Future TechnologyFuture Technology
Privacy & Regulation

EU's toughest AI Act rules take effect 2 August, fines up to 7% of turnover

· 2 min read · By Nath Connell

Full enforcement of the EU AI Act's high-risk provisions begins 2 August 2026 (CEST), and the penalties attached are steeper than GDPR's: up to €35 million or 7% of global annual turnover for the most serious violations, compared with GDPR's €20 million or 4% ceiling.

Separately, the European Data Protection Board has made the right to erasure under GDPR Article 17 a key enforcement priority this year, and regulators are increasingly testing websites proactively rather than waiting for complaints.

Why this matters: if your organisation builds or deploys AI systems that touch EU users, even from outside the EU, the compliance clock is now running under a tighter deadline than most GDPR-only obligations.

Get the Cybersecurity & Privacy Digest

The week's biggest breaches, patches and privacy news, every Friday.

Subscribe free →