What types of compliance documents can ComplianceIQ generate?

ComplianceIQ generates privacy policies, terms of service, employee handbooks, data handling policies, OSHA compliance documents, acceptable use policies, HIPAA compliance docs, information security policies, and more — all tailored to your industry.

Are the generated documents legally valid?

ComplianceIQ generates comprehensive, industry-standard compliance documents informed by current regulations. While they provide an excellent foundation, we recommend having critical documents reviewed by legal counsel for your specific jurisdiction.

How does ComplianceIQ stay current with regulations?

Our AI models are continuously updated with the latest regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2, OSHA, and more. Pro and Enterprise plans include regulatory update alerts.

← All calculators

EU AI Act · FREE TOOL

EU AI Act Fine Calculator

Article 99 of the EU AI Act sets three penalty tiers tied to global annual turnover, enforceable since 2 August 2025. Prohibited practices (Article 5) carry the steepest cap — €35M or 7% of worldwide turnover, higher of the two. Use this tool to estimate maximum exposure by violation tier, with SME proportionality applied automatically.

Annual worldwide turnover (EUR)

€50.00M / year

Use parent / undertaking turnover, not just EU.

Violation tier (Article 99)

Social scoring, untargeted facial scraping, real-time biometric ID in public, emotion recognition at work/school, predictive-policing profiling, manipulative dark patterns.

SME / start-up?

Article 99(6): for SMEs the LOWER of the fixed cap or percentage applies (opposite of the standard rule).

Fixed cap

€35.00M

Article 99 (3) statutory ceiling.

7% of turnover

€3.50M

7% × €50.00M.

Maximum exposure (higher of the two)

€35.00M

Standard rule: higher of €35.00M and €3.50M.

Run my free compliance audit Generate policies

How this is calculated

Regulation (EU) 2024/1689 Art. 99(3)

Prohibited AI practices (Art. 5) — up to €35M or 7% of total worldwide annual turnover, whichever is higher.

Regulation (EU) 2024/1689 Art. 99(4)

Non-compliance with operator obligations (high-risk systems, transparency, conformity, post-market monitoring) — up to €15M or 3% of turnover.

Regulation (EU) 2024/1689 Art. 99(5)

Supplying incorrect, incomplete, or misleading information to notified bodies / national authorities — up to €7.5M or 1% of turnover.

Regulation (EU) 2024/1689 Art. 99(6) + Art. 101

For SMEs and start-ups, the LOWER of the two amounts (fixed cap or percentage) applies. GPAI providers face up to €15M or 3% under Art. 101.

Things people get wrong

Penalties for prohibited practices became enforceable on 2 February 2025; full Article 99 enforcement (high-risk + GPAI) from 2 August 2025 / 2026.
Turnover is GLOBAL group / undertaking turnover — not just EU revenue. Same 'undertaking' concept as GDPR Article 83.
SME proportionality cuts both ways: if 7% of turnover < €35M for an SME, the LOWER amount applies — so very small companies may pay less than the fixed cap.
Multiple violations can stack across distinct AI systems and distinct obligations; the cap is per infringement category.
Non-EU providers placing AI systems on the EU market are in scope (Art. 2) — extraterritorial like GDPR.
Article 5 prohibitions include social scoring, untargeted facial-image scraping, real-time biometric ID in public, emotion recognition at work/school, predictive policing based on profiling alone, and manipulative dark patterns exploiting vulnerabilities.
GPAI providers (foundation models) face a separate fine schedule under Art. 101: same €15M / 3% cap, with extra rules for systemic-risk models.

FAQ

What's the maximum EU AI Act fine?

€35M or 7% of total worldwide annual turnover (whichever is higher) for using a prohibited AI practice listed in Article 5. This is HIGHER than the GDPR maximum (4% / €20M) — the EU AI Act is the most aggressive AI regulation in the world by penalty ceiling.

When do EU AI Act fines start?

Article 5 prohibitions and Article 99 fines for those prohibitions began 2 February 2025. General-purpose AI obligations and the bulk of high-risk system obligations (and corresponding fines) phase in by 2 August 2025 and 2 August 2026, with full applicability for high-risk systems already on the market by 2 August 2027.

Does the EU AI Act apply to my US company?

Yes if you place an AI system on the EU market, put it into service in the EU, or if outputs are used in the EU. Article 2(1)(c) catches non-EU providers and deployers — the same extraterritoriality model GDPR uses. Most US SaaS with EU users is in scope.

Are SMEs treated differently?

Yes. Under Article 99(6), for SMEs (including start-ups) the lower of the two amounts (fixed cap OR percentage of turnover) applies — opposite of the standard rule. This protects small EU companies from disproportionate fines while still binding them to the substantive rules.

What counts as a prohibited AI practice?

Article 5 prohibits: subliminal manipulation, exploitation of vulnerabilities (age, disability, socio-economic), social scoring by public authorities, real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions), predictive-policing profiling, untargeted facial-image scraping for databases, emotion recognition in workplaces/education, and biometric categorisation inferring race/political/religion/sexual-orientation. These trigger the €35M / 7% cap.

EU AI Act Fine Calculator

How this is calculated

Things people get wrong

FAQ

Related