This article analyses the Article 99 penalty framework, provides a methodology for calculating organisational risk exposure, examines mitigation strategies by violation type, and establishes the governance professional’s framework for board-level regulatory risk reporting.
The Three-Tier Penalty Structure
Article 99 establishes three tiers of administrative fines, calibrated to the severity and nature of the violation.
Tier 1: Prohibited Practices — Up to 35 Million EUR or 7% of Global Turnover
The highest tier applies to violations of Article 5 — the prohibited AI practices. The fine is up to 35,000,000 EUR or, if the offender is an undertaking, up to 7% of its total worldwide annual turnover in the preceding financial year, whichever is higher.
For context:
A company with 500 million EUR annual turnover faces a maximum Tier 1 fine of 35 million EUR (the fixed cap is higher than 7% of turnover). A company with 1 billion EUR turnover faces a maximum of 70 million EUR (7% exceeds the fixed cap). A company with 10 billion EUR turnover faces up to 700 million EUR.
Why the highest tier for prohibited practices:
The prohibited practices represent fundamental violations of EU values. The severity of the penalty reflects the EU legislature’s view that these practices are so harmful that they must be deterred with the strongest available sanction. No amount of governance or oversight makes a prohibited practice acceptable — the only compliant response is cessation.
Governance professional analysis:
Tier 1 exposure is binary: either the organisation operates prohibited systems or it does not. The compliance strategy is equally binary: screen all AI systems against Article 5, immediately cease any prohibited practices, and maintain ongoing screening for new systems. The cost of screening is trivial compared to the potential fine.
Tier 2: High-Risk and GPAI Non-Compliance — Up to 15 Million EUR or 3% of Global Turnover
The middle tier applies to violations of:
- High-risk AI system requirements (Articles 8-15)
- Provider obligations (Article 16)
- Quality management system requirements (Article 17)
- Deployer obligations (Article 26)
- GPAI model obligations (Articles 53-55)
- Transparency obligations (Article 50)
- Registration obligations (Article 49)
- Fundamental rights impact assessment (Article 27)
Governance professional analysis:
Tier 2 is the operational exposure tier. It covers the vast majority of compliance obligations and is where most enforcement actions are likely to occur. Unlike Tier 1 (which is about prohibited practices), Tier 2 violations often involve degrees of compliance — an organisation may have a risk management system that does not fully meet Article 9, or technical documentation that omits some Annex IV elements.
The governance professional’s role is to ensure that the organisation’s compliance effort reduces Tier 2 exposure to an acceptable level. “Acceptable” does not necessarily mean zero risk — it means that the residual exposure is understood, documented, and accepted by the board.
Tier 3: Misleading Information — Up to 7.5 Million EUR or 1.5% of Global Turnover
The lowest tier applies to providing incorrect, incomplete, or misleading information to notified bodies, national competent authorities, or the AI Office.
Governance professional analysis:
Tier 3 is often overlooked in compliance planning, but it addresses a critical governance discipline: the accuracy and completeness of regulatory communications. Every piece of information submitted to authorities — classification rationale, conformity documentation, training data summaries, incident reports — must be accurate.
The governance professional should establish a review process for all regulatory submissions: who prepares, who reviews, who approves, and how accuracy is verified.
Risk Exposure Calculation Methodology
Governance professionals need a methodology for quantifying the organisation’s regulatory risk exposure. This quantification serves two purposes: informing compliance investment decisions and enabling board-level reporting.
Step 1: Identify Violation Scenarios
For each tier, identify realistic violation scenarios based on the organisation’s current compliance state:
Tier 1 scenarios:
- An AI system deployed in HR is found to perform emotion recognition in the workplace (Article 5(1)(f))
- A customer-facing AI system uses subliminal techniques to influence purchasing behaviour (Article 5(1)(a))
Tier 2 scenarios:
- A high-risk AI system lacks adequate technical documentation (Article 11)
- The risk management system does not cover reasonably foreseeable misuse (Article 9)
- Human oversight mechanisms are not effective in practice (Article 14)
- GPAI training data summary is insufficiently detailed (Article 53(1)(d))
- A high-risk system is deployed without EU database registration (Article 49)
Tier 3 scenarios:
- Classification rationale provided to authorities contains inaccurate assumptions
- Technical documentation submitted to a notified body omits known limitations
- Energy consumption data provided to the AI Office uses a flawed methodology
Step 2: Assess Likelihood
For each scenario, assess the likelihood that the violation exists and would be discovered:
| Likelihood Rating | Description |
|---|---|
| Very Low | Strong controls in place; scenario is implausible |
| Low | Controls exist but are untested; scenario is unlikely but possible |
| Medium | Controls are partial; scenario is plausible and would be discoverable |
| High | Known gaps exist; discovery is likely if regulatory scrutiny occurs |
| Very High | Active non-compliance; violation is manifest |
Step 3: Calculate Maximum Exposure
For each violation scenario, calculate the applicable maximum fine:
For non-SME organisations:
- Tier 1: MAX(35,000,000 EUR, turnover * 0.07)
- Tier 2: MAX(15,000,000 EUR, turnover * 0.03)
- Tier 3: MAX(7,500,000 EUR, turnover * 0.015)
For SMEs and startups:
- Tier 1: MIN(35,000,000 EUR, turnover * 0.07)
- Tier 2: MIN(15,000,000 EUR, turnover * 0.03)
- Tier 3: MIN(7,500,000 EUR, turnover * 0.015)
The SME provision (Article 99(6)) ensures that for smaller companies, the percentage cap limits the fine to a proportionate amount.
Step 4: Apply Risk-Adjusted Exposure
Combine likelihood and maximum exposure to produce a risk-adjusted figure:
- Very Low likelihood: 0-5% of maximum
- Low likelihood: 5-15% of maximum
- Medium likelihood: 15-35% of maximum
- High likelihood: 35-60% of maximum
- Very High likelihood: 60-100% of maximum
These percentages are illustrative. The actual fine will depend on the factors listed in Article 99(7), which are discussed in the mitigation section below.
Step 5: Aggregate Portfolio Exposure
Sum the risk-adjusted exposure across all violation scenarios to produce a total portfolio exposure figure. This figure should be:
- Disaggregated by tier for board reporting
- Disaggregated by AI system for operational prioritisation
- Compared against the compliance programme budget to demonstrate ROI
Penalty Determination Factors (Article 99(7))
Article 99(7) lists the factors that competent authorities must consider when determining whether to impose a fine and the amount. Understanding these factors is essential for both mitigation planning and board reporting.
Nature, Gravity, and Duration
The more severe the violation, the wider its impact, and the longer it persisted, the higher the fine. A systemic violation affecting millions of persons that persisted for years will attract a higher penalty than a narrow technical non-compliance discovered and corrected quickly.
Mitigation strategy: Implement continuous monitoring and rapid detection. The shorter the duration of any non-compliance, the more favourable this factor.
Intentional or Negligent Character
Intentional violations (knowingly deploying prohibited systems, deliberately falsifying documentation) attract the highest penalties. Negligent violations (failing to recognise a system’s high-risk classification due to inadequate processes) attract lower but still significant penalties.
Mitigation strategy: Demonstrate that the organisation has invested in compliance processes, training, and oversight. Even if a violation occurs, evidence of genuine good-faith compliance effort reduces the intentionality assessment.
Actions Taken to Mitigate Damage
Prompt corrective action is a significant mitigating factor. If a violation is discovered and the organisation immediately acts to mitigate harm — ceasing the practice, notifying affected persons, implementing corrective controls — this weighs in favour of a reduced penalty.
Mitigation strategy: Establish incident response procedures that include immediate mitigation actions, not just investigation and root cause analysis. Speed of response matters.
Degree of Responsibility and Measures Implemented
The sophistication of the organisation’s compliance programme weighs in its favour. An organisation with a documented governance framework, trained personnel, internal audit processes, and continuous monitoring demonstrates a higher degree of responsibility than one with no compliance infrastructure.
Mitigation strategy: Build and maintain a mature compliance programme — not because it eliminates risk of violation, but because it demonstrates to regulators that the organisation takes compliance seriously. The COMPEL framework provides exactly this structure.
Previous Infringements
Repeat offenders face escalating penalties. A first-time violation may receive more lenient treatment; a second violation in the same area signals systemic governance failure.
Mitigation strategy: Maintain a clean enforcement record. If a previous violation has occurred, ensure that the corrective actions were comprehensive and demonstrably effective.
Cooperation with Authorities
Full and proactive cooperation with competent authorities is consistently treated as a mitigating factor across European regulatory enforcement. This includes timely response to information requests, providing access to systems and documentation, and implementing recommended measures.
Mitigation strategy: Designate a regulatory liaison function. Prepare regulatory inspection readiness packs. Never obstruct or delay regulatory enquiries.
Manner of Discovery
Self-reported violations typically receive more favourable treatment than violations discovered through regulatory investigation or third-party complaint. The logic is straightforward: self-reporting demonstrates awareness, responsibility, and commitment to compliance.
Mitigation strategy: If a violation is discovered through internal audit or monitoring, assess whether self-reporting is appropriate. Consult legal counsel before deciding, but recognise that self-reporting is generally viewed favourably.
Mitigation Strategies by Violation Type
Prohibited Practices (Tier 1) Mitigation
The only effective mitigation for Tier 1 is prevention:
- Systematic screening: Screen all AI systems against each Article 5 category using a structured assessment
- New system gates: Include Article 5 screening in the AI system approval process — no system is deployed without clearance
- Vendor assessment: Screen third-party AI systems for prohibited practices before procurement
- Ongoing monitoring: Monitor deployed systems for drift into prohibited territory (e.g., an emotion recognition feature added through a vendor update)
If a prohibited practice is discovered, the mitigation hierarchy is:
- Immediately cease the prohibited practice
- Assess whether any persons were harmed
- Consult legal counsel on self-reporting obligations
- Document the discovery, cessation, and remediation
- Implement controls to prevent recurrence
High-Risk Non-Compliance (Tier 2) Mitigation
Tier 2 violations are the most diverse category. Mitigation strategies depend on the specific requirement:
Documentation gaps (Articles 11, 13): Invest in documentation production early. Documentation gaps are the most common compliance shortfall and the most straightforward to address. Allocate dedicated technical writing resources to compliance documentation.
Risk management deficiencies (Article 9): Implement the continuous, iterative risk management system before the compliance deadline. Test the system through tabletop exercises and risk review sessions. Document evidence of risk management activities.
Human oversight failures (Article 14): Design oversight mechanisms into the system architecture, not as afterthoughts. Train overseers thoroughly. Monitor whether oversight is actually exercised (rubber-stamping is not oversight).
Data governance gaps (Article 10): Conduct bias assessments and data quality reviews. Document data lineage and governance measures. Address identified gaps systematically.
GPAI non-compliance (Articles 53-55): Ensure all required publications (training data summary, energy consumption data) are genuinely accessible and sufficiently detailed. For systemic risk models, invest in adversarial testing and incident monitoring.
Misleading Information (Tier 3) Mitigation
Tier 3 violations are best mitigated through process controls:
- Review process: All information submitted to authorities must be reviewed by a second person before submission
- Accuracy verification: Claims in regulatory submissions must be traceable to supporting evidence
- Completeness checklists: Use checklists to verify that all required information elements are included
- Prompt correction: If inaccurate information is identified after submission, correct it proactively
Board Reporting Framework
Governance professionals must report regulatory risk exposure to the board in a format that is clear, actionable, and proportionate. The following framework provides a structured approach.
Executive Summary Dashboard
Present a one-page dashboard covering:
- AI system count by risk classification: How many prohibited, high-risk, limited-risk, and minimal-risk systems
- Compliance status: For each high-risk system, traffic-light indicator (green/amber/red)
- Maximum regulatory exposure: Total and by tier
- Risk-adjusted exposure: Likelihood-weighted exposure
- Compliance programme status: Budget, timeline, key milestones
- Key risks and actions: Top 3 compliance risks and planned mitigations
Quarterly Detail Report
Provide more detailed quarterly reporting covering:
- Changes to the AI system inventory since last report
- Classification decisions made and rationale
- Compliance programme progress against milestones
- Gap analysis updates and remediation progress
- Incident reports and regulatory communications
- Budget utilisation and forecast
- Regulatory horizon scanning (new guidance, enforcement actions, deadline reminders)
Board Engagement Recommendations
Based on analysis of board governance obligations in the AI context:
- AI should be a standing board agenda item: The regulatory exposure warrants regular board attention
- Non-executive directors should receive AI literacy training: Article 4 obligations extend to board-level governance
- Audit committee involvement: The EU AI Act compliance programme should report to the audit committee alongside other compliance and risk activities
- Risk committee involvement: AI risk should be integrated into the enterprise risk framework, not siloed as a technology risk
The Cost of Non-Compliance vs. Compliance
Governance professionals are frequently asked to justify compliance programme investment. The following framework supports that business case:
Direct financial risk: Maximum fine exposure compared to compliance programme cost. In most cases, the compliance programme cost is a small fraction of the potential fine.
Indirect financial risk: Beyond fines, non-compliance can trigger market access restrictions (the system cannot be placed on the EU market), supply chain consequences (business customers require compliance), and reputational damage.
Competitive advantage: Organisations that achieve compliance early gain market access advantages, supply chain positioning, and customer trust in a market where compliance will increasingly be a procurement requirement.
Operational benefit: The governance structures, documentation practices, and monitoring capabilities required for compliance also improve AI operational quality, reduce technical debt, and support better decision-making about AI investments.
The EU AI Act penalty framework is not designed to punish organisations — it is designed to incentivise the governance practices that make AI safe, trustworthy, and accountable. Governance professionals who frame compliance investment as governance improvement rather than penalty avoidance will find more engaged and supportive boards.