EU AI Act Enforcement Begins: First Fines and What Comes Next

The European Union has activated enforcement of its AI Act, imposing penalties up to 7% of global revenue for the most serious violations. Investigations target high‑risk applications such as hiring and credit scoring, while transparency obligations now apply across all consumer-facing AI systems.

The EU AI Act is no longer a future concern. As of February 2026, enforcement is active, investigations are underway, and the penalties are severe — up to 7% of global annual revenue for the most serious violations.

What’s Now Enforceable

Banned AI practices such as social scoring systems, real‑time biometric surveillance (with narrow exceptions), and AI that exploits vulnerable groups are prohibited. Violations carry the maximum 7% revenue penalty.

Transparency obligations now apply: any AI system that interacts with people must disclose it is AI; deepfake content must be labelled; chatbots must identify themselves as non‑human.

High‑risk system requirements: AI used in hiring, credit scoring, law enforcement, and critical infrastructure must meet strict documentation, testing, and human oversight requirements.

The First Investigations

The European AI Office has opened its first formal investigations. Initial focus is on generative AI transparency, training data compliance, and high‑risk classification of recruitment and lending systems. The pattern follows the GDPR playbook: start with high‑profile investigations to establish precedent.