EU AI Act Enforcement Begins: $7.5 Billion Fines for Non-Compliant AI Companies

The European Union’s AI Act moved from legislation to enforcement in 2026, with high-risk AI compliance requirements taking effect August 2, 2026, maximum fines of €35 million or 7 percent of global annual turnover, and the European Commission publishing detailed GPAI enforcement rules in March. The regulation now binds not just European companies but any organization worldwide that markets AI services in the European Union.

By Acaderesearch Staff | Published May 26, 2026

The EU AI Act — Regulation 2024/1689 — entered into force on August 1, 2024, and has been activating in carefully staged phases. The prohibitions on unacceptable-risk AI practices took effect in February 2025. General-purpose AI (GPAI) obligations began in August 2025. The most consequential provisions of the entire regulation — high-risk AI system requirements, conformity assessments, and risk management obligations — take effect on August 2, 2026.

The Enforcement Timeline

The AI Act’s phased implementation means companies have been navigating a moving target for 18 months. Here is the complete timeline:

February 2, 2025 — Prohibited AI practices became enforceable. Systems classified as unacceptable risk — including social scoring, real-time remote biometric identification in public spaces (with narrow exceptions), and predictive policing based on profiling — are now prohibited throughout the EU.

August 2, 2025 — GPAI (general-purpose AI) obligations came into force. Foundation model providers, including non-EU companies offering services in the EU, must comply with transparency requirements, technical documentation, and copyright compliance obligations.

August 2, 2026 — High-risk AI system requirements take full effect. This is the deadline most enterprises have been preparing for. Systems classified as high-risk must pass conformity assessments, register with the EU database, implement risk management systems, ensure data governance, maintain logging capabilities, and provide clear human oversight mechanisms.

August 2, 2027 — Full applicability of all provisions. By this date, the entire regulation is enforceable against all covered systems regardless of previous transitional periods.

What Is “High-Risk” AI?

The AI Act classifies AI systems into four risk tiers: unacceptable risk, high risk, limited risk, and minimal risk. The high-risk category is where most companies in the AI industry currently sit.

High-risk AI systems include:

AI in critical infrastructure: Transportation, energy, water, and other essential services where AI decision-making could put life and property at risk.

AI in education: Systems that determine admissions, grading, or educational tracking.

AI in employment: Recruitment, promotion, task allocation, and performance evaluation systems.

AI in healthcare: Diagnostic, treatment planning, and risk assessment systems.

AI in law enforcement: Predictive policing, risk assessment, and evidence evaluation tools.

AI in immigration and border control: Risk assessment, document verification, and identity systems.

High-risk systems must comply with requirements around data quality, technical documentation, transparency, human oversight, accuracy, and cybersecurity. They must also be registered in an EU database and undergo conformity assessment before deployment.

The GPAI Exception and Global Impact

One of the AI Act’s most far-reaching provisions concerns General Purpose AI models. The GPAI provisions — which became enforceable in August 2025 — apply not just to European companies but to any organization worldwide that offers GPAI services in the European Union.

This means that U.S. and Chinese AI companies offering their services in the EU must comply with transparency requirements, technical documentation standards, and copyright compliance obligations. The European Commission’s March 12, 2026 implementation regulation (Ares 2026/2709234) describes for the first time how the Commission will investigate and penalize GPAI providers who fail to meet these standards.

The global implications are significant. Because the European market is so large, “Brussels Effect” dynamics mean that non-European companies may choose to apply EU standards globally to avoid the costs and operational complexity of maintaining separate systems for different markets.

Industry Readiness: A Concerning Gap

According to multiple compliance sources, most enterprises have not yet completed the required conformity assessments or documentation for their high-risk AI systems. The gap between the legal requirement and practical compliance remains wide, particularly among companies whose AI products are not their primary business but are embedded as features in existing products.

The Digital Omnibus proposal, which sought to delay some GPAI compliance obligations, has generated debate about whether the EU will maintain its enforcement stringency or adjust timing to account for industry capacity. As of late May 2026, the enforcement timeline has not changed, and regulators have signaled no intention of postponing the August 2026 high-risk deadline.

Comparison: U.S. and EU Approaches to AI Governance

The regulatory divergence between the United States and Europe is stark. While the White House shifted toward a “partnership” model with AI companies in May 2026 — postponing executive orders on model sharing and voluntary compliance — Europe has moved decisively toward binding regulation with criminal-grade penalties.

The AI’s risk-based classification approach contrasts with the United States’ sectoral, voluntary framework. The EU treats AI as a cross-cutting risk category, while the U.S. has relied on agency-specific guidance and voluntary industry commitments. This difference means that AI companies operating in both markets must navigate two fundamentally different compliance architectures.

What Comes Next

With the August 2026 high-risk deadline approaching, companies have approximately two months to complete conformity assessments, update documentation, and implement risk management processes for any high-risk AI systems they deploy within the EU. The European AI Board will oversee enforcement coordination across member states, and national supervisory authorities will begin issuing audit letters and compliance orders.

The global AI governance landscape has now bifurcated into two distinct models. Europe leads with binding, comprehensive regulation. The United States continues with voluntary cooperation. The gap between the two approaches will determine where AI companies choose to locate their operations — and which regulatory framework becomes the de facto global standard.

Conflict of interest: The reporting on this article was produced by the news staff of Acaderesearch.com. The EU AI Act (Regulation 2024/1689) and its enforcement timeline are public records available through the European Commission and the Official Journal of the European Union.

References

1. Legiscope. EU AI Act Deadlines 2026-2027: Compliance Calendar + Fines. (2026). Available at: https://www.legiscope.com/blog/eu-ai-act-timeline-deadlines.html
2. Advisori. EU AI Act Enforcement Tracker: GPAI Audit Fines 2026. (2026). Available at: https://www.advisori.de/en/blog/eu-ai-act-enforcement-gpai-audit-fines-2026
3. GLACIS. EU AI Act Compliance Guide (April 2026). (2026). Available at: https://www.glacis.io/guide-eu-ai-act
4. Next Waves Insight. EU AI Act: What’s in Force Now and What Hits August 2026. (2026). Available at: https://compliancestack.ai/penalties/eu-ai-act/enforcement-timeline
5. Legalithm. Article 100 EU AI Act: GPAI Model Fines Penalties. (2026). Available at: https://www.legalithm.com/en/ai-act-guide/article-100
6. Presenc AI. EU AI Act Enforcement Tracker 2026. (2026). Available at: https://presenc.ai/research/eu-ai-act-enforcement-tracker-2026