regulators (Central Bank, LSRA, HPRA, etc.) and the AI Office of Ireland.

Penalty tiers — amounts and triggers

The EU AI Act sets three penalty tiers. The highest tier — up to €35 million or 7% of global annual turnover, whichever is higher — applies to violations of the prohibited practices provisions. Using a social scoring system, deploying subliminal manipulation AI, or operating real-time biometric surveillance without authorisation can trigger this tier. The middle tier — up to €15 million or 3% of global annual turnover — applies to violations of other obligations in the Act, including failures to meet high-risk AI requirements, non-compliance with transparency obligations, and failures to implement adequate governance structures. The lower tier — up to €7.5 million or 1.5% of global annual turnover — applies to providing incorrect, incomplete, or misleading information to regulators. Ireland's Regulation of Artificial Intelligence Bill 2026 also introduces criminal sanctions for serious breaches. For SMEs, the Act includes provisions for proportionate penalties that take company size into account, but proportionality does not mean nominal penalties.

Who enforces EU AI Act penalties in Ireland

EU AI Act enforcement in Ireland operates through 15 National Competent Authorities. The Central Bank of Ireland is the NCA for AI in financial services — credit, insurance, investment, payments. The Data Protection Commission is the NCA for AI systems that process personal data, and has particular jurisdiction over automated decision-making. The Health Products Regulatory Authority is the NCA for AI in medical devices and healthcare. The Legal Services Regulatory Authority is the NCA for AI in legal practice. The AI Office of Ireland acts as the default NCA for cross-sectoral cases and general-purpose AI, and coordinates enforcement across the 15 NCAs. For Irish organisations in regulated sectors, this means that EU AI Act enforcement is conducted by the same regulators that already supervise their sector — regulators with established investigative capacity, existing supervisory relationships, and the institutional knowledge to integrate AI Act obligations into their existing frameworks.

Acuity AI helps Irish organisations build the compliance evidence that protects against EU AI Act enforcement action. See our EU AI Act compliance services.