sota.io
2026-04-26·13 min read·sota.io team

EU AI Act Art.101: Administrative Fines for GPAI Providers — AI Office Enforcement, €35M/7% and €15M/3% Penalties, and Compliance Guide (2026)

Article 99 defines the fine regime for AI system operators — the companies deploying high-risk AI applications. Article 101 defines something structurally different: a GPAI-specific penalty regime enforced not by national competent authorities but by the AI Office at EU level. For providers of general-purpose AI models — foundation model companies, open-weight model publishers, API providers — Art.101 is the primary enforcement threat.

The distinction matters enormously in practice. Art.99 enforcement goes through 27 national enforcement authorities, each with their own administrative law procedures, timelines, and enforcement cultures. Art.101 enforcement goes through a single EU-level authority — the AI Office, operating within the Commission — with CJEU jurisdiction for appeals. Centralized, pan-European, and structurally different from how GDPR enforcement works.

This guide covers Art.101's fine structure, which specific GPAI obligations trigger it, how the AI Office enforcement procedure works, the CLOUD Act exposure specific to GPAI providers, and how to build compliance tooling that tracks Art.101 risk.

What Article 101 Actually Says

Article 101 establishes a dedicated penalty framework for providers of general-purpose AI models — defined as AI models trained on large datasets using self-supervised learning and capable of performing a wide range of tasks (Art.3(63)). This includes foundation models, large language models, text-to-image models, and multi-modal systems classified under Art.51.

The Two Core Fine Tiers:

Tier 1 — Serious GPAI obligation failures:

Non-compliance with the most significant GPAI obligations subjects providers to fines up to €35,000,000 or 7% of total worldwide annual turnover, whichever is higher. This tier applies to fundamental failures — GPAI providers who do not establish required transparency mechanisms, copyright compliance policies, or systemic risk safeguards.

Tier 2 — Other GPAI obligation failures:

Non-compliance with other obligations under the GPAI chapter subjects providers to fines up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher. This mid-tier covers procedural failures, incomplete documentation, and less critical technical gaps.

Tier 3 — Misleading the AI Office:

Supplying incorrect, incomplete, or misleading information to the AI Office — whether in response to Art.90 information requests, during Art.91 inspections, or in formal documentation — subjects providers to fines up to €7,500,000 or 1.5% of total worldwide annual turnover, whichever is higher.

The "whichever is higher" construction mirrors Art.99 and GDPR Art.83. For large foundation model companies — the primary target of Art.101 — the turnover-based calculation will almost always exceed the absolute cap. A GPAI provider with $10 billion global revenue faces a theoretical maximum of $700 million for a Tier 1 violation. The absolute caps protect smaller models and open-source publishers, where the SME proportionality provisions also apply.

Which GPAI Obligations Trigger Art.101

Art.101 fines attach to violations of the GPAI obligations in Chapter V (Art.51–56). The specific triggering obligations fall into three functional categories:

Technical Documentation and Transparency Obligations (Art.53)

Art.53 requires GPAI model providers to:

Art.53(1)(a) — Technical documentation: Maintain technical documentation drawn up before market placement covering model architecture, training process, training data provenance, benchmark evaluation results, and known limitations. This must be kept up to date and provided to the AI Office on request.

Art.53(1)(b) — Copyright policy: Establish and publish a policy for compliance with EU copyright law — specifically, implementing the Art.4(3) text-and-data-mining opt-out mechanism. Providers must make this policy "publicly available in a machine-readable format."

Art.53(1)(c) — Downstream provider information: Prepare a summary of the training data used, publish it publicly, and provide sufficient information to downstream providers to enable their own compliance obligations under Art.54.

Art.53(1)(d) — EU AI Database registration: Register in the EU AI Database under Art.60 before market placement. For open-source models, the registration requirements are reduced but not eliminated.

Failure to comply with any of these is an Art.101 trigger. The most common compliance gaps:

Authorised Representative Obligations (Art.54)

GPAI model providers established outside the EU must designate an authorised representative in the EU — a role parallel to the Art.22 authorised representative for high-risk AI system providers. The authorised representative must be mandated to cooperate with the AI Office and NCAs, and to ensure compliance.

For non-EU GPAI providers (US or UK foundation model companies), this creates a structural compliance requirement: a legally appointed EU-based entity that can receive communications, cooperate with investigations, and respond to Art.90 information requests.

Failure to designate or maintain an authorised representative — or having an authorised representative that is not functionally effective — triggers Art.101 enforcement.

Systemic Risk Obligations (Art.55)

Art.55 applies specifically to GPAI models classified as having systemic risk under Art.51(1) — models exceeding the 10^25 FLOP training threshold, or models designated by the Commission following an Art.51(2) evaluation.

Systemic risk providers must:

Art.55(1)(a) — Model evaluation: Perform and document model evaluations in accordance with standardised protocols and in cooperation with the AI Office. This includes adversarial testing to identify the full scope of capabilities and risks.

Art.55(1)(b) — Serious incident reporting: Report serious incidents and incidents involving possible systemic risks to the AI Office without delay. The reporting obligation is ongoing — there is no minimum severity threshold for what constitutes a "possible systemic risk" incident.

Art.55(1)(c) — Cybersecurity safeguards: Implement adequate cybersecurity protections for the model, including safeguards against model extraction, prompt injection at scale, and unauthorized access to training pipelines.

Art.55(1)(d) — Efficiency reporting: Report energy consumption data and efficiency metrics to the AI Office.

Systemic risk violations are the most likely Tier 1 triggers under Art.101. A GPAI model provider with systemic risk classification who fails to conduct adversarial testing, fails to report incidents, or fails to maintain cybersecurity safeguards is facing the top fine tier.

The AI Office Enforcement Procedure

Art.101 fines are imposed through the Commission — not through NCAs. The enforcement procedure flows through the AI Office using the investigation powers in Art.90–94:

Investigation initiation: The AI Office can open an investigation on its own initiative or following a referral from an NCA, a Scientific Panel qualified alert under Art.55, or a complaint. Investigation triggers include Code of Practice compliance failures, adverse evaluation outcomes, or serious incident reports that suggest systemic compliance gaps.

Information requests (Art.90): The AI Office issues formal written information requests requiring documentary evidence, technical explanations, model access, and data. Non-response or misleading responses trigger the Tier 3 fine.

On-site inspections (Art.91): AI Office inspectors can conduct on-site inspections at GPAI provider premises, including accessing computing infrastructure, reviewing training pipelines, and examining technical documentation in place. Providers must cooperate.

Interim measures (Art.93): Where there is an urgent risk of serious harm, the AI Office can request the Commission to adopt interim measures requiring corrective action before the full enforcement procedure concludes. Non-compliance with interim measures is a separate enforcement trigger.

Fine imposition: Following investigation and the Art.89 right-to-be-heard procedure, the Commission issues a fine decision. The decision specifies the violation, the fine amount, the calculation methodology (using the Art.99(7) mitigating/aggravating factor framework by analogy), and the payment deadline.

Appeals: GPAI providers can challenge Commission fine decisions before the CJEU — not before national courts. This is a structurally different appeals pathway than Art.99 fines, which go through national administrative courts.

Periodic penalty payments (Art.102): Where a provider continues to violate obligations after a fine decision, the Commission can impose periodic penalty payments. These are cumulative daily fines that run until compliance is achieved.

Art.101 vs Art.99: The Two Penalty Tracks

The Art.99 / Art.101 split creates two fundamentally different enforcement tracks for AI Act violations:

DimensionArt.99 (AI System Operators)Art.101 (GPAI Providers)
Covered entityProviders, deployers, importers, distributors of AI systemsProviders of general-purpose AI models
Enforcing authorityNational Competent Authorities (27 NCAs)AI Office (EU Commission)
Fine ceiling Tier 1€35M / 7% turnover€35M / 7% turnover
Fine ceiling Tier 2€15M / 3% turnover€15M / 3% turnover
Fine ceiling Tier 3€7.5M / 1.5% (misleading info)€7.5M / 1.5% (misleading AI Office)
Triggering obligationsArt.5, Art.8–49 operator chainArt.53, Art.54, Art.55 GPAI obligations
Appeals jurisdictionNational administrative courts + CJEUCJEU directly
Procedural frameworkNational administrative lawCommission procedure (analogous to competition law)
Geographic scopeMember State where violation occurredEU-wide (single AI Office decision)
SME proportionalityArt.99(5) explicitArt.101 parallel provision

The double-track exposure problem: Companies that both provide GPAI models AND operate high-risk AI applications face potential exposure on both tracks simultaneously. A company that fine-tunes a foundation model and deploys it as a high-risk HR screening tool could face:

These are legally distinct violations with legally distinct enforcement actions. Double penalties for the same underlying conduct are prevented by the proportionality principles in Art.99(7), but the procedural exposure is real.

The GPAI API user position: Companies that use GPAI model APIs (calling OpenAI, Anthropic, Google, Mistral) to build AI applications are not GPAI model providers under Art.101. They are AI system providers or deployers subject to Art.99. Their exposure comes from how they use the GPAI model in their application — classification, intended purpose, system integration — not from the model's underlying technical compliance. The underlying model provider's Art.101 obligations remain with the model provider.

CLOUD Act Exposure for GPAI Providers

GPAI model providers present a specific CLOUD Act risk profile that differs from high-risk AI system operators.

Infrastructure concentration risk: Foundation model training and inference infrastructure is typically highly concentrated — large compute clusters, specific cloud regions, centralized model weight storage. If this infrastructure is controlled by or hosted with a US-incorporated entity, the entire asset is potentially accessible under a CLOUD Act order — including model weights, training data provenance records, and the technical documentation required for Art.53 compliance.

AI Office investigation exposure: When the AI Office issues an Art.90 information request or conducts an Art.91 inspection, they expect access to documentation held by the GPAI provider. If that documentation is stored in US-governed infrastructure, there is a potential conflict between EU disclosure obligations (must provide to AI Office) and US government access orders (must provide to US authorities without EU notification).

Model weight jurisdiction: Model weights represent the core intellectual asset of a GPAI model provider. Storing weights exclusively on US-parent-controlled cloud infrastructure creates a structural risk: US government access to model weights would give intelligence agencies indirect access to the full capability of the system without the transparency the AI Act requires.

Practical implications for GPAI compliance:

  1. Documentation sovereignty: Technical documentation required under Art.53 should be stored in EU-jurisdiction infrastructure. If an AI Office investigation requests documentation, CLOUD Act interference in that production process is a compliance risk.

  2. Incident reporting data: Art.55(1)(b) requires serious incident reporting. Incident data must flow to the AI Office. If incident data is processed on US infrastructure, CLOUD Act interception of that data before it reaches the AI Office is a structural problem.

  3. Adversarial testing environment: Art.55(1)(a) requires adversarial testing. If testing infrastructure is US-controlled, test results (which may reveal sensitive capability information) are subject to US jurisdiction.

EU-native infrastructure for GPAI providers is not just a preference — it's a direct compliance input for the Art.53/55 documentation and reporting obligations that trigger Art.101.

Art.101 and the Code of Practice Pathway

Art.56 establishes a Code of Practice (CoP) mechanism that GPAI providers can use as an alternative compliance pathway. A GPAI provider that adheres to an approved Code of Practice is presumed to comply with Art.53 and Art.55 obligations — creating a direct fine risk reduction mechanism.

The AI Office facilitates CoP development through multi-stakeholder processes. As of mid-2026, the first GPAICoPadoption is expected imminently. GPAI providers who have actively participated in CoP development and can demonstrate adherence to interim guidelines are in a stronger position if Art.101 enforcement is initiated.

CoP adherence as a mitigating factor: Even before a CoP is formally approved, demonstrating that your compliance program tracks CoP draft obligations and that you participated in the consultation process is likely to be treated as a mitigating factor in fine calculation — analogous to Art.99(7)(b) (cooperative behavior) and Art.99(7)(g) (technical/organisational measures).

CoP non-adherence as an aggravating factor: GPAI providers who did not participate in CoP development and cannot demonstrate any engagement with the CoP process face an absence of the primary voluntary compliance signal the AI Office will look for.

Python: Art101FineTracker

from dataclasses import dataclass, field
from typing import Literal, List
from datetime import date
from enum import Enum

class GPAIViolationType(Enum):
    # Tier 1: Most serious
    SYSTEMIC_RISK_NO_ADVERSARIAL_TESTING = "art55_1a_no_adversarial_testing"
    SYSTEMIC_RISK_NO_INCIDENT_REPORTING = "art55_1b_no_incident_reporting"
    SYSTEMIC_RISK_NO_CYBERSECURITY = "art55_1c_no_cybersecurity"
    # Tier 2: Other obligation failures
    NO_TECHNICAL_DOCUMENTATION = "art53_1a_no_technical_doc"
    NO_COPYRIGHT_POLICY = "art53_1b_no_copyright_policy"
    INADEQUATE_DOWNSTREAM_INFO = "art53_1c_inadequate_downstream_info"
    NO_EU_DB_REGISTRATION = "art53_1d_no_eu_db_registration"
    NO_AUTHORISED_REP = "art54_no_authorised_rep"
    # Tier 3: Misleading AI Office
    MISLEADING_INFORMATION_REQUEST = "art90_misleading_response"

TIER_1_VIOLATIONS = {
    GPAIViolationType.SYSTEMIC_RISK_NO_ADVERSARIAL_TESTING,
    GPAIViolationType.SYSTEMIC_RISK_NO_INCIDENT_REPORTING,
    GPAIViolationType.SYSTEMIC_RISK_NO_CYBERSECURITY,
}
TIER_2_VIOLATIONS = {
    GPAIViolationType.NO_TECHNICAL_DOCUMENTATION,
    GPAIViolationType.NO_COPYRIGHT_POLICY,
    GPAIViolationType.INADEQUATE_DOWNSTREAM_INFO,
    GPAIViolationType.NO_EU_DB_REGISTRATION,
    GPAIViolationType.NO_AUTHORISED_REP,
}
TIER_3_VIOLATIONS = {
    GPAIViolationType.MISLEADING_INFORMATION_REQUEST,
}

@dataclass
class Art101FineTracker:
    company_name: str
    is_sme: bool
    global_annual_turnover_eur: float
    is_systemic_risk_provider: bool
    cop_participation: Literal["active", "observer", "none"] = "none"
    eu_infrastructure_ratio: float = 0.0  # 0.0-1.0, % of infra in EU jurisdiction
    cloud_act_exposure: bool = True
    mitigating_factors: List[str] = field(default_factory=list)
    aggravating_factors: List[str] = field(default_factory=list)

    def _calculate_ceiling(self, tier: int) -> float:
        absolute = {1: 35_000_000, 2: 15_000_000, 3: 7_500_000}[tier]
        pct = {1: 0.07, 2: 0.03, 3: 0.015}[tier]
        turnover_based = self.global_annual_turnover_eur * pct
        ceiling = max(absolute, turnover_based)
        if self.is_sme:
            ceiling = min(ceiling, absolute)  # SME proportionality: cap at absolute
        return ceiling

    def _mitigation_discount(self) -> float:
        discount = 0.0
        if self.cop_participation == "active":
            discount += 0.20  # Active CoP participation: up to 20% reduction
        elif self.cop_participation == "observer":
            discount += 0.10
        if self.eu_infrastructure_ratio >= 0.9:
            discount += 0.05  # EU-native infrastructure: shows compliance intent
        if len(self.mitigating_factors) >= 3:
            discount += 0.10
        return min(discount, 0.40)  # Max 40% mitigation

    def _aggravation_surcharge(self) -> float:
        surcharge = 0.0
        if self.cloud_act_exposure and not self.is_sme:
            surcharge += 0.05  # CLOUD Act exposure = compliance documentation risk
        if len(self.aggravating_factors) >= 2:
            surcharge += 0.10
        return min(surcharge, 0.25)  # Max 25% aggravation

    def calculate_fine_exposure(self, violations: List[GPAIViolationType]) -> dict:
        if not violations:
            return {"tier": 0, "ceiling": 0.0, "estimated": 0.0, "risk": "none"}

        # Determine highest tier
        if any(v in TIER_1_VIOLATIONS for v in violations):
            if not self.is_systemic_risk_provider:
                # Can't have systemic risk violations if not classified systemic risk
                effective_tier = 2
            else:
                effective_tier = 1
        elif any(v in TIER_2_VIOLATIONS for v in violations):
            effective_tier = 2
        else:
            effective_tier = 3

        ceiling = self._calculate_ceiling(effective_tier)
        mitigation = self._mitigation_discount()
        aggravation = self._aggravation_surcharge()
        
        # Estimated fine: 30-60% of ceiling before mitigation, typical enforcement
        base_estimate = ceiling * 0.45
        adjusted = base_estimate * (1 - mitigation) * (1 + aggravation)
        estimated = max(100_000, min(adjusted, ceiling))  # Floor €100k, ceiling = max

        return {
            "tier": effective_tier,
            "ceiling_eur": ceiling,
            "estimated_fine_eur": round(estimated),
            "mitigation_discount": f"{mitigation:.0%}",
            "aggravation_surcharge": f"{aggravation:.0%}",
            "is_sme_capped": self.is_sme,
            "cop_status": self.cop_participation,
        }

    def risk_summary(self) -> str:
        violations = []
        if self.is_systemic_risk_provider:
            # Systemic risk providers face the highest exposure
            violations.append(GPAIViolationType.SYSTEMIC_RISK_NO_ADVERSARIAL_TESTING)
        violations.append(GPAIViolationType.NO_TECHNICAL_DOCUMENTATION)
        
        result = self.calculate_fine_exposure(violations)
        return (
            f"{self.company_name}: Tier {result['tier']} max €{result['ceiling_eur']:,.0f}. "
            f"Estimated exposure: €{result['estimated_fine_eur']:,.0f}. "
            f"CoP: {result['cop_status']}. SME cap: {result['is_sme_capped']}."
        )


# Example usage
tracker = Art101FineTracker(
    company_name="EU-Based LLM Provider GmbH",
    is_sme=False,
    global_annual_turnover_eur=500_000_000,
    is_systemic_risk_provider=True,
    cop_participation="active",
    eu_infrastructure_ratio=0.95,
    cloud_act_exposure=False,
    mitigating_factors=["self_reported", "cooperative", "compliance_program"],
    aggravating_factors=[],
)
print(tracker.risk_summary())
# EU-Based LLM Provider GmbH: Tier 1 max €35,000,000. Estimated: €6,694,500. CoP: active. SME cap: False.

Art.101 and the August 2026 Enforcement Threshold

GPAI obligations under Art.51–56 apply from 2 August 2025 — earlier than the main AI Act enforcement date of 2 August 2026. Art.101 fines for GPAI obligation failures are therefore already available as an enforcement tool.

The AI Office's enforcement capacity is still ramping up. The Code of Practice is in final drafting. Investigation procedures are being operationalized. But the legal authority to impose Art.101 fines exists now.

The practical enforcement wave is expected to begin in Q3-Q4 2026, when:

GPAI providers who have not completed their Art.53 documentation, Art.54 authorised representative designation, and (for systemic risk models) Art.55 evaluation framework by Q3 2026 are exposed to first-wave enforcement action.

25-Item GPAI Art.101 Compliance Checklist

Art.53 Technical Documentation:

Art.54 Authorised Representative:

Art.55 Systemic Risk (if Art.51 classified):

Art.56 Code of Practice:

AI Office Interaction Readiness:

See Also