Regulatory Liability Index

Q: What is the Regulatory Liability Index?

The Regulatory Liability Index is a calculator for maximum administrative fines under four major regulations affecting connected products: EU CRA, AI Act, NIS2, and UK PSTI. It helps manufacturers understand their financial exposure before compliance gaps become enforcement actions.

Q: How are the fines calculated?

Each regulation uses a 'greater of' formula: the fine is the higher of a fixed minimum (e.g., €15M for CRA) or a percentage of global annual turnover (e.g., 2.5% for CRA). For SMEs under the AI Act, the lower of the two values applies.

Q: Does this apply to my product?

It depends on your product type and target market. CRA applies to any product with digital elements sold in the EU. AI Act applies to products using AI for safety-critical decisions. NIS2 applies to operators in critical infrastructure sectors. UK PSTI applies to consumer connectable products sold in the UK.

Estimate your organization's maximum financial risk under the 2026-2027 compliance frameworks for connected products.

Projected administrative fines based on official legislative texts: EU CRA, AI Act, NIS2, and UK PSTI.

Estimated Liability Breakdown

Projected administrative fines based on global annual turnover.

Entity Type

< 250 employees, < €50M turnover

Annual Revenue (€)

Regulation	Applicability	Penalty Basis	Max Exposure
EU AI ActArt. 99	Prohibited AI Practices	Up to 7% or €35M	Min €35M
EU Cyber Resilience ActArt. 64	Non-Compliance (Annex I)	Up to 2.5% or €15M	Min €15M
UK PSTI ActSchedule 5	Security Duties Breach	Up to 4% or £10M	Min £10M
EU NIS2 DirectiveArt. 34	Essential Entities	Up to 2% or €10M	Min €10M

Figures sourced from official legislative texts. GBP to EUR rate: 1.18 (indicative). Actual penalties depend on severity and circumstances.

SME & Start-up Protection

Under the EU AI Act (Article 99.6), administrative fines for Small and Medium Enterprises are capped at the lower of the two calculated amounts (fixed minimum or percentage of turnover).

Our calculator automatically applies this protection when the "SME / Start-up" toggle is active. SME definition: less than 250 employees and less than €50M annual turnover.

The Enforcement Frameworks

Understanding the regulatory landscape behind the calculations.

EU AI Act

Enforced 2026

Trigger:

Using AI for safety-critical components, biometric identification, or high-risk decision-making systems.

The Risk:

Fines up to €35M or 7% of global annual turnover, whichever is higher (for enterprises).

Key Clause:

Article 99 (Prohibited practices & High-Risk obligations)

EU Cyber Resilience Act

Enforced 2027

Trigger:

Selling any product with digital elements (connected hardware, IoT devices, embedded systems) in the EU market.

The Risk:

Market withdrawal + fines up to €15M or 2.5% of global annual turnover.

Key Clause:

Article 64 (Non-compliance with Annex I essential requirements)

UK PSTI Act

Active 2024

Trigger:

Consumer connectable products sold in the UK (IoT devices, smart home products, wearables).

The Risk:

Fines up to £10M or 4% of global annual turnover for security duty breaches.

Key Clause:

Schedule 5 (Enforcement and penalties)

EU NIS2 Directive

Enforced 2024

Trigger:

Operating as an "Essential Entity" in critical infrastructure sectors (energy, transport, health, digital infrastructure).

The Risk:

Fines up to €10M or 2% of global annual turnover for cybersecurity measure failures.

Key Clause:

Article 34 (Administrative fines)

Calculation Methodology

How We Calculate Exposure

Our calculator implements the exact penalty formulas specified in the official legislative texts. Each regulation uses a "greater of" (or "lower of" for SMEs in AI Act) calculation:

• Fixed Minimum: A statutory floor amount (e.g., €15M for CRA)
• Percentage of Turnover: A percentage of your global annual revenue (e.g., 2.5% for CRA)
• Maximum Penalty: The higher of the two values (except AI Act SMEs, which use the lower)

Data Sources

Legislative Texts

Official EU and UK government publications, including final adopted texts and enforcement guidelines.

Currency Conversion

GBP to EUR conversion rate: 1.18 (indicative). Actual rates may vary.

Important Disclaimers

This is an estimation tool

Actual penalties depend on severity, intent, duration of non-compliance, cooperation with authorities, and other mitigating or aggravating factors. This calculator shows the statutory maximum based on the penalty frameworks. It is not legal advice. Consult qualified legal counsel for compliance guidance.

Frequently Asked Questions

What is the Regulatory Liability Index?

The Regulatory Liability Index is a calculator for maximum administrative fines under four major regulations affecting connected products: EU CRA, AI Act, NIS2, and UK PSTI. It helps manufacturers understand their financial exposure before compliance gaps become enforcement actions.

How are the fines calculated?

Each regulation uses a "greater of" formula: the fine is the higher of a fixed minimum (e.g., €15M for CRA) or a percentage of global annual turnover (e.g., 2.5% for CRA). For SMEs under the AI Act, the lower of the two values applies.

Does this apply to my product?

It depends on your product type and target market:

CRA: Any product with digital elements sold in the EU (IoT, embedded systems, software).
AI Act: Products using AI for safety-critical decisions or biometric identification.
NIS2: Operators in critical infrastructure sectors (energy, health, transport).
UK PSTI: Consumer connectable products sold in the UK.

Don't pay the fine. Fix the architecture.

Most penalties are avoidable with documented "Security by Design" processes and proper architectural validation before market entry.

Start Free Design Audit Explore Solutions