Navigating Potential Penalties under the EU AI Act
Amidst the deliberations of the European Parliament on the European Union’s Harmonised Rules on Artificial Intelligence, known as the EU AI Act, stakeholders and companies are proactively scrutinizing existing regulations. They are evaluating their positions within the EU AI Act’s risk level framework and gaining insights into Conformity Assessment. However, a crucial aspect drawing considerable attention is the spectrum of penalties and fines outlined in Article 71.
Article 71 of the EU AI Act delineates penalties and fines, employing its own classification of AI systems and their associated risk levels. The most substantial fine is reserved for AI systems deemed to carry unacceptable risks—systems explicitly prohibited under the EU AI Act due to their potential to pose risks violating human values and rights. Violations could result in fines of up to 40 million Euros or 7% of annual worldwide turnover.
The subsequent tier of fines pertains to violations involving data, data governance, and transparency. AI systems found in violation of these aspects could face fines of up to 20 million Euros or 4% of annual worldwide turnover. Another category of fines concerns non-compliance of AI systems or foundational models, encompassing instances where bias or potential harm to safety, livelihoods, and rights are identified. Entities in violation could incur fines of up to 10 million Euros or 2% of annual worldwide turnover.
Another potential fine involves an entity supplying incorrect, incomplete, or misleading information to authorities, carrying a penalty of up to 500,000 Euros or 1% of annual worldwide turnover. Beyond companies, European Union agencies, bodies, and institutions can face fines of up to 1.5 million Euros for non-compliance with prohibitions outlined in the EU AI Act. They may also be fined 1 million Euros for non-compliance with Article 10 and up to 750,000 Euros for non–compliance with obligations other than those laid down under Articles 5 and 10. While providers will likely be the primary recipients of fines, the EU AI Act allows for the penalization of others, including users, importers, distributors, and notified bodies.
When considering penalties and fines, the EU AI Act takes several factors into account, including the nature and duration of the violation. It also considers intentional negligence, actions taken to mitigate damaging effects, previous violations and fines, market share of the company, any financial gains derived from the violation, and whether the AI system is used for professional or personal activities. Currently, there is no central authority for imposing fines; instead, member states of the EU are tasked with incorporating the provisions of infringements into national law.
For any inquiries or assistance with preparing for the EU AI Act, reach out to BABL AI. Their Audit Experts are ready to provide valuable assistance.