What does AI Act compliance cost?
The cost of AI Act compliance depends mainly on your risk class, role and number of AI systems. The law requires proportionality, so most organisations with low-risk AI face limited costs.
Short answer: There is no fixed price tag. The cost of AI Act compliance is driven by your risk class, your role and the number of systems โ not by the law as such. For most organisations, with predominantly low-risk AI, costs stay limited; only high-risk uses demand serious investment.
The main cost drivers
Four factors account for most of the cost:
- Risk class. High-risk systems require risk management, documentation, logging and conformity assessment. Limited and minimal risk mainly require a transparency notice.
- Role. A provider carries more (and costlier) obligations than a deployer.
- Number and complexity of systems. More AI, or self-built models, means more work.
- Existing maturity. Those who already have data governance, ISO-like processes or a privacy function reuse a lot and pay less.
Proportionality is built in
The AI Act is not "one size fits all". Small and micro enterprises get relief, such as simplified technical documentation. Obligations scale with risk: low-risk AI does not need a heavy compliance machine. Read the AI Act for SMEs for what that means in practice.
Where the money goes
The largest items are usually not fines but internal time: inventorying, classifying, documenting and setting up governance. On top of that come some external costs: legal advice, a conformity assessment for high-risk systems, or tooling for monitoring and logging. One-off setup costs are generally higher than the ongoing maintenance.
Keeping costs manageable
The cheapest compliance is targeted: invest heavily where risk is high and lightly where it is low. Phasing โ see AI Act readiness in 90 days โ stops you buying everything at once and expensively. Reuse existing processes where you can.
What to do
- Determine your risk classes first; they drive the whole budget.
- Estimate internal time realistically โ usually the biggest item.
- Reserve external costs for high-risk systems only (advice, conformity assessment, tooling).
- Reuse existing governance and data-quality processes.
- Avoid duplicate work by following the AI Act roadmap first.
Compliance need not be expensive; it should be proportionate. Steer by risk, not by fear.
Sources
- https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Regulation (EU) 2024/1689 (AI Act): obligations scale with risk class; proportionality for smaller providers. - https://artificialintelligenceact.eu/article/62/
Article 62 AI Act: measures for small and micro enterprises, including simplified documentation.
Read next
The AI Act for SMEs: proportionality, sandboxes and costs
The AI Act applies to SMEs too, but builds in relief: proportionate documentation, priority and lower cost in regulatory sandboxes, and fines with an SME cap. This guide shows what to watch for as a small business.
AI fraud detection by government: the lessons after SyRI
After the SyRI ruling (District Court of The Hague, 2020) and the Dutch childcare-benefits scandal, government fraud detection with AI is high-risk under Annex III. The lessons: no opaque risk scores, no proxy discrimination, but proportionality, explainability and a rights assessment.
The AI Act for non-EU companies: extraterritorial reach
The AI Act also applies to companies outside the EU if their AI system or its output is used in the Union. Non-EU providers often have to appoint an authorised representative in the EU.