— Edition 1.247 33 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 455 penalties documented 455 AML/OFAC penalties documented across 177 countries and 401 regula… CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones 6 milestones in Spain's DSA Coordinator rollout; as of May 2026 still… Corporate data breaches: from incident to response — 7 breaches documented 7 corporate data breaches documented by notification conduct and outc… Digital regulatory risk index by country — 16 countries profiled 16 countries profiled by digital regulatory risk (coverage expanded w… DMA · designated gatekeepers and real compliance — 8 documented DMA acts 8 acts in the DMA gatekeeper regime: 7 designated, first final fines … Global election risk 2026: democracy and digita… — 22 elections profiled 22 2026 elections profiled by political regime (EIU) and digital envi… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Documented electoral disinformation 2026 — 5 documented campaigns 5 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 9 authorities profiled 9 national authorities profiled; ~€7.1bn in GDPR fines since 2018, bu… Digital political ad spending 2026 — 5 country-platform observ… 5 observations of digital political ad spending in 2026 elections, me… US · the state AI regulation patchwork — 8 laws and milestones 8 laws and milestones in the US AI patchwork; with no comprehensive f… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Power and corruption in the courts in Ibero-Ame… — 29 documented cases 29 senior officials prosecuted for corruption across 19 countries, wi… Crypto industry: collapses, sanctions and convi… — 10 documented cases 10 crypto-sector collapse, sanction and conviction cases across 4 cou… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… AI harms in court — litigation, rulings and set… — 100 documented cases 100 litigated AI-harm cases across 25 jurisdictions on 5 continents, … Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Scandal → conviction gap — — milestones logged Series starting — Odebrecht/Lava Jato as base case Technology ↔ regulation gap — 25 regulatory milestones 25 milestones across 11 jurisdictions; gaps from 0 to 22 years; Chile… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents Digital fines actually imposed — 60 sanctions recorded 60 high-value sanctions across 17 jurisdictions and 6 continents; cov… EU AI Act — designation of national authorities — 3 / 27 Member States Art. 70 deadline expired 2 Aug 2025 — process still open AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Designation process opened 2 Aug 2025 · high-risk deadline Aug 2026 AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… Only 3 of 27 MS with both authorities designated by early 2026 EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep LATAM · Internet shutdowns and platform blocks — 7 documented events · 202… Venezuela concentrates the region's most severe blocks LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… X complied with the orders and was reinstated after 39 days of suspen… Commercial spyware: documented cases worldwide — 22 documented cases 22 verified commercial-spyware cases across 12 countries on four cont… RSF · Press freedom in Latin America — 144 worst regional rank (Pe… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 LATAM · AI bills in legislative process — 150+ bills identified Niubox January 2026 — only 4 Iberoamerican countries with law in force AML/OFAC enforcement against banks and fintech — 455 penalties documented 455 AML/OFAC penalties documented across 177 countries and 401 regula… CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones 6 milestones in Spain's DSA Coordinator rollout; as of May 2026 still… Corporate data breaches: from incident to response — 7 breaches documented 7 corporate data breaches documented by notification conduct and outc… Digital regulatory risk index by country — 16 countries profiled 16 countries profiled by digital regulatory risk (coverage expanded w… DMA · designated gatekeepers and real compliance — 8 documented DMA acts 8 acts in the DMA gatekeeper regime: 7 designated, first final fines … Global election risk 2026: democracy and digita… — 22 elections profiled 22 2026 elections profiled by political regime (EIU) and digital envi… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Documented electoral disinformation 2026 — 5 documented campaigns 5 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 9 authorities profiled 9 national authorities profiled; ~€7.1bn in GDPR fines since 2018, bu… Digital political ad spending 2026 — 5 country-platform observ… 5 observations of digital political ad spending in 2026 elections, me… US · the state AI regulation patchwork — 8 laws and milestones 8 laws and milestones in the US AI patchwork; with no comprehensive f… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Power and corruption in the courts in Ibero-Ame… — 29 documented cases 29 senior officials prosecuted for corruption across 19 countries, wi… Crypto industry: collapses, sanctions and convi… — 10 documented cases 10 crypto-sector collapse, sanction and conviction cases across 4 cou… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… AI harms in court — litigation, rulings and set… — 100 documented cases 100 litigated AI-harm cases across 25 jurisdictions on 5 continents, … Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Scandal → conviction gap — — milestones logged Series starting — Odebrecht/Lava Jato as base case Technology ↔ regulation gap — 25 regulatory milestones 25 milestones across 11 jurisdictions; gaps from 0 to 22 years; Chile… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents Digital fines actually imposed — 60 sanctions recorded 60 high-value sanctions across 17 jurisdictions and 6 continents; cov… EU AI Act — designation of national authorities — 3 / 27 Member States Art. 70 deadline expired 2 Aug 2025 — process still open AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Designation process opened 2 Aug 2025 · high-risk deadline Aug 2026 AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… Only 3 of 27 MS with both authorities designated by early 2026 EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep LATAM · Internet shutdowns and platform blocks — 7 documented events · 202… Venezuela concentrates the region's most severe blocks LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… X complied with the orders and was reinstated after 39 days of suspen… Commercial spyware: documented cases worldwide — 22 documented cases 22 verified commercial-spyware cases across 12 countries on four cont… RSF · Press freedom in Latin America — 144 worst regional rank (Pe… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 LATAM · AI bills in legislative process — 150+ bills identified Niubox January 2026 — only 4 Iberoamerican countries with law in force
/ trackers / ai-act-sanctions-regime
EU · AI Act · Penalties (Art. 99)

AI Act · Sanctions regime and its actual enforcement

Tracking the penalty regime of Regulation (EU) 2024/1689 (AI Act) under Chapter XII (Arts. 99-101) and its actual enforcement by national market surveillance authorities. The AI Act sets three fine tiers: up to €35M or 7% of worldwide turnover for prohibited practices (Art. 5), up to €15M or 3% for breaching operator or notified-body obligations, and up to €7.5M or 1% for incorrect or misleading information. But enforcement depends on each Member State designating its competent authorities and notifying its national penalty rules — and as of May 2026 most had not completed this. This tracker logs both the legal architecture of the sanctions and the enforcement gap: fines have existed on paper since February 2025 (for prohibited practices), but no AI Act penalty is documented and publicly verifiable to date. Diálogo Ciudadano records each sanctioning milestone and each effective fine as they appear with verifiable sources.

Snapshot · May 21, 2026
0
documented AI Act fines · regime in force since Feb 2025 (Art. 5)
→ Only 3 of 27 MS with both authorities designated by early 2026

Evolution

Data analysis

Statistical readings derived from the attributes of each recorded case. All figures come from the documented events; amounts are computed only over cases with a sum expressed in the indicated currency, without converting between currencies.

Milestones by type

Nature of each milestone in the AI Act's sanctions regime (authority designation, applicable prohibitions, national implementation law…).

Reading the data

The EU AI Act's sanctioning regime has been in force since February 2025 and provides for fines of up to €35 million or 7% of global turnover. Number of fines actually imposed to date: zero.

YV
Yaneth Vickari S. · Digital regulation expert · Madrid
June 1, 2026 · 3 min read

The EU AI Act brings the world's most severe sanctioning regime for artificial-intelligence systems: up to €35 million or 7% of global turnover for the prohibited practices of Article 5, applicable since February 2025. This tracker follows its actual enforcement, and the central data point is the gap between the legal threat and the practice: as of today, no fine is on record.

This is not necessarily a failure. A newly launched sanctioning regime first needs member states to designate their supervisory authorities and pass their national implementing laws —steps this tracker also records and which are still running late. The absence of fines in 2025-2026 reflects the administrative start-up more than deliberate inaction; the value of following it is precisely to capture the moment the first sanction arrives.

Methodology note

Each milestone records its legal basis in Regulation (EU) 2024/1689, the applicable fine threshold and the number of sanctions actually issued. While that number is zero, the tracker documents the prior phase: deadlines, designations and national laws.

Assessments are attributed to the cited authorities or rules, never to this outlet.

Documented events (5)

February 4, 2026 IE confirmed

Ireland publishes its AI Act implementation law

On 4 February 2026, Ireland published the Regulation of Artificial Intelligence Act 2026, the national law that will implement the AI Act's provisions. The Irish approach establishes the AI Office of Ireland (Oifig Náisiúnta na hIntleachta Saorga), to act as central coordinator and single point of contact (Art. 70), aiming to be operational by 2 August 2026. Ireland adopts a distributed regulatory model with 15 competent authorities across financial, regulatory, consumer, health, utility, and telecom sectors. It is one of the few Member States with a clearly defined enforcement architecture ahead of the high-risk deadline.

Future of Privacy Forum · Red Lines under the EU AI Act ↗ Technology's Legal Edge · State of the Act ↗
August 2, 2026 EU confirmed

2 August 2026: the bulk of the penalty regime becomes enforceable (barring Omnibus)

On 2 August 2026 — unless the Digital Omnibus is formally adopted beforehand — the AI Act's high-risk obligations become fully applicable and the associated penalties become enforceable, as do penalties for GPAI providers (Art. 101, the Commission's exclusive competence). From that date, national market surveillance authorities can investigate non-compliance, request information from providers and deployers, and order corrective measures. The Art. 99 regime closely mirrors GDPR Art. 83(2) fine-calculation framework, so data protection authorities already have experience applying this type of analysis. This is a prospective event: it is logged as an announced milestone and will be updated when it materializes or when the Omnibus modifies it.

Lexara · EU AI Act Penalties ↗ Matproof · EU AI Act Fines and Penalties ↗
January 14, 2026 EU confirmed

By early 2026, only 3 of 27 MS had designated both competent authorities

According to Future of Life Institute tracking and the IAPP directory, by early 2026 — five months past the deadline — only three Member States had designated both their notifying and market surveillance authorities. Ten had pending legislative proposals or a single designated authority ('partial clarity'), and fourteen had designated none. Ireland is among the most advanced, with 15 competent authorities designated in a sector-distributed model and nine fundamental-rights authorities. Germany designated the Bundesnetzagentur as its main market surveillance authority. The Commission published an initial list of around 2,000 notified market surveillance authorities EU-wide, reflecting the highly decentralized and fragmented nature of enforcement.

Future of Life Institute · AI Act national implementation plans ↗ IAPP · EU AI Act Regulatory Directory ↗
August 2, 2025 EU confirmed

Authority designation deadline and penalty regime application date

2 August 2025 was the deadline for Member States to designate their national competent authorities (at least one notifying and one market surveillance authority, Art. 70) and notify the Commission of their national penalty rules (Art. 99.2). From that date, prohibited practices became enforceable by the designated authorities. But the regime has a structural gap: as DLA Piper notes, absent enforcement measures implemented at national level, it is unclear that regulators have the powers to apply the Art. 99 fines. GPAI provider penalties were postponed to 2 August 2026, aligning with the Commission's powers over those models.

DLA Piper · Latest wave of obligations under the EU AI Act take effect ↗
February 2, 2025 EU confirmed

Prohibited practices (Art. 5) become applicable across all 27 MS

On 2 February 2025 the Art. 5 AI Act prohibitions became applicable across all 27 Member States: subliminal manipulation, exploitation of vulnerabilities, social scoring, real-time remote biometric identification for law enforcement (with limited exceptions), among other practices deemed incompatible with fundamental rights. Two days later, on 4 February, the Commission published guidelines breaking down each prohibition into cumulative conditions with practical examples. Breaching these prohibitions is the most serious AI Act infringement: up to €35M or 7% of worldwide annual turnover.

Future of Privacy Forum · Red Lines under the EU AI Act ↗ FireTail · Article 5 and the EU AI Act's Absolute Red Lines ↗

Methodology

Type
event-log
Construction
DC editorial construction
Cadence
monthly

Sources consulted

  1. AI Act · Capítulo XII · Art. 99 (Penalties) ↗ official

    Legal framework for sanctions. Art. 99 (fines for operators), Art. 100 (fines for EU institutions by the European Data Protection Supervisor), Art. 101 (fines for GPAI providers by the Commission).

  2. AI Act Service Desk · European Commission · Art. 99 ↗ official

    Official text of Art. 99 maintained by the European Commission. Authoritative primary source of the sanctions regime.

  3. Future of Life Institute · AI Act national implementation plans ↗ civil-society

    Tracking of competent-authority designation status by member state — a prerequisite for Art. 99 sanctions to be enforceable.

  4. IAPP · EU AI Act Regulatory Directory ↗ civil-society

    Directory of competent authorities responsible for implementing and enforcing the AI Act, with designation status by country. Updated periodically.

  5. Future of Privacy Forum · Red Lines under the EU AI Act ↗ academic

    Analysis of the designation status of market-surveillance authorities and of the decentralized enforcement approach for prohibited practices.