2026-04-25·13 min read·sota.io team

EU AI Act Art.99: Penalties — €35M/7% for Prohibited Practices, SME Proportionality, and Developer Risk Exposure Guide (2026)

Article 99 is the financial enforcement backbone of the EU AI Act. Where Articles 5 through 50 define what AI developers must and must not do, Article 99 specifies what it costs when they do not comply. For AI developers, operators, importers, and distributors subject to the Regulation, Article 99 translates compliance obligations into financial exposure in three tiers: up to €35 million or 7% of global annual turnover for prohibited practice violations, up to €15 million or 3% for other operator obligations, and up to €7.5 million or 1.5% for misleading authorities.

These are maximum figures — regulatory ceilings set by the Regulation that Member States and their national competent authorities (NCAs) apply within the proportionality framework Art.99(7) establishes. But understanding the ceiling matters: it anchors the risk calculation that every AI deployment decision should carry.

What Article 99 Actually Says

Article 99 runs seven paragraphs. Each addresses a distinct element of the penalty framework.

Article 99(1) — Member State Penalty Regimes:

Member States shall lay down the rules on penalties, including administrative fines, applicable to infringements of this Regulation by operators, and shall take all measures necessary to ensure that they are properly and effectively implemented, taking into account the guidelines issued by the AI Office pursuant to Article 96.

Art.99(1) establishes a delegation principle: the AI Act defines maximum fine levels and the three-tier structure, but Member States implement the actual penalty regime through national law. This means:

Each Member State NCAs will have its own penalty procedure (administrative law, appeals process, institutional competence)
Fine levels will vary across jurisdictions below the Art.99 maximums
The Art.96 Commission guidelines inform NCA enforcement approach — a compliance program demonstrating awareness of those guidelines signals good faith

For cross-border operations, this creates practical complexity. A company deploying a prohibited AI system in France and Germany faces potential enforcement by both French and German NCAs under their respective national implementations. Art.74(11) provides for NCA coordination to avoid double penalties for the same conduct, but the procedural exposure is real.

Article 99(2) — The Top-Tier Fine: Prohibited Practices:

Non-compliance with the prohibition of the artificial intelligence practices referred to in Article 5 shall be subject to administrative fines of up to EUR 35 000 000 or, if the offender is an undertaking, up to 7 % of its total worldwide annual turnover for the preceding financial year, whichever is higher.

Art.99(2) covers violations of Art.5's prohibited practices:

AI systems using subliminal techniques or exploiting vulnerabilities to manipulate behavior
Social scoring by public authorities
Real-time remote biometric identification in publicly accessible spaces (with narrow exceptions)
Post-remote biometric identification (except law enforcement with judicial authorization)
Emotion recognition in workplace and educational settings
Biometric categorization for sensitive characteristics inference
AI manipulation exploiting psychological/social weaknesses

The "whichever is higher" construction mirrors GDPR Art.83(5). For large corporations, the turnover-based calculation will exceed the absolute cap. A company with €1 billion annual global turnover faces a maximum €70 million fine — double the absolute cap — for a single Art.5 violation. For a startup with €5 million revenue, the absolute cap of €35 million is orders of magnitude beyond their means, which is why the SME proportionality provision in Art.99(5) matters.

Article 99(3) — Mid-Tier Fine: General Operator Obligations:

Non-compliance with any other provision of this Regulation relating to operators shall be subject to administrative fines of up to EUR 15 000 000 or, if the offender is an undertaking, up to 3 % of its total worldwide annual turnover for the preceding financial year, whichever is higher.

Art.99(3) is the broadest provision and covers violations of:

Art.8–15: High-risk AI system requirements (risk management, data governance, technical documentation, transparency, human oversight, accuracy and robustness)
Art.16–25: Provider obligations (conformity assessment, CE marking, EUID registration, authorized representative designation)
Art.26: Deployer obligations (monitoring, instructions compliance, human oversight implementation)
Art.43: GPAI model provider obligations below systemic risk threshold
Art.46–49: Post-market monitoring, serious incident reporting, NCA cooperation
Art.60: EU AI database registration

The coverage of Art.99(3) means that substantive compliance failures — inadequate risk management systems, missing technical documentation, skipped conformity assessment — all fall here, not in the higher Art.99(2) tier. The distinction matters enormously for compliance prioritization: Art.5 prohibitions are existential (deploy a prohibited system = top-tier fine exposure), while Art.8–15 obligations are operational (inadequate documentation = mid-tier exposure).

Article 99(4) — Information and Documentation Violations:

The supply of incorrect, incomplete or misleading information to notified bodies and national competent authorities in reply to a request shall be subject to administrative fines of up to EUR 7 500 000 or, if the offender is an undertaking, up to 1 % of its total worldwide annual turnover for the preceding financial year, whichever is higher.

Art.99(4) creates a separate penalty track for information-integrity violations. This matters for two reasons:

Investigation cooperation failures: When an NCA launches a market surveillance investigation and requests documentation (under Art.58 investigation powers), providing incomplete or misleading responses triggers Art.99(4), not the general Art.99(3). This is a standalone fine on top of any substantive violation penalty
Notified body relationships: Providing incorrect information during conformity assessment — even if unintentional — falls within Art.99(4)'s scope. Keeping documentation systems audit-ready reduces this exposure

Note: Art.99(4) applies in response to requests. Proactively volunteering incorrect information in registration systems (EU AI database, CE declaration) would more likely fall under Art.99(3) as a violation of specific registration obligations.

Article 99(5) — SME Proportionality:

For SMEs including start-ups, each of the amounts referred to in paragraphs 2, 3 and 4 of this article shall be the lower amount set out in that paragraph.

Art.99(5) fundamentally changes fine exposure for SMEs. Under EU AI Act Art.3(45), SMEs are companies with fewer than 250 employees and annual turnover not exceeding €50 million (or balance sheet not exceeding €43 million). Start-ups without established revenue also qualify.

For SMEs, Art.99(5) mandates that NCAs use the lower of the two amounts in each tier:

Tier	Standard	SME
Art.99(2) — Prohibited practices	Higher of €35M or 7%	Lower of €35M or 7%
Art.99(3) — Other obligations	Higher of €15M or 3%	Lower of €15M or 3%
Art.99(4) — Misleading info	Higher of €7.5M or 1.5%	Lower of €7.5M or 1.5%

For an SME with €10M turnover:

Prohibited practice: capped at €700,000 (7% of €10M, which is lower than €35M)
Other obligations: capped at €300,000 (3% of €10M, lower than €15M)
Misleading info: capped at €150,000 (1.5% of €10M, lower than €7.5M)

This is a proportionality mechanism, not an exemption. SMEs deploying prohibited AI systems still face potential €700,000+ fines — significant for any small company. The practical implication: Art.99(5) does not eliminate fine risk for SMEs, it scales it. A €300,000 fine for inadequate high-risk AI documentation can still be existential for a 20-person startup.

Article 99(6) — Enforcement Competence:

Decisions imposing fines on institutions, bodies, offices and agencies of the Union shall be taken by the Commission. Administrative fines imposed on operators other than institutions, bodies, offices and agencies of the Union shall be imposed by the competent authorities in accordance with this Regulation.

Art.99(6) creates a jurisdictional split:

Private operators (companies, individuals): NCA enforcement in relevant Member State
EU institutions: Commission enforcement — the Commission fines itself or EU bodies, not NCAs
GPAI model providers: AI Office enforcement under Art.101 (separate provision)

For most AI developers, the relevant enforcer is the NCA in the Member State(s) where they place AI systems on the market or put them into service. For providers established outside the EU, the authorized representative's Member State (required under Art.25) determines the primary enforcement jurisdiction.

Article 99(7) — Mitigating and Aggravating Factors:

Art.99(7) lists factors NCAs must consider when deciding whether to impose a fine and how to calculate the amount:

(a) Nature, gravity, and duration of the infringement and its consequences
(b) Whether other supervisory bodies already fined the same operator for the same infringement
(c) Size and market share of the operator
(d) Actual or potential damage caused
(e) Relevant previous infringements by the same operator
(f) Degree of cooperation with competent authorities
(g) Degree of operator responsibility, considering technical and organizational measures implemented
(h) How the infringement became known to authorities, and whether the operator notified the infringement
(i) Use of codes of conduct by the operator
(j) Severity of measures already taken against the operator
(k) Other aggravating or mitigating factors: financial benefits gained or losses avoided from the infringement

The factors in (f), (g), (h), and (i) are particularly actionable for compliance programs:

Factor (f) — Cooperation: Active cooperation with NCAs during market surveillance investigations reduces fine exposure. This means responding to Art.58 requests promptly, providing complete documentation, and not obstructing inspections.

Factor (g) — Technical and organizational measures: A deployed compliance program — risk management system, technical documentation, audit logs, human oversight mechanisms — directly reduces the "degree of responsibility" even if a violation occurred. The GDPR enforcement precedent (where the presence of a DPIA, even an inadequate one, reduced fines) is instructive here.

Factor (h) — Self-notification: Voluntary disclosure of an infringement before NCA discovery is a significant mitigator. This creates a practical incentive structure: if a deployed AI system is later found to have an Art.5 issue, disclosing and correcting it proactively versus waiting for NCA discovery can be the difference between symbolic and maximum fines.

Factor (i) — Codes of conduct: Participation in Art.56 codes of practice (for GPAI models) or Art.95 voluntary codes of conduct reduces fine exposure by demonstrating voluntary commitment to higher standards than the minimum legal requirements.

Art.99 vs Art.101: The GPAI Penalty Track

Art.99 covers operators — providers, deployers, importers, distributors. GPAI model providers have a separate enforcement track under Article 101, which assigns enforcement jurisdiction to the AI Office (not NCAs):

Dimension	Art.99 (Operators)	Art.101 (GPAI Providers)
Enforcer	NCA (national)	AI Office (EU-level)
Fine ceiling (top tier)	€35M / 7%	€35M / 7%
Fine ceiling (mid tier)	€15M / 3%	€15M / 3%
Trigger	Art.5 violations, Art.8-49 failures	Art.53/54 GPAI obligations
CJEU jurisdiction	National + EU courts	CJEU (Art.101(6))
SME proportionality	Art.99(5): lower amount	Art.101 parallel provision

For companies deploying GPAI models (using foundation model APIs to build applications), the Art.99 track applies to their operator obligations. The GPAI model provider (e.g., the foundation model company) faces Art.101 enforcement from the AI Office.

The practical consequence: if a developer uses a GPAI model to build a high-risk AI application, they face potential Art.99 fines for their operator obligations, while the underlying model provider faces potential Art.101 fines for the model's technical compliance. Double-layer enforcement exposure exists across the supply chain.

EU AI Act penalties sit alongside GDPR in the compliance stack for AI systems processing personal data — which includes most high-risk AI systems (biometric identification, health AI, employment AI, credit scoring AI).

Dimension	GDPR Art.83	EU AI Act Art.99
Top-tier fine	€20M / 4% global turnover	€35M / 7% global turnover
Mid-tier fine	€10M / 2% global turnover	€15M / 3% global turnover
Trigger	Data protection violations	AI Act violations
Enforcer	Data Protection Authority	National Competent Authority
EU-level enforcer	EDPB (coordination)	AI Office (for GPAI)
SME proportionality	Via general proportionality	Art.99(5) explicit

EU AI Act fines are higher than GDPR in both tiers. A high-risk AI system that processes personal data and violates both GDPR and the AI Act creates dual penalty exposure from two different supervisory authorities. The Art.74(11) non bis in idem provision limits double-penalizing for the same conduct, but parallel investigations by DPAs and NCAs for related but distinct violations remain possible.

For CLOUD Act analysis: the same jurisdictional question that applies to GDPR compliance applies to AI Act fines — where a company is established, where it processes data, and where it places AI systems on the market all determine enforcement jurisdiction. EU-incorporated entities with EU-located infrastructure face single-jurisdiction exposure; US-incorporated entities with US-located infrastructure that serve EU users face both US and EU regulatory jurisdiction.

Penalty Exposure by Deployment Scenario

Scenario 1: Prohibited AI System (Art.5 Violation)

A company deploys a social scoring system that aggregates behavioral data to assign citizens trustworthiness scores for access to services. This is a textbook Art.5(1)(c) violation.

Exposure: Up to €35M or 7% of global turnover, whichever is higher. For a company with €100M global revenue, maximum exposure is €7M. For a company with €1B global revenue, maximum exposure is €70M. No SME discount applies to the absolute/turnover comparison — only the which is higher/lower calculation changes.

Key factor: For Art.5 violations, the gravity of the infringement (factor (a)) will weigh heavily. Social scoring is one of the practices the Regulation treats as categorically incompatible with EU values — NCA discretion to impose low fines will be constrained by political and policy pressures.

Scenario 2: Missing Technical Documentation (Art.11/Art.16)

A provider of a high-risk AI system (Annex III category) cannot produce the technical documentation required by Art.11 during an NCA market surveillance investigation. The system has been deployed for 18 months with no documentation.

Exposure: Art.99(3) — up to €15M or 3% of global turnover. This is an Art.8–15 obligation violation. The NCA will weigh: 18-month duration (aggravating), no prior infringements (neutral), degree of cooperation with investigation (depends on response), and the degree to which the missing documentation reflects systemic negligence vs. procedural oversight.

Scenario 3: Misleading NCA Response

An NCA requests all technical documentation and risk assessment records for a deployed HR AI system (Annex III, Art.8(1)(h)). The company provides partial records, omitting evidence of bias testing that showed disparate impact on protected groups.

Exposure: Art.99(4) for the misleading response — up to €7.5M or 1.5%. This stacks with potential Art.99(3) liability for the underlying technical obligation violations. The Art.99(7)(h) factor (how the infringement became known) will be negative — NCA-discovered concealment is an aggravating factor.

Scenario 4: SME with Inadequate Conformity Assessment

A 30-person startup with €3M annual revenue places a high-risk AI medical device support tool on the market without completing the Art.43 conformity assessment procedures. It is discovered during an NCA sweep.

Exposure (SME, Art.99(5)): Lower of €15M or 3% of €3M = €90,000. Significant relative to company size, but survivable with proper response. Without SME proportionality, the absolute cap would be €15M — potentially fatal for a €3M company.

Python PenaltyExposureCalculator

from dataclasses import dataclass
from enum import Enum
from typing import Optional

class ViolationTier(Enum):
    PROHIBITED_PRACTICE = "art_99_2"   # Art.5 violations
    OPERATOR_OBLIGATION = "art_99_3"   # Art.8-49 violations
    MISLEADING_INFO = "art_99_4"       # Information integrity violations

@dataclass
class CompanyProfile:
    global_annual_turnover_eur: float
    is_sme: bool
    has_compliance_program: bool = False
    has_voluntary_codes: bool = False
    prior_infringements: int = 0
    self_disclosed: bool = False

@dataclass
class PenaltyExposure:
    violation_tier: ViolationTier
    absolute_cap: float
    turnover_cap: float
    maximum_fine: float
    estimated_likely_fine: float
    smE_adjustment: bool
    mitigating_factors: list[str]
    aggravating_factors: list[str]

TIER_CAPS = {
    ViolationTier.PROHIBITED_PRACTICE: (35_000_000, 0.07),
    ViolationTier.OPERATOR_OBLIGATION: (15_000_000, 0.03),
    ViolationTier.MISLEADING_INFO: (7_500_000, 0.015),
}

def calculate_penalty_exposure(
    profile: CompanyProfile,
    tier: ViolationTier,
    infringement_gravity: float = 0.5,  # 0.0 (minimal) to 1.0 (maximum)
) -> PenaltyExposure:
    absolute_cap, turnover_rate = TIER_CAPS[tier]
    turnover_cap = profile.global_annual_turnover_eur * turnover_rate

    if profile.is_sme:
        # Art.99(5): use lower amount for SMEs
        maximum_fine = min(absolute_cap, turnover_cap)
        sme_adj = True
    else:
        # Standard: whichever is higher
        maximum_fine = max(absolute_cap, turnover_cap)
        sme_adj = False

    # Mitigating and aggravating factor modifiers
    mitigation_score = 1.0
    mitigating: list[str] = []
    aggravating: list[str] = []

    if profile.has_compliance_program:
        mitigation_score -= 0.20
        mitigating.append("Technical/organisational measures in place (Art.99(7)(g))")

    if profile.self_disclosed:
        mitigation_score -= 0.25
        mitigating.append("Self-disclosed infringement to NCA (Art.99(7)(h))")

    if profile.has_voluntary_codes:
        mitigation_score -= 0.10
        mitigating.append("Participation in codes of conduct (Art.99(7)(i))")

    if profile.prior_infringements > 0:
        mitigation_score += 0.15 * profile.prior_infringements
        aggravating.append(f"Prior infringement history: {profile.prior_infringements} (Art.99(7)(e))")

    # Gravity adjustment
    base_fine_fraction = 0.1 + (0.9 * infringement_gravity)
    estimated_fine = maximum_fine * base_fine_fraction * max(0.1, mitigation_score)

    return PenaltyExposure(
        violation_tier=tier,
        absolute_cap=absolute_cap,
        turnover_cap=turnover_cap,
        maximum_fine=maximum_fine,
        estimated_likely_fine=min(estimated_fine, maximum_fine),
        smE_adjustment=sme_adj,
        mitigating_factors=mitigating,
        aggravating_factors=aggravating,
    )

def print_exposure_report(profile: CompanyProfile, tier: ViolationTier, gravity: float = 0.5):
    exposure = calculate_penalty_exposure(profile, tier, gravity)
    print(f"=== Penalty Exposure Report: {tier.value} ===")
    print(f"Company turnover: €{profile.global_annual_turnover_eur:,.0f}")
    print(f"SME status: {'Yes (Art.99(5) lower amount)' if exposure.smE_adjustment else 'No (higher amount)'}")
    print(f"Absolute cap: €{exposure.absolute_cap:,.0f}")
    print(f"Turnover cap ({TIER_CAPS[tier][1]*100:.1f}%): €{exposure.turnover_cap:,.0f}")
    print(f"Maximum fine: €{exposure.maximum_fine:,.0f}")
    print(f"Estimated likely fine (gravity={gravity}): €{exposure.estimated_likely_fine:,.0f}")
    print(f"Mitigating: {exposure.mitigating_factors}")
    print(f"Aggravating: {exposure.aggravating_factors}")

# Examples
large_corp = CompanyProfile(
    global_annual_turnover_eur=500_000_000,
    is_sme=False,
    has_compliance_program=True,
    prior_infringements=0
)

sme_startup = CompanyProfile(
    global_annual_turnover_eur=5_000_000,
    is_sme=True,
    has_compliance_program=False,
    self_disclosed=True
)

print_exposure_report(large_corp, ViolationTier.PROHIBITED_PRACTICE, gravity=0.8)
# Max fine: €35M (7% of €500M = €35M — equal!). Estimated: ~€21M
print_exposure_report(sme_startup, ViolationTier.OPERATOR_OBLIGATION, gravity=0.5)
# SME: lower of €15M or €150,000 = €150,000. Estimated: ~€50,000 with self-disclosure

The Infrastructure Jurisdiction Dimension

Art.99 fines are imposed by the NCA of the Member State(s) where an AI system is placed on the market or put into service. For operators with EU-located infrastructure, this creates a single primary jurisdiction. For operators with US-located infrastructure serving EU users, enforcement complexity increases.

The CLOUD Act creates a specific interaction: US legal process can compel US cloud providers to disclose AI system data held outside the US, including the technical documentation, training data records, and audit logs that NCAs request under Art.58. An NCA investigating a potential Art.99(3) violation — inadequate technical documentation — may receive a partial picture if core infrastructure records are under US jurisdiction and subject to conflicting disclosure obligations.

EU-native cloud infrastructure eliminates this jurisdictional complexity for documentation access:

Art.58 NCA requests go to EU-incorporated entities operating under EU law
No CLOUD Act conflict for technical records held in EU
Art.64 access rights (NCA access to data and documentation) are exercisable without cross-border legal complexity

This is not a guarantee against Art.99 liability — it is a reduction in procedural risk during enforcement proceedings. An NCA that can access complete documentation quickly may conclude investigations faster and with more precise calibration of mitigating factors.

How Art.99 Fines Are Actually Calculated in Practice

Looking at the GDPR enforcement record — where Art.83's penalty framework is structurally similar — patterns emerge for how Art.99 will likely be applied:

Small fines for procedural violations: Missing or incomplete records, delayed notifications, minor documentation gaps — typically 1–5% of the maximum. For a company with €50M turnover, this means Art.99(3) fines in the €15,000–€75,000 range for procedural failures without substantive harm.

Mid-range fines for systemic failures: A risk management system that never functioned, deployer monitoring that was never implemented, conformity assessment that was bypassed rather than just inadequately conducted — 20–50% of maximum. For the same company: €300,000–€750,000 range.

High fines for prohibited practices: Art.5 violations, especially at scale, will attract the upper range. The intentionality of using a prohibited system (not a good-faith misclassification) will push NCA discretion toward maximum. Large companies that deployed social scoring or realtime biometric identification knowingly should model exposure at 50–100% of maximum.

The self-disclosure factor is substantial: GDPR enforcement precedent shows that voluntary disclosure and cooperation can reduce fines by 25–40% in documented cases. The Art.99(7)(h) factor makes this explicit. For operators who identify a potential violation during internal compliance reviews, the calculation favors self-disclosure over waiting for NCA discovery.

25-Item Developer Compliance Checklist: Art.99 Risk Reduction

Prohibited Practice Audit (Art.99(2) / Art.5)

1. Map all Art.5 categories: Review your AI system portfolio against the eight Art.5 prohibitions — subliminal manipulation, vulnerability exploitation, social scoring, biometric identification (real-time/post-remote), emotion recognition (workplace/education), biometric categorization for sensitive attributes
2. Document classification decisions: For any system near Art.5 categories, document the analysis concluding it does not fall within a prohibition. The documentation is both compliance evidence and risk management
3. Check for real-time biometric ID components: Any system with biometric recognition in publicly accessible spaces requires specific legal basis under Art.5(2)-(4). Document the exception basis explicitly
4. Review third-party component exposure: Does any component from vendors, APIs, or open-source libraries implement Art.5-adjacent functionality? Due diligence on the full stack

Technical Compliance Documentation (Art.99(3) / Art.8-15)

5. Technical documentation completeness: For each high-risk AI system, maintain Art.11 documentation covering system description, design choices, performance metrics, and intended use
6. Risk management system evidence: Demonstrable implementation of the Art.9 risk management cycle, including iterative testing and residual risk acceptance decisions
7. Data governance records: Art.10 training data documentation — origin, selection criteria, bias assessment, processing operations
8. Transparency records: Art.13 instructions for use, Art.14 human oversight implementation procedures — documented and accessible
9. Conformity assessment completion: Art.43 conformity assessment for Annex III systems — self-assessment with technical file or third-party notified body assessment depending on category
10. EU AI database registration: Art.60 EUID registration for Annex III systems pre-market placement
11. Post-market monitoring plan: Art.72 plan established and operational — not just documented but actively collecting performance data
12. Serious incident reporting procedure: Art.65 15-day NCA notification procedure documented and tested — who decides, who reports, what format

Information Integrity (Art.99(4))

13. NCA request response protocol: Defined process for responding to Art.58 NCA investigation requests — who is responsible, what records exist, what the escalation path is
14. Notified body communication records: If conformity assessment involved a notified body, maintain all communications and ensure no materially incorrect information was provided
15. Declaration of Conformity accuracy: Art.48 DoC — ensure all statements in the declaration are accurate and current. Out-of-date DoCs can become Art.99(4) exposure if relied on by NCAs

Mitigating Factor Activation

16. Compliance program documentation: Maintain evidence of your Art.9 risk management system, compliance policies, and training — this is Art.99(7)(g) technical/organizational measures
17. Voluntary code participation: Consider Art.95 voluntary codes of conduct or Art.56 CoP participation — Art.99(7)(i) explicitly cites this as a mitigating factor
18. Self-disclosure decision protocol: Define your threshold for voluntary NCA disclosure — issues identified in internal audit vs. issues that are likely to cause harm. Self-disclosure at the right stage significantly reduces fine risk
19. Cooperative response posture: Train legal and technical teams on NCA cooperation — Art.99(7)(f) cooperation factor reduces exposure if you demonstrate it in practice
20. Internal audit schedule: Regular Art.9 risk management reviews create the paper trail showing ongoing technical/organizational measure maintenance

SME-Specific and Operational

21. Confirm SME status: If you qualify under Art.3(45), document this — NCAs must apply Art.99(5)'s lower-amount rule, but you need to establish SME status
22. Model GPAI exposure separately: If you deploy GPAI APIs, assess your Art.43/46-49 obligations and understand that your operator Art.99 exposure is separate from the GPAI provider's Art.101 exposure
23. Multi-jurisdiction fine calculation: For cross-border deployments, map which NCAs have enforcement jurisdiction — Art.74(11) prevents double-fining for the same conduct, but requires coordination
24. Insurance assessment: Consider whether professional liability or tech E&O insurance covers AI Act administrative fine exposure — some policies do not cover regulatory fines
25. Regular Art.99 exposure re-assessment: As your system evolves, re-run the penalty exposure calculation. System modifications that change classification (e.g., adding biometric features) can shift you from Art.99(3) to Art.99(2) exposure

The Art.99 Framework in the Context of sota.io

For companies hosting AI systems on EU-sovereign infrastructure, Art.99's penalty regime interacts with enforcement practicalities in a specific way. NCA investigations under Art.58 require access to documentation, system logs, and potentially source code. EU-native infrastructure means:

Single legal order for documentation access: NCAs operate under EU procedural law — no CLOUD Act conflict for records access
Audit log availability: Mandatory Art.72 post-market monitoring logs are within NCA jurisdiction from day one
Serious incident traceability: Art.65 incident notification, when required, can be supported with complete infrastructure-side logs
Art.99(7)(g) factor support: Documented infrastructure compliance choices contribute to the "technical and organisational measures" mitigating factor

None of this eliminates Art.99 liability. It reduces the procedural complexity of enforcement interactions and supports the mitigating factors that influence fine calibration.