What happens if you ignore the EU AI Act

# What happens if you ignore the EU AI Act

Most SaaS founders know the EU AI Act exists. Most are betting they can deal with it later. Here is what "later" actually looks like.

The fines

Article 99 of Regulation (EU) 2024/1689 sets three tiers of penalties:

Prohibited AI practices (Article 5 violations): up to 35 million EUR or 7% of global annual turnover, whichever is higher.

High risk system obligations (Annex III, Articles 6 through 49): up to 15 million EUR or 3% of global annual turnover.

Transparency violations (Article 50): up to 7.5 million EUR or 1% of global annual turnover.

For a SaaS doing 2 million EUR in annual revenue, that 1% floor means 20,000 EUR for a transparency violation. For a 10 million EUR company, 100,000 EUR. These are not theoretical maximums written to scare people. National market surveillance authorities have enforcement budgets and mandate to use them.

The enforcement timeline

The EU AI Act entered into force on 1 August 2024. Enforcement is phased:

• 2 February 2025: Prohibited AI practices enforceable
• 2 August 2025: General purpose AI model obligations enforceable
• 2 August 2026: High risk system obligations and Article 50 transparency obligations enforceable

August 2, 2026 is the date that matters for most SaaS companies. If your product uses AI and you serve EU customers, Article 50 transparency obligations and potentially Annex III high risk requirements apply from that date.

Who enforces it

Each EU member state must designate at least one national competent authority and one market surveillance authority. In practice this means 27 separate regulators across the EU, each with their own interpretation and enforcement priorities.

France has CNIL (data protection) and is building AI specific enforcement capacity. Germany has BNetzA for general purpose AI and individual state authorities for sector specific enforcement. Ireland, where many US SaaS companies have their EU entity, will have its own authority.

If your SaaS serves customers across EU member states, multiple regulators could have jurisdiction.

The real risk is not the fine

For a SaaS company, the actual damage from non compliance is not the penalty. It is what happens to your sales pipeline.

Enterprise buyers in the EU are adding AI Act compliance to their procurement checklists. If you cannot produce an Article 50 transparency disclosure, a risk classification for your AI features, and documentation of your compliance approach, you do not make the shortlist.

This is already happening. Q1 2026 saw the first wave of RFPs that include EU AI Act compliance as a gating requirement. By Q3 2026, after the August deadline passes, it will be standard.

Every week you delay compliance is a week your competitors can use it as a sales advantage against you.

What non compliance actually looks like

A SaaS that ignores the EU AI Act after August 2, 2026 faces this sequence:

Month 1 to 6: Nothing visible happens. Regulators are building capacity. Enterprise customers start asking questions you cannot answer. You lose two deals you would have won.

Month 6 to 12: A competitor mentions your non compliance in a sales conversation. Your largest EU customer's legal team sends a formal inquiry about your AI Act status. You scramble to respond.

Month 12 to 18: A market surveillance authority sends a formal request for information. You have 30 days to respond with documentation you do not have. The legal fees to respond properly exceed what compliance would have cost.

Month 18 to 24: Enforcement action. Public record. Every prospect who searches your company name sees it.

This is not speculation. This is how GDPR enforcement played out between 2018 and 2020 for companies that assumed regulators would not act.

What compliance actually requires

For most SaaS companies, the obligations are:

1. Classify your AI features under Annex III to determine if any qualify as high risk
2. Determine if you are a provider or deployer under the Act's definitions
3. Add Article 50 transparency disclosures to your UI where users interact with AI
4. Document your compliance approach in a format you can share with customers and regulators
5. Set up an incident reporting process for serious AI incidents

This is not a multi year governance program. For a typical SaaS with one or two AI features, the entire process takes days, not months.

The cost of waiting

Every month you delay increases the cost:

• Today: A structured audit costs under 1,000 EUR and takes 5 business days
• July 2026: Every compliance provider is booked. Prices increase. Timelines stretch.
• September 2026: You are non compliant. Emergency work costs 5x to 10x more. Legal exposure is live.

The August 2, 2026 deadline is not moving. The regulation is published. The text is final. Waiting for "clarity" means waiting for enforcement.

What to do now

Start with the transparency obligations. They apply to the broadest set of AI systems and they are the easiest to implement. Add Article 50 disclosures to your product UI. Classify your AI features under Annex III. Document everything.

If you want to do it yourself, our open source EU AI Act checklist covers all 47 items across 5 compliance phases: github.com/GatisOzols/eu-ai-act-checklist

If you want it done for you, Disclos runs fixed scope EU AI Act audits for SaaS. 997 EUR, 5 business days, refund guarantee tied to the August deadline: disclos.eu/audit

Last updated: 2026-06-04