Status update — April 2026: The Digital Omnibus on AI (COM(2025) 836) proposes extending SME proportionality factors under Article 99(6) to small mid-cap enterprises (SMCs) — companies with 50–500 employees, turnover €10M–€100M, balance sheet €10M–€86M. Many NYC mid-sized companies fall in this band and could benefit from reduced penalty ceilings under Member State transposition if the Omnibus is adopted. See our Digital Omnibus note.

The headline figures for EU AI Act penalties — €35 million or 7% of worldwide turnover — circulate in every compliance pitch. They are correct but incomplete. A NYC company trying to size the risk needs to know how the penalty tiers actually work, when each applies, how turnover is calculated for the fine base, and where SME reductions kick in. This piece takes the penalty architecture apart at the level a CFO and a compliance lead need to make a budget decision.

Written by an EU-trained lawyer who reads Article 99 in the register European market surveillance authorities will actually apply, not through summaries drafted for a US audience.

The three penalty tiers under Article 99

Article 99 of Regulation (EU) 2024/1689 establishes three tiers of administrative fines for EU AI Act violations. The tier that applies depends on which obligation has been violated, not on the company's size or intent.

Tier 1 — prohibited practices (Article 5). Non-compliance with the prohibition of AI practices in Article 5 is subject to administrative fines up to €35,000,000 or, if the offender is an undertaking, up to 7% of total worldwide annual turnover for the preceding financial year, whichever is higher. This tier exceeds GDPR's maximum (€20M / 4%) and is among the highest in EU regulatory practice.

Tier 2 — operator and notified body obligations. Non-compliance with obligations of providers (Article 16), authorised representatives (Article 22), importers (Article 23), distributors (Article 24), deployers (Article 26), notified bodies (Articles 31, 33, 34), and transparency obligations under Article 50, other than Article 5, is subject to fines up to €15,000,000 or up to 3% of total worldwide annual turnover, whichever is higher.

Tier 3 — information supply. Supplying incorrect, incomplete, or misleading information to notified bodies or national competent authorities in response to a request is subject to fines up to €7,500,000 or up to 1% of total worldwide annual turnover, whichever is higher.

Note the structure. Tier 1 is a narrow set (Article 5 prohibitions only) with the highest ceiling. Tier 2 is the broad middle tier that captures most day-to-day obligations. Tier 3 is the procedural tier that kicks in when compliance documentation is submitted but defective.

What the numbers mean for a NYC-sized company

The "higher of €X million or Y% of turnover" formulation is important. For large companies, the turnover-percentage amount is higher than the cap; for small and mid-sized companies, the Euro cap is higher than the turnover percentage. The result:

A NYC company with annual turnover of $200 million (roughly €185M) facing a Tier 2 violation would see maximum exposure of approximately €5.6M (3% of €185M), not €15M, because €15M is above the 3% line.

A NYC company with $2 billion turnover facing the same Tier 2 violation would see maximum exposure of €55M, because 3% of €1.85B is €55M — well above the €15M cap.

A smaller NYC company, say $30M turnover, facing the same Tier 2 violation would see maximum exposure of €900k (3% of €28M), not €15M, because the percentage is lower than the cap.

The practical implication: the headline "€35M or 7%" numbers overstate the exposure for most NYC companies, because most will never hit the Euro cap. Your actual maximum is the percentage of turnover.

Turnover — what counts, what does not

Article 99 refers to "total worldwide annual turnover for the preceding financial year." Two interpretive questions matter for NYC companies:

Group or entity? The Regulation uses "undertaking" — a concept borrowed from EU competition law — which typically refers to the economic unit, including group-level consolidation for corporate groups acting as a single economic entity. This means a NYC subsidiary of a US parent can have its penalty base calculated against the worldwide consolidated turnover of the group, not just its own revenue. This is identical to how GDPR penalties are calculated and how EU competition fines are assessed.

Which year? "The preceding financial year" is the fiscal year ending before the sanctioning decision. For a company whose financial year aligns with the calendar year, a penalty decided in 2027 uses 2026 turnover.

The turnover question is often the single biggest determinant of actual financial exposure. NYC subsidiaries that assume their local revenue is the base are frequently wrong. The economic reality test governs.

SME reduction under Article 99(6)

Article 99(6) requires Member States, when setting fines, to take into account the situation of small and medium-sized enterprises, including startups, and their economic viability. This is a mandatory proportionality factor, not a discretionary discount.

In practice, this means Member States have transposition flexibility to structure lower fines for SMEs. A Member State may apply the lower of the two fine amounts (the Euro cap rather than the percentage), may allow staged payments, may cap at a lower percentage, or may defer enforcement. The exact mechanisms vary by Member State transposition.

For NYC companies, the SME-adjacent logic applies if you qualify under EU SME definitions: fewer than 250 employees and annual turnover under €50M or balance sheet under €43M (medium-sized); or fewer than 50 employees and turnover/balance under €10M (small). Most NYC AI startups qualify as SMEs under these thresholds.

Supplementary penalties beyond fines

Fines are not the only tool. Member State market surveillance authorities have powers under Articles 79-84 and 93 including:

Corrective action requirements. The authority may require the provider or deployer to bring the AI system into compliance, recall it from the market, or withdraw it from service. Non-compliance with a corrective order is itself a penalty ground.

Withdrawal from market. A high-risk AI system that cannot be brought into compliance may be ordered off the EU market entirely. For a US company whose product depends on EU revenue, this is often more damaging than any fine.

Public disclosure. Some Member States have introduced, via transposition, the power to publish non-compliance decisions. Reputational exposure in enterprise sales contexts can exceed the fine in business impact.

Criminal liability. Article 99 is administrative, but some Member States have introduced or contemplate parallel criminal offences for the most serious prohibitions. The criminal track is outside the Regulation's own penalty scheme but is allowed by Article 99(1).

GPAI provider fines under Article 101

Article 101 creates a separate fine regime for providers of general-purpose AI models (OpenAI, Anthropic, Google, Meta, and others). The Commission may impose fines up to 3% of annual worldwide turnover or €15 million, whichever is higher, for breaches of Chapter V obligations.

Article 101 fines are imposed by the Commission (via the AI Office), not by national authorities. This matters because the Commission has direct enforcement authority over GPAI providers — a different enforcement architecture than the Member-State-led scheme for other AI Act violations.

For most NYC companies deploying GPAI models through API (see our GPAI deployer note), Article 101 is not directly relevant — it applies to the provider upstream. Your exposure sits in Articles 99(3) and 99(4) as a deployer.

When can fines actually be imposed?

The temporal question matters. Article 113 phases application: Articles 4 and 5 applicable since 2 February 2025, Chapter V obligations since 2 August 2025, main obligations applicable 2 August 2026, Article 6(1) applicable 2 August 2027.

Article 99(11) adds that penalty provisions apply from 2 August 2026 — meaning Article 5 violations occurring between February 2025 and August 2026 are already violations of applicable law, but fines under Article 99 Tier 1 only begin being imposed from August 2026 onwards. Violations that continue past August 2026 are fully exposed.

For deployer obligations under Article 26 and Article 50 transparency, the entire exposure window begins 2 August 2026. Before that date there is no applicable obligation, therefore no penalty base.

What a NYC compliance officer should do with this

Budgeting compliance risk under the EU AI Act requires three inputs: (1) your worldwide consolidated turnover for the base year, (2) your classification of each AI system under Articles 5, 6/Annex III, 50, or outside scope, (3) the tier of potential violation for each classification.

A defensible risk memo multiplies these: maximum Tier 1 exposure (if any Article 5 issue exists) = higher of €35M and 7% of consolidated turnover; maximum Tier 2 exposure (for each in-scope high-risk deployment) = higher of €15M and 3% of consolidated turnover; maximum Tier 3 exposure (for defective documentation submissions) = higher of €7.5M and 1% of consolidated turnover.

The mitigation strategies that actually reduce this number are: (a) remove any Article 5 exposure before 2 August 2026, (b) complete Annex IV technical documentation and Article 9 risk management with audit-quality records, (c) establish instruction-for-use and human oversight designs under Articles 13 and 14, (d) register systems in the Article 49 database where applicable, (e) document the whole file so that responses to authority requests are complete and accurate the first time.

The most underestimated risk

From our advisory work, the most underestimated penalty exposure is not Tier 1 (most NYC companies do not deploy Article 5 prohibited practices) and not Tier 2 (the maximum rarely applies because most violations are documented and corrected during inspection). It is Tier 3 — the supply of incomplete information to authorities.

Tier 3 triggers when a company responds to an Article 74 or Article 21 information request with submissions that are later found to be incorrect or incomplete. The trigger is often not bad faith; it is disorganised documentation. A company that has not maintained Annex IV records in a current, indexed, retrievable form will produce incomplete responses under deadline, which then attracts Tier 3 exposure on top of whatever Tier 2 issue prompted the request in the first place.

The answer is unglamorous: keep documentation audit-ready at all times. This is cheaper than reconstructing it under deadline, and it is the single practice most differentiating companies that emerge well from regulator inquiries from those that do not.

Primary sources. Regulation (EU) 2024/1689: Article 16 (provider obligations), Article 22 (authorised representative), Article 26 (deployer obligations), Article 50 (transparency), Article 74 (market surveillance), Article 79 (safeguard), Article 81 (Union safeguard procedure), Article 99 (penalties), Article 99(6) (SME proportionality), Article 99(11) (temporal application), Article 101 (GPAI fines), Article 113 (application dates). Recommendation 2003/361/EC (SME definition).