EU AI Act sanctions: what SMBs actually risk
EU AI Act sanctions can reach 35 million euros, yet nobody has been fined yet. Here is what Swedish SMBs actually risk in 2026 and which exemptions lower it.
The headlines are scary: fines up to 35 million euros or 7 percent of global turnover. Yet in June 2026 nobody has been fined under the entire EU AI Act, even though the heaviest rules have applied for over a year. This guide explains what EU AI Act sanctions actually mean for a Swedish SMB, when they start to bite, and which exemptions genuinely lower your risk.
The most important point first: the law is sharp on paper, but proportionality for smaller companies is built in, and several exemptions are written for exactly you.
What does it cost to breach the EU AI Act?
EU AI Act sanctions are governed by Article 99 and split into three tiers: prohibited AI practices cost up to 35 million euros or 7 percent of global turnover, other breaches up to 15 million euros or 3 percent, and misleading information to an authority up to 7.5 million euros or 1 percent.
For large companies the higher of amount and percentage applies. But for small and medium-sized enterprises, including startups, Article 99(6) says the lower of the two applies. It is a deliberate proportionality rule meant to protect smaller players from being crushed by a fine.
The three tiers side by side look like this:
| Tier | Ceiling, large companies | Ceiling, smaller companies (the lower of) | What it covers | Typically hits |
|---|---|---|---|---|
| Prohibited practices | €35M or 7% of global turnover | 7% of turnover | breach of Article 5 | whoever runs manipulative AI or social scoring |
| Other obligations | €15M or 3% of global turnover | 3% of turnover | breach of the high-risk requirements (Articles 16–27) and GPAI rules | whoever deploys a high-risk system without meeting the requirements |
| Misleading information | €7.5M or 1% of global turnover | 1% of turnover | incorrect or incomplete information to an authority | whoever submits faulty documentation during supervision |
Concretely: a Swedish startup with 20 million SEK in turnover that breaches a prohibited practice risks 7 percent of turnover, around 1.4 million SEK, not 35 million euros. The sanctions are still heavy, but the ceiling follows your size.
It gets clearer with several sizes side by side. Because the ceiling for a smaller company is the percentage of turnover, not the euro amount, the fine scales with how large you are and which tier the breach sits at:
| Turnover | Prohibited practice (7%) | High-risk breach (3%) | Misleading information (1%) |
|---|---|---|---|
| 20M SEK (small) | 1.4M SEK | 600,000 SEK | 200,000 SEK |
| 80M SEK (mid-sized) | 5.6M SEK | 2.4M SEK | 800,000 SEK |
| 200M SEK (larger) | 14M SEK | 6M SEK | 2M SEK |
The point is that the euro ceilings (35, 15 and 7.5 million euros) in practice never bind a smaller Swedish company. The percentage is what governs, and then the gap between tiers becomes what decides the risk: a prohibited practice costs seven times more than a pure documentation error at the same turnover.
It is worth understanding what the three tiers actually cover, since most SMBs never land in the top one. The highest tier applies to the explicitly prohibited practices in Article 5, things like social scoring of citizens or manipulative AI. The middle tier covers breaches of the obligations for high-risk systems, meaning running a system in a sensitive application without meeting the requirements. The lowest tier covers giving incorrect or misleading information to an authority during supervision.
What the three tiers cover
For a typical SMB with standard tools, a customer-service chatbot and internal productivity AI, the risk of the top tier is essentially nil. A mid-sized company with 80 million SEK in turnover that misses the documentation requirements for a high-risk system is looking at up to 3 percent, around 2.4 million SEK, and only if it goes all the way to a fine. We walk through the full sanctions regime and the four risk levels in our base guide to the EU AI Act for Swedish companies.
Has anyone actually been fined yet?
No. As of June 2026 nobody has been fined under the entire EU AI Act, even though the ban on certain AI practices (Article 5) has applied since 2 February 2025. This is confirmed by the European Parliament's research service and by independent legal tracking that has found no concluded enforcement case.
The reasons are structural, not a signal that the law is toothless. The supervisory machinery is not yet in place: according to the European Parliament's research service, the list of appointed contact points in March 2026 covered only eight of 27 member states, seven months after the 2 August 2025 deadline. The AI Office's full fining power over general-purpose AI models activates only in August 2026, and the high-risk requirements have not yet started to apply. Several member states, Sweden among them, also lack finished national legislation pointing out who may issue the fines.
This is a transition phase, not a permanent state. Prohibited practices can in theory be fined today, and the first time an authority takes a case all the way sets a standard the rest will follow. The experience from GDPR is clear: the first years were quiet, then the decisions came. The pattern shows in the numbers. In 2023, around 2.1 billion euros in GDPR fines were issued across the EU, more than 2019, 2020 and 2021 combined, and the average fine rose from roughly 500,000 euros in 2019 to 4.4 million euros in 2023, according to statistics from the GDPR Enforcement Tracker compiled by Statista. The cumulative fine total has, according to the CMS GDPR Enforcement Tracker Report, passed 6 billion euros across more than 2,600 decisions up to March 2026. Whoever built their GDPR compliance during the calm early years avoided doing it under review. The same window is open now for AI Act sanctions.
2026 is, in other words, a build-up year. The conclusion for a smaller company is not to ignore the law, but to use the time window to get finished calmly before supervision ramps up. Those who wait until the first fine falls instead end up rushing under pressure.
What the GDPR parallel says about the phase-in
Put the two frameworks side by side and the similarity becomes concrete. Both have a high maximum ceiling, a slow start and an escalation that only comes once supervision matures:
| GDPR | EU AI Act | |
|---|---|---|
| Applies from | May 2018 | February 2025 (ban), August 2026 (GPAI) |
| Maximum ceiling | €20M or 4% of turnover (Article 83) | €35M or 7% of turnover |
| Early years | low activity, average fine around €500,000 (2019) | no fine issued as of June 2026 |
| When it turned | €2.1B in fines during 2023, average fine €4.4M | supervision phases in 2026–2028 |
The table is our own compilation of the figures above, not an official comparison. It shows why 2026 resembles GDPR's year 2018: the framework applies, the ceilings are high, but the decisions have not started to come. Whoever reads AI Act sanctions against GDPR's track record sees that the calm is temporary.
When do EU AI Act sanctions start to bite?
The sanctions phase in as the requirements take effect. Prohibited practices have been fineable since February 2025. The next sharp date is 2 August 2026, when the AI Office's fining power over general-purpose AI models activates. The high-risk requirements come only after that.
Here is the timeline that applies to Swedish SMBs:
| Requirement | Fineable from |
|---|---|
| Prohibited AI practices (Article 5) | 2 February 2025 (in force) |
| AI literacy requirement (Article 4) | 2 February 2025 (in force) |
| General-purpose AI models, GPAI (Article 101) | 2 August 2026 |
| Transparency about AI content (Article 50) | 2 August 2026, proposed moved to 2 December 2026 |
| High-risk standalone systems (Annex III) | proposed moved to 2 December 2027 |
| High-risk in regulated products (Annex I) | proposed moved to 2 August 2028 |
The practical advice is to plan against the dates that are actually in force, not against the proposed delays, until they are decided. If you want to know exactly which level your system lands on, start with our step-by-step guide to risk classification.
How do EU AI Act sanctions work for general-purpose AI models?
General-purpose AI models, like the large language models behind ChatGPT and Claude, have their own sanctions regime in Article 101. Here the European Commission's AI Office is the sole competent authority, not the Swedish one. The fines run up to 15 million euros or 3 percent of global turnover.
For most Swedish SMBs this regime matters indirectly. The sanctions target those who build and provide the models, the large vendors, not the company using ChatGPT in its operations. As a user you are a deployer in the meaning of the law, with considerably lighter obligations than the model builder.
One detail is still worth knowing. There is a voluntary code of practice for general-purpose AI models, finalized in July 2025. It is not binding, but a provider that signs up and follows it risks lower fines if a breach is found anyway. That says something about how enforcement is intended to work: cooperation and documented good faith carry weight, both for model builders and for ordinary companies. Whoever can show they tried to do right is treated more leniently than whoever ignored the rules.
What does the Digital Omnibus change for Swedish SMBs?
The Digital Omnibus is the European Commission's proposal to simplify and postpone parts of the AI regulation. It is not yet binding law. A provisional political agreement was reached on 7 May 2026, but the package must pass a vote and be published before it binds.
For SMBs the proposal contains two important parts. The first is the delays: the high-risk systems in Annex III move to December 2027 and those in regulated products to August 2028. The second is a new category, small mid-caps (fewer than 750 employees and turnover of at most 150 million euros), added alongside today's SME definition of 250 employees and 50 million euros. More companies therefore gain access to the proportionality and the simplified requirements, such as simplified documentation, priority sandbox access and adapted fine caps.
The package also introduces a new prohibition, against AI that creates non-consensual intimate material and abuse material. That shows the delays do not mean the law is being watered down overall: deadlines move where the standards have not been finished, while the clearest risks are tightened. The direction is simplification of the administration, not a softer stance on actual harm.
Until the package is published in the EU's official journal, the original dates apply in full. Whoever plans their compliance against the new dates in advance takes a risk: if the vote is delayed you suddenly sit past a deadline you thought was removed. The safest approach is to build compliance as if the original dates still stand, and treat any delay as extra margin, not as an excuse to postpone the work.
Which exemptions exist for small companies?
The regulation has built-in reliefs for SMBs beyond the fine proportionality. The most important is simplified technical documentation: under Article 11, small and medium-sized companies that build high-risk systems may provide the documentation in simplified form, via a template the Commission will produce.
That exemption removes bureaucratic weight, but not the substantive requirements that the system be safe and auditable. You still have to think about risk, but you skip part of the paperwork that is otherwise sized for large corporations.
On top of this, supervisory authorities must give special consideration to an SME's economic viability when fines are set, and adapt sandbox fees to company size.
What the simplification means in practice
In practice the simplification means you document the same things as a large company, but with less formality. A short description of what the system does, which data it uses and how you review it goes further for a smaller company than for a corporate group. That exemption must not be confused with skipping classification. You still have to know which risk level each AI system sits at, because that assessment decides whether the documentation requirements apply to you at all. Most SMB systems land in low or limited risk, where the burden is minimal from the start.
Whoever wants to know exactly what must be documented finds a ready template in our guide to EU AI Act documentation.
Can a regulatory sandbox protect you from fines?
Yes. A regulatory sandbox under Article 57 is a controlled test environment where you can develop and trial an AI system under the authority's supervision. The strongest protection is that no administrative fines are to be imposed for breaches that occur inside the sandbox, as long as you follow the plan in good faith.
The sandbox gives three things: a protected environment to test in before launch, priority access for SMBs and startups specifically, and a final report from the authority that speeds up the eventual compliance assessment. For a smaller company this is a way to build and prove compliance without risking a fine along the way.
The catch in June 2026 is that most countries, including Sweden, do not yet have a fully operational AI sandbox. The Swedish inquiry proposes that PTS be tasked with setting up the mandatory sandbox, but it is not running. The sandbox is therefore an opportunity to plan for, not to use today.
For an SMB planning a system in a more sensitive application, the advice is to keep the sandbox in mind as a future route. Once the Swedish sandbox opens it becomes one of the cheapest ways to build and prove compliance, especially since the protection from fines during the test period removes what is otherwise daunting about launching early. Whoever already has their risk classification and documentation ready will also move faster through a sandbox process, because the groundwork is then already done.
When do the R&D and open-source exemptions apply?
Two general exemptions often benefit SMBs. The research and development exemption in Article 2 means activities before market launch are not caught by the regulation. The open-source exemption means freely licensed AI is not regulated, as long as it is not high-risk, prohibited or subject to transparency.
The R&D exemption is practically important: you can build and test a prototype internally without the full compliance burden. The protection ends the moment the system is put into service or placed on the market, so it is a development window, not a permanent free zone. Testing under real-world conditions also counts as deployment.
The limit of open source
The open-source exemption has a clear limit: the license alone is not enough. If you take an open model and build a high-risk application, say credit scoring, all requirements apply anyway. The exemption protects the sharing of tools, not the risky use of them. The same logic applies to general-purpose AI models, where open variants without systemic risk skip part of the documentation requirements.
There is also a narrower exemption for purely scientific research, where AI developed exclusively for research purposes falls entirely outside the regulation. The line is drawn at purpose: as soon as any commercial purpose is added, the exemption disappears. For an SMB the practical lesson is that the exemptions are generous in the development phase but close the moment the technology starts to earn money. Build and experiment freely, but expect full compliance from the first real customer. That is rarely a drawback, since that is when the system needs to be safe and auditable anyway.
How do you avoid becoming the test case?
The most effective protection is not being the obvious offender when supervision wakes up. A case usually starts with a complaint: under Article 85 anyone can report a suspected AI system to the market surveillance authority, which must take the report into account.
In Sweden, the inquiry Adaptations to the AI Regulation (SOU 2025:101), submitted to the government in October 2025, proposes that PTS take the lead as the coordinating market surveillance authority, while IMY and the Financial Supervisory Authority share responsibility for high-risk AI. Eleven authorities are designated in total. The new Swedish rules are proposed to take effect when the regulation becomes fully applicable, on 2 August 2026, but have not yet been adopted. The regulation applies directly anyway, so you are bound regardless of where the Swedish legislation stands.
Downtime usually costs more than the fine
The real cost for many SMBs is not the fine but the downtime. The market surveillance authority can demand that a system be withdrawn, recalled or banned from the market, entirely separate from the fines. A system that suddenly has to be shut down mid-operation often costs more in lost business than the fine does.
When a fine is set, the authority weighs a range of circumstances under Article 99(7): how serious the breach is, whether it was intentional, whether you cooperated, and whether you fixed the fault yourself. Whoever discovers a gap, corrects it and tells the authority is treated markedly more leniently than whoever is caught and explains it away. That makes early, documented self-monitoring a concrete risk reduction, not just a formality.
Three things keep you out of the test-case role: classify the systems correctly, document that you did, and inform customers when they meet AI. Those who have that foundation in place are not the ones the authority starts with, and if something is reviewed anyway they are the ones who most easily show good faith.
Taken together, EU AI Act sanctions are real but manageable for an SMB that acts in time. The fine amounts follow your size, nobody has been fined yet, and several exemptions are written for smaller companies. The 2026 window exists to get ready calmly, before supervision ramps up in earnest. For the full picture of how AI agents fit Swedish SMBs within the rules, see our in-depth guide to AI agents for SMBs.
Frequently asked questions
No, not in practice. The 35 million euro ceiling applies to the higher of amount and percentage for large companies. For small and medium-sized companies, Article 99(6) applies the lower, meaning the percentage of your turnover. A company with 20 million SEK in turnover risks at most around 1.4 million, not 35 million euros.
Yes. The delay is a proposal in the Digital Omnibus and does not apply until it is published in the EU's official journal. Prohibited practices and the AI literacy requirement also already apply since February 2025, independent of the Omnibus. Plan against the dates actually in force until the delay is decided.
Only partly. Freely licensed AI is exempt from the regulation, but the exemption ends if the system is high-risk, prohibited or subject to transparency. If you build a credit assessment on an open model, all requirements apply anyway. The license protects sharing of the tool, not the risky use of it.
A case usually starts with a complaint under Article 85. Beyond fines, the market surveillance authority can demand the system be withdrawn, recalled or banned from the market. For many SMBs the downtime is more expensive than the fine, because the operation that relies on the system is forced to pause.
PTS is the proposed coordinating market surveillance authority, and IMY the supervisory authority for prohibited practices and biometric identification, among others. As of June 2026 Sweden has not yet adopted the complementary law, but the regulation is directly applicable and binds Swedish companies regardless of where national legislation stands.
AI to work?