The European Union began enforcing the first binding penalties under the EU AI Act in June 2026, issuing fines to three US-based AI companies for deploying high-risk systems without completing required conformity assessments.

The EU AI Office confirmed the enforcement actions affect products in biometric categorization and emotion recognition, both classified as high-risk under the Act’s Article 6 framework.

Fines can reach 3 percent of global annual revenue under the Act’s tiered penalty structure. For large AI developers, that figure runs into the hundreds of millions of euros for a single violation.

What the EU AI Act Requires from High-Risk AI Systems

The Act requires high-risk AI systems to complete a conformity assessment before deployment in the EU market. This includes technical documentation, risk management records, and human oversight mechanisms.

Companies must also register high-risk systems in the EU database maintained by the AI Office. Systems deployed without registration are subject to market withdrawal orders alongside fines.

According to the AI Office’s June 2026 enforcement bulletin, the three companies had been notified of deficiencies in February but did not complete remediation within the 90-day correction window.

Which Sectors Face the Most Enforcement Risk

Biometric systems, credit scoring, employment screening, and critical infrastructure management are classified as high-risk under Annex III of the Act. Companies in these sectors face the most immediate compliance pressure.

Healthcare AI systems used in treatment decisions also fall under high-risk classifications. The EU has signaled medical AI as a priority enforcement area for the second half of 2026.

General-purpose AI models, including large language models, face a separate transparency framework under the Act’s GPAI provisions. Those rules took effect in August 2025 and are now in active review.

US Companies Respond to EU AI Enforcement

Two of the three companies issued statements saying they are cooperating with the EU AI Office and working to complete assessments. The third did not respond publicly by the time of publication.

The US Chamber of Commerce called the enforcement actions “premature” and said the AI Office has not provided sufficient implementation guidance. EU officials rejected that characterization, citing 18 months of public consultation since the Act passed.

Industry analysts at Gartner estimate that 40 percent of US AI companies operating in the EU have not fully completed high-risk conformity assessments as of Q2 2026.

What This Means for AI Development in 2026

The enforcement actions signal that the EU is moving beyond the grace period approach that characterized the Act’s first enforcement year. Companies that deferred compliance work are now facing active legal exposure.

Legal teams at major AI companies have reportedly begun accelerating conformity assessment work following the June announcements. Several are hiring EU-based compliance officers for the first time.

The broader impact on AI development may depend on whether the US responds with its own federal framework. No comprehensive federal AI law has passed as of June 2026, leaving the EU Act as the de facto global standard for companies operating in both markets.

Timeline of EU AI Act Enforcement

Date	Milestone
August 2024	EU AI Act entered into force
February 2025	Prohibited AI practices banned (Article 5)
August 2025	GPAI model transparency rules took effect
February 2026	High-risk system rules became applicable
June 2026	First penalty enforcement actions issued
August 2027	Full Act applies to all remaining AI systems

Frequently Asked Questions

Which AI systems are classified as high-risk under the EU AI Act?

High-risk systems include AI used in biometric identification, critical infrastructure, education, employment, credit scoring, law enforcement, border control, and healthcare. Full definitions are in Annex III of the Act.

Can US companies be fined under the EU AI Act?

Yes. The Act applies to any AI system deployed or placed on the EU market, regardless of where the developer is headquartered. This is consistent with the EU’s approach to GDPR enforcement against non-EU companies.

What is the maximum fine under the EU AI Act?

Maximum fines are 35 million euros or 7 percent of global annual revenue for prohibited AI practices, whichever is higher. High-risk violations carry fines up to 15 million euros or 3 percent of global revenue.