EU AI Act High-Risk Classification and Article 99 Penalties: A UK Evidence Guide

Jason Holloway
eu-ai-act article-99 ai-act-penalties high-risk-classification ai-act-preparedness

EU AI Act penalties are not a flat fine you can budget for in advance. They scale to the seriousness of the breach and the obligation tier you sit in, which means your system’s classification determines your exposure before a single document is reviewed. A high-risk classification under the EU AI Act is the moment your potential liability changes shape, and most UK organisations placing AI systems on the EU market have not yet connected that classification to the records they would need to produce.

Recent competitor commentary has reframed the Act as a market-access advantage. That framing is fair as far as it goes, but it stays abstract on the part that matters: what a UK regulator actually expects you to evidence when an enquiry lands. This post focuses on the penalties. We tie Article 99 administrative fines to the concrete AI management system records a high-risk classification demands, and we show where an ISO 42001 system maps to those obligations. It is general guidance, not legal advice.

What Article 99 actually fines you for

Article 99 sets administrative fines up to 35 million euro or 7 percent of global annual turnover for prohibited AI practices, whichever is higher. Most other obligation breaches carry fines up to 15 million euro or 3 percent of turnover. Supplying incorrect, incomplete or misleading information to authorities attracts up to 7.5 million euro or 1 percent.

The structure rewards reading. The headline 35 million euro figure attaches to the prohibited practices, the AI uses that the Act bans outright. Far more UK organisations will sit inside the middle tier, where obligation breaches for high-risk systems carry the 15 million euro or 3 percent ceiling. That tier is where classification and penalty meet, because the obligations you breach are precisely the ones a high-risk designation imposes.

The third tier is the one organisations overlook. Giving a regulator incorrect, incomplete or misleading information during an enquiry is itself a finable offence, up to 7.5 million euro or 1 percent of turnover. An organisation that cannot produce clean records is not only exposed on the underlying breach; it is exposed again on the quality of its response.

How a high-risk classification changes your obligations

A high-risk classification triggers obligations including a risk management system, data governance, technical documentation, record-keeping, human oversight and a conformity assessment before market placement. UK firms placing such systems on the EU market remain in scope. Failure to meet these duties exposes them to the higher fine tiers under Article 99.

Classification is not paperwork. It is the switch that activates a defined set of duties, each of which generates evidence a regulator can ask to see. A risk management system is not a policy you write once; it is a process you run continuously and date as you go. Technical documentation must describe the system in enough detail for an authority to assess conformity. Human oversight must be designed in, not asserted after the fact.

The conformity assessment is the gate. For high-risk systems, you must complete it before the system reaches the EU market, not in response to a complaint. A UK organisation that ships first and documents later has already inverted the obligation the Act imposes, and that inversion is exactly what the higher fine tiers are built to penalise.

This is why classification determines exposure. Two organisations running similar AI tools can face entirely different penalty ceilings purely on the basis of how their systems classify. Knowing your classification is the first control, because it tells you which tier of Article 99 you are defending against. For how systems fall into scope in the first place, our high-risk classification guide sets out the Article 6 test in detail.

What evidence proves compliance to a regulator

Regulators expect dated, traceable records rather than policy statements: technical documentation, risk assessments, data governance logs, human oversight procedures and conformity assessment results. An ISO 42001 AI management system organises this evidence into an auditable trail, letting a UK organisation demonstrate continuous control rather than reconstruct compliance after an enquiry.

The distinction between demonstrating and reconstructing is the whole game. A policy statement asserts that you intend to manage risk. A dated risk assessment, revised on a schedule and linked to specific system changes, proves that you did. Regulators favour the second because it cannot be produced retrospectively without leaving gaps a trained assessor will find.

This is where ISO 42001 earns its place. The standard structures an AI management system around the same obligation areas the Act names: risk, data governance, documentation, oversight and assessment. The mapping is direct enough that the records an ISO 42001 system generates as a matter of routine are the records a high-risk classification demands. You are not building two systems; you are building one and pointing it at both purposes. Our EU AI Act preparedness guide sets out the full obligation picture ahead of the August 2026 deadline.

The practical effect is that compliance stops being a defensive scramble and becomes an audit trail you maintain in the ordinary course of operating. When the enquiry comes, you are demonstrating control rather than rebuilding it under pressure, which also keeps you clear of the third Article 99 tier on incomplete information.

Key questions on EU AI Act penalties

Does the EU AI Act apply to UK organisations after Brexit?

Yes. The Act applies on a market-access basis, not a territorial one. A UK organisation that places an AI system on the EU market, or whose system output is used in the Union, falls within scope regardless of where the organisation is established. Brexit removed the UK from the EU but not from the Act’s reach where EU market activity is involved.

How is the percentage-based fine calculated?

The percentage applies to total worldwide annual turnover for the preceding financial year, and the regulator imposes whichever is higher between the percentage and the fixed euro figure. For a large group, the percentage will almost always exceed the cap, which is why turnover, not headline revenue from the AI system itself, drives the real exposure.

When should we start building the evidence trail?

Before market placement, because the conformity assessment for a high-risk system is a precondition of placing it on the EU market rather than a response to scrutiny. Starting after deployment means reconstructing records you should have generated as you built, which both weakens the evidence and exposes you to the higher obligation tiers under Article 99.

Map your obligations to a defensible evidence trail

If you are placing AI systems on the EU market and are unsure which Article 99 tier you are defending against, book an AI Act readiness review with QL Security. We map your high-risk obligations to a defensible evidence trail, so you can demonstrate control rather than reconstruct it. Book your readiness review.