— Edition 1.247 52 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7
/ trackers / ai-act-sanctions-regime
EU · AI Act · Penalties (Art. 99)

AI Act · Sanctions regime and its actual enforcement

Tracking the penalty regime of Regulation (EU) 2024/1689 (AI Act) under Chapter XII (Arts. 99-101) and its actual enforcement by national market surveillance authorities. The AI Act sets three fine tiers: up to €35M or 7% of worldwide turnover for prohibited practices (Art. 5), up to €15M or 3% for breaching operator or notified-body obligations, and up to €7.5M or 1% for incorrect or misleading information. But enforcement depends on each Member State designating its competent authorities and notifying its national penalty rules — and as of May 2026 most had not completed this. This tracker logs both the legal architecture of the sanctions and the enforcement gap: fines have existed on paper since February 2025 (for prohibited practices), but no AI Act penalty is documented and publicly verifiable to date. Diálogo Ciudadano records each sanctioning milestone and each effective fine as they appear with verifiable sources.

Snapshot · June 8, 2026
0
documented AI Act fines · regime in force since Feb 2025 (Art. 5)
→ 0 AI Act penalties issued to date: enforcement of high-risk obligations starts August 2, 2026. Update: the 'AI Act Omnibus' agreement (May 7, 2026) clarifies rules, extends deadlines and introduces rules on AI-generated intimate content (effective Dec 2, 2026). Fines up to €35M or 7% of worldwide turnover

Evolution

Data analysis

Statistical readings derived from the attributes of each recorded case. All figures come from the documented events; amounts are computed only over cases with a sum expressed in the indicated currency, without converting between currencies.

Milestones by type

Nature of each milestone in the AI Act's sanctions regime (authority designation, applicable prohibitions, national implementation law…).

Reading the data

The EU AI Act's sanctioning regime has been in force since February 2025 and provides for fines of up to €35 million or 7% of global turnover. Number of fines actually imposed to date: zero.

YV
Yaneth Vickari S. · Digital regulation expert · Madrid
June 1, 2026 · 3 min read

The EU AI Act brings the world's most severe sanctioning regime for artificial-intelligence systems: up to €35 million or 7% of global turnover for the prohibited practices of Article 5, applicable since February 2025. This tracker follows its actual enforcement, and the central data point is the gap between the legal threat and the practice: as of today, no fine is on record.

This is not necessarily a failure. A newly launched sanctioning regime first needs member states to designate their supervisory authorities and pass their national implementing laws —steps this tracker also records and which are still running late. The absence of fines in 2025-2026 reflects the administrative start-up more than deliberate inaction; the value of following it is precisely to capture the moment the first sanction arrives.

Methodology note

Each milestone records its legal basis in Regulation (EU) 2024/1689, the applicable fine threshold and the number of sanctions actually issued. While that number is zero, the tracker documents the prior phase: deadlines, designations and national laws.

Assessments are attributed to the cited authorities or rules, never to this outlet.

Documented events (6)

February 4, 2026 IE confirmed

Ireland publishes its AI Act implementation law

On 4 February 2026, Ireland published the Regulation of Artificial Intelligence Act 2026, the national law that will implement the AI Act's provisions. The Irish approach establishes the AI Office of Ireland (Oifig Náisiúnta na hIntleachta Saorga), to act as central coordinator and single point of contact (Art. 70), aiming to be operational by 2 August 2026. Ireland adopts a distributed regulatory model with 15 competent authorities across financial, regulatory, consumer, health, utility, and telecom sectors. It is one of the few Member States with a clearly defined enforcement architecture ahead of the high-risk deadline.

August 2, 2026 EU confirmed

2 August 2026: the bulk of the penalty regime becomes enforceable (barring Omnibus)

On 2 August 2026 — unless the Digital Omnibus is formally adopted beforehand — the AI Act's high-risk obligations become fully applicable and the associated penalties become enforceable, as do penalties for GPAI providers (Art. 101, the Commission's exclusive competence). From that date, national market surveillance authorities can investigate non-compliance, request information from providers and deployers, and order corrective measures. The Art. 99 regime closely mirrors GDPR Art. 83(2) fine-calculation framework, so data protection authorities already have experience applying this type of analysis. This is a prospective event: it is logged as an announced milestone and will be updated when it materializes or when the Omnibus modifies it.

May 7, 2026 BE confirmed

EU · Political agreement on the 'AI Act Omnibus': rules clarified and high-risk deadlines extended

On May 7, 2026, EU legislative bodies reached a political agreement on amendments to the AI Regulation (the 'AI Act Omnibus'), part of the digital-regulation simplification package. The agreement clarifies existing requirements, extends compliance deadlines for high-risk AI systems and introduces new rules on AI-generated intimate content. Prohibitions on particularly harmful practices (exploiting vulnerable people, social scoring) are already in force; new rules on intimate content and abuse material will be added from December 2, 2026, and chatbot transparency obligations from August 2026. The penalty regime reaches up to 35 million euros or 7% of worldwide turnover.

January 14, 2026 EU confirmed

By early 2026, only 3 of 27 MS had designated both competent authorities

According to Future of Life Institute tracking and the IAPP directory, by early 2026 — five months past the deadline — only three Member States had designated both their notifying and market surveillance authorities. Ten had pending legislative proposals or a single designated authority ('partial clarity'), and fourteen had designated none. Ireland is among the most advanced, with 15 competent authorities designated in a sector-distributed model and nine fundamental-rights authorities. Germany designated the Bundesnetzagentur as its main market surveillance authority. The Commission published an initial list of around 2,000 notified market surveillance authorities EU-wide, reflecting the highly decentralized and fragmented nature of enforcement.

August 2, 2025 EU confirmed

Authority designation deadline and penalty regime application date

2 August 2025 was the deadline for Member States to designate their national competent authorities (at least one notifying and one market surveillance authority, Art. 70) and notify the Commission of their national penalty rules (Art. 99.2). From that date, prohibited practices became enforceable by the designated authorities. But the regime has a structural gap: as DLA Piper notes, absent enforcement measures implemented at national level, it is unclear that regulators have the powers to apply the Art. 99 fines. GPAI provider penalties were postponed to 2 August 2026, aligning with the Commission's powers over those models.

February 2, 2025 EU confirmed

Prohibited practices (Art. 5) become applicable across all 27 MS

On 2 February 2025 the Art. 5 AI Act prohibitions became applicable across all 27 Member States: subliminal manipulation, exploitation of vulnerabilities, social scoring, real-time remote biometric identification for law enforcement (with limited exceptions), among other practices deemed incompatible with fundamental rights. Two days later, on 4 February, the Commission published guidelines breaking down each prohibition into cumulative conditions with practical examples. Breaching these prohibitions is the most serious AI Act infringement: up to €35M or 7% of worldwide annual turnover.

Methodology

Type
event-log
Construction
DC editorial construction
Cadence
monthly

Sources consulted

  1. AI Act · Capítulo XII · Art. 99 (Penalties) ↗ official

    Legal framework for sanctions. Art. 99 (fines for operators), Art. 100 (fines for EU institutions by the European Data Protection Supervisor), Art. 101 (fines for GPAI providers by the Commission).

  2. AI Act Service Desk · European Commission · Art. 99 ↗ official

    Official text of Art. 99 maintained by the European Commission. Authoritative primary source of the sanctions regime.

  3. Future of Life Institute · AI Act national implementation plans ↗ civil-society

    Tracking of competent-authority designation status by member state — a prerequisite for Art. 99 sanctions to be enforceable.

  4. IAPP · EU AI Act Regulatory Directory ↗ civil-society

    Directory of competent authorities responsible for implementing and enforcing the AI Act, with designation status by country. Updated periodically.

  5. Future of Privacy Forum · Red Lines under the EU AI Act ↗ academic

    Analysis of the designation status of market-surveillance authorities and of the decentralized enforcement approach for prohibited practices.