Wednesday, July 8, 2026

News

EU Fines for AI Violations Top 13 Billion Zlotys Since 2022

PolicyPatryk Raba

A Surfshark analysis shows that since 2022, European regulators and courts have fined seven tech companies more than 13 billion zlotys for AI-related violations, mostly for training models without a proper legal basis.

Contents
  1. What Big Tech Is Paying For
  2. Regulators' Dilemma
  3. Companies Still Don't Understand the Rules

Since 2022, European regulators and courts have imposed fines on seven leading technology companies for AI-related violations totaling more than 13 billion zlotys. An analysis prepared by Surfshark illustrates the scale of the problem facing AI giants in Europe, from Anthropic and Google to OpenAI and Apple.

What Big Tech Is Paying For

Surfshark's analysis found that nearly all ten proceedings centered on the use of data to train AI models in ways that violated EU data protection law. Companies drew on users' personal and biometric data, as well as copyrighted material, without obtaining the required consent or demonstrating another valid legal basis for processing it.

Among the companies fined were both firms known primarily for language models, such as Anthropic, Google and OpenAI, and Meta and Apple, as well as Clearview AI, the facial recognition company regularly criticized by European data protection regulators for building biometric databases from photos scraped from the internet without the consent of the people pictured.

Regulators' Dilemma

The scale of the fines puts European regulators in a difficult position. On one hand, strict enforcement of data protection rules safeguards citizens' privacy and forces companies to act more responsibly when building AI models. On the other, rising compliance costs and the risk of steep fines may discourage companies from investing in AI development and deployment within the European Union, widening the gap with the United States and China in the technology race.

The European Commission is responding to these concerns with a simplification package known as the Omnibus AI, meant to ease some of the requirements under the EU's AI Act, particularly for smaller companies and low-risk applications. The changes are set to take effect gradually as further provisions of the AI Act come into force.

Companies Still Don't Understand the Rules

The problem is compounded by low regulatory awareness among businesses themselves. According to the Intrum European Payment Report 2026, just 36 percent of European companies say they have a good understanding of the new regulations governing artificial intelligence. That means even companies acting in good faith may unknowingly violate the rules, which in practice raises the risk of further fines in the coming years.

For Polish companies deploying AI tools, this means a greater need to scrutinize the legal basis on which model providers process data, especially when it involves the personal data of customers or employees. The Ustawa o systemach sztucznej inteligencji (Poland's draft act on AI systems), expected to take effect in the country in the coming weeks, will add further pressure on businesses to document that their AI deployments comply with EU requirements.

The scale of the fines keeps growing each year as national data protection authorities wrap up proceedings over model-training practices that predate the AI Act. Experts cited in the analysis say the key question is whether the Omnibus AI will genuinely reduce legal uncertainty or merely delay the next wave of enforcement.

Sources: Rzeczpospolita (rp.pl), Parkiet (parkiet.com), WNP (wnp.pl)

Share: