Artificial Intelligence in Australia
Enforcement / fines
Information not provided.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Laws specifically addressing AI have not been introduced in Brazil yet. Draft Article 50 of the proposed Brazilian AI Bill specifies fines and other penalties for breaches of specific requirements of the proposed legislation.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
National laws specifically addressing AI have not yet passed in Canada.
Article 24 of the Chilean AI Bill establishes that the Agency will be responsible for the control and sanctioning of the infringements established in the Chilean AI Bill. These infringements can categorised as follows:
- Very serious: The commissioning or use of an AI system of unacceptable risk, resulting in fines up to 20.000 UTM (USD 1.380.000 approx.).
- Serious: Non-compliance with the rules laid down for High-Risk AI Systems, resulting in fines up to 10.000 UTM (USD 690.000 approx.).
- Slight: Non-compliance with the transparency obligations for Limited-Risk AI Systems, resulting in fines up to 5.000 UTM (USD 345.000 approx.).
A person suffering damage because of the use of an AI system will be able to sue for:
- The cessation of the acts that are generating the damage.
- Compensation for damages.
- The adoption of necessary measures to prevent the continuation of the infringement.
- The publication of the judgment at the expense of the convicted party, by means of advertisements in a newspaper of the plaintiff's choice.
The relevant regulatory authorities have the power to impose penalties for violation of the certain provisions of the abovementioned provisions and measures based on the wider applicable laws and regulations of the PRC.
This said, the PRC authorities have broad powers in addition to fines which may have an impact on business activities and reputational risks, including the issuance of warnings, suspension of services or business licences, blocking and blacklisting.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Enforcement / fines in Denmark
Under Law No. 467 of 14 May 2025, Danish authorities such as the Agency for Digital Government and the Danish Data Protection Agency are empowered to issue fines for violations of the EU AI Act. The law also authorizes the Minister for Digitalisation, in agreement with the Minister of Justice, to adopt rules enabling certain cases to be resolved without court proceedings through the issuance of administrative fine notices - provided the offender admits the violation and agrees to pay the fine within a specified deadline. As the law does not enter into force until 2 August 2025, no such rules have yet been adopted, and the administrative fine procedure has not been applied in practice.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Enforcement / fines in Finland
According to government proposal HE 46/2025, administrative fines are generally imposed by the competent market surveillance authority for each case. However, if the authority determines that the sanction should exceed EUR 100,000, it must refer the matter to the AI Systems Supervision Sanction Board, as it does not have the authority to impose fines above this threshold.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Enforcement / fines in Germany
Germany has not yet implemented its own rules on penalties and other enforcement measures, despite being required to do by 2 August 2025 in accordance with Article 99 of the EU AI Act. However, according to the draft implementation act dated September 2025, general German statutory law on regulatory offences (Gesetz über Ordnungswidrigkeiten) shall be applicable.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Enforcement / fines in Greece
Law 4961/2022 outlines administrative and criminal sanctions for private sector entities that fail to meet their obligations to disclose AI usage in the workplace. These can include administrative fines ranging from €300 to €50,000, issued by the Labor Inspection Body (ΣΕΠΕ), and temporary suspension of operations.
In addition, Article 9 of Law 4961/2022 provides refers to the imposition of criminal sanctions of Law 3996/2011, i.e. imprisonment of at least six months and/or financial penalties (of at least €900) for provides for employers violating their obligations to inform their current and prospective employers on the use of AI systems and individuals preventing inspections by the Labor Inspection Body.
Laws specifically addressing AI have not yet been introduced in Hong Kong.
Failure to comply with the Hong Kong personal data protection law when using AI will be subject to sanctions under that law.
Compliance with industry-specific AI guidelines (e.g. in the financial service sectors) may be supervised and enforced in the usual way by the relevant industry regulators.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The AI Act does not contain any penal provisions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Enforcement / fines in Luxembourg
The Luxembourg Bill currently being discussed, if adopted in its current wording, will grant Luxembourg market surveillance authorities the power to impose the administrative fines for non-compliance provided for in the EU AI Act.
According to the Luxembourg Bill, decisions from the competent authorities can be appealed to the Administrative Court.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Laws specifically addressing AI have not been introduced in Mauritius yet.
Laws specifically addressing AI have not been introduced in Mexico yet. Article 24 of the AI Bill specifies sanctions for infringement including potential fines of up to 5% of annual income (Article 24ii.).
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Laws specifically addressing AI have not been introduced in New Zealand yet, so there are no AI-specific enforcement regimes or fines. Enforcement and fines under existing legislation could be applied in the AI context, such as under the Privacy Act, human rights and intellectual property laws.
Laws specifically addressing AI have not been introduced in Nigeria yet.
In the Norwegian proposal for the Act on artificial intelligence, breaches of the EU AI Act can be sanctioned with coercive fines. This proposal is based on Article 99(1) of EU AI Act, which allows for the possibility of laying down rules on alternative sanctions that are not directly specified in the Act.
Laws specifically addressing enforcement/fines relating to AI have not been introduced in Peru yet.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Laws specifically addressing AI have not yet been introduced in Singapore.
Failure to comply with Singapore's personal data protection or IP laws when developing or using AI will be subject to sanctions or private legal actions under those laws.
Compliance with industry-specific AI guidelines (e.g. in the financial service sectors) may be supervised and enforced in the usual way by the relevant industry regulators.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
The AI Act provides authority to the Minister of MSIT to initiate investigations in cases where (i) MSIT learns of any actual or potential violation of the following obligations under the AI Act, or (ii) MSIT receives a report or civil complaint of such a violation: (i) obligation to label content created using generative AIs (Article 31, Paragraph (2)); (ii) obligation to provide notice to viewers or to label “deepfakes” (Article 31, Paragraph (3)); (iii) obligation to secure safety when the cumulative compute usage in the AI system training surpasses a designated threshold and/or duty to report on measures taken by the service provider to secure such safety (Articles 32, Paragraphs (1) and (2)); and (iv) obligation to secure safety and reliability for high-impact AIs (Article 34, Paragraph (1)). Upon finding of any violation listed above, the Minister of MSIT may issue an order to suspend or correct the action in violation against the violator (Article 40, Paragraph (3)).
Furthermore, administrative fines may be imposed for the following: (i) failure to appoint a domestic agent may result in an administrative fine of up to KRW 30 million (Article 43, Paragraph (1), Item 2); (ii) failure to comply with the advance notification obligation for the high-impact AI or generative AI may result in an administrative fine of up to KRW 30 million (Article 43, Paragraph (1), Item 1); and (iii) failure to comply with the corrective orders may result in administrative fines of up to KRW 30 million (Article 43, Paragraph (1), Item 3).
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Enforcement / fines in Spain
The Spanish Draft AI Bill, sets out a graduated sanctions regime based on the severity of the infringement and the nature of the AI system involved:
- Very serious infringements involving prohibited AI systems are punishable by fines ranging from EUR 7,500,001 to 35,000,000, or alternatively, 2% to 7% of the offender’s total worldwide annual turnover from the previous financial year, whichever is higher.
- Very serious infringements involving high-risk AI systems may result in fines between EUR 7,500,001 and 15,000,000, or 2% to 3% of the global annual turnover, whichever is higher.
- Serious infringements are subject to penalties ranging from EUR 500,001 to 7,500,000, or 1% to 2% of global annual turnover, whichever is higher.
- Minor infringements are punishable by fines from EUR 6,000 to 500,000, or 0.5% to 1% of global annual turnover, whichever is higher.
Before launching a formal sanctioning procedure, authorities may open a preliminary investigation phase to assess responsibility. During this period, market surveillance authorities may request information from those involved. For SMEs, proceedings may be suspended to allow time for corrective measures, provided the infringement is not serious.
Once formal sanctioning proceedings begin, a 20% reduction in the proposed fine may be applied if the offender acknowledges responsibility. For SMEs, this reduction can increase to 25% if they acknowledge responsibility and/or make voluntary payment before the final resolution.
Public sector entities are exempt from monetary penalties under Article 99.8 of the EU AI Regulation. However, in such cases, a formal reprimand will be issued, naming the responsible authority or senior official.
In addition to any financial sanctions, the infringer will be required to restore the situation to its original state and compensate for any damages caused. Compensation may be determined by the competent authority and must be fulfilled accordingly.
The EU AI Act enforces compliance through a structured framework of fines and sanctions, varying in severity based on the nature of the non-compliance.
For non-compliance with prohibited AI practices, fines can reach up to EUR 35 million or 7% of the total worldwide annual turnover, whichever is higher.
This includes practices like manipulative AI systems, exploiting vulnerabilities, social scoring by public authorities, and unauthorized biometric identification in public spaces.
Breaches of high-risk AI system requirements can incur fines up to EUR 15 million or 3% of the total worldwide annual turnover.
These requirements include risk management, data governance, technical documentation, transparency, and cybersecurity. Other non-compliance issues, such as providing incorrect or misleading information, can result in fines up to EUR 7.5 million or 1% of the total worldwide annual turnover. This applies to breaches not covered by the highest or significant sanctions.
Laws specifically addressing AI have not been introduced in Thailand yet.
Laws specifically addressing AI have not been introduced in Turkey yet.
There is no unified federal law or emirate level law in the UAE that has a primary focus on regulating AI (and therefore no published fines).
The Commissioner for Data Protection in the DIFC has the power to issue a general fine for not complying with the DIFC’s Data Protection Regulations in an amount the Commissioner considers to be appropriate and proportionate, taking into account the seriousness of the contravention and the risk of actual harm to any data subject.
There is no single statute addressing AI in the UK yet. Existing powers available to the CMA, ICO and, for the financial services sector, the FCA and Ofcom for the media and online services sector, are therefore to be considered. It is worth noting that the Digital Regulation Cooperation Forum (DRCF) was set up in the UK to facilitate collaboration between the CMA, ICO, FCA, and Ofcom to coordinate on cross-sector digital risks, which established a dedicated AI and Digital Hub for innovators.
Where deployment of AI might result in redunancies, it is important to be aware of changes introduced by the Employment Rights Act 2025.
Federal and state agencies can vary widely in how they enforce AI-related laws – not only because the laws themselves differ, but also due to the distinct enforcement powers that each agency holds.
For example, the DOJ and SEC jointly charged the founder of an AI startup with securities and wire fraud involving false claims about AI capabilities. Each agency sought several forms of relief, with the DOJ seeking a prison sentence and the SEC seeking civil fines.
The FTC’s cases involving deceptive marketing of AI tools have resulted in injunctions and sometimes monetary payments.
At the state level, enforcement is similarly fragmented, with available relief dependent on the agencies and laws involved. For example, Colorado and Utah have enacted AI-specific laws that include statutory penalties:
- Colorado’s AI Act authorizes the AG to bring actions for violations as unfair or deceptive trade practices, with penalties aligned with the Colorado Consumer Protection Act
- Utah’s AI Policy Act imposes fines of up to USD 2,500 per incident and USD 5,000 per violation for undisclosed or unlawful use of generative AI in regulated occupations