News
Big Tech Paid $3.5 Billion in Fines for Training AI on Data Without Consent

A Surfshark report finds that since 2022, regulators and courts have imposed $3.5 billion in fines on seven tech companies, mostly for training AI models on user data without consent.
Contents
Anthropic, Meta, Google, Apple, Amazon, OpenAI and Clearview AI have paid a combined $3.5 billion in fines and settlements for violations tied to AI development since 2022. That's according to an analysis of ten regulatory and court cases published by Surfshark, first reported on the Polish market by Rzeczpospolita.
Who paid the most
The largest single fine in Surfshark's ranking went to Anthropic - $1.5 billion in 2025 for using pirated copies of books to train its language models. Close behind was Meta, fined $1.4 billion in 2024 for collecting facial images for biometric recognition systems without user consent. Google paid $291 million in 2024 for training models on copyrighted material without a license.
Apple received a $250 million fine in 2026, the only case on the list not directly tied to training data, but instead to misleading marketing of AI capabilities. Amazon paid $25 million in 2023 for storing children's voice recordings used to train the Alexa assistant.
Clearview AI avoids paying
Clearview AI, the facial recognition company, remains a special case. It was the first on the list to be fined, back in 2022, for mass-scraping facial images to build its database. Four European data protection authorities, the Dutch, Italian, French and Greek regulators, imposed roughly $105 million in combined fines on the company. It has not paid any of them, arguing it does not fall under European jurisdiction.
OpenAI's case shows that regulatory fines don't always stick. Italy's data protection authority fined the company $17 million in 2024 for training ChatGPT without an adequate legal basis and for violating transparency requirements, but a court overturned the fine in 2026.
What companies face in Europe
The EU AI Act, which took effect on August 1, 2024, sets far stricter fine thresholds than those imposed so far. For banned AI practices, such as harmful manipulation, social scoring or mass facial recognition, companies face fines of up to €35 million or 7 percent of total annual global turnover, whichever is higher. Violations of other obligations, including those concerning high-risk systems, can cost up to €15 million or 3 percent of turnover, while providing incorrect information to regulators can cost up to €7.5 million or 1 percent of turnover.
The regulation's rollout stretches over several more years. Rules for general-purpose models have applied since August 2025, transparency and AI-content labeling rules take effect on August 2, 2026, and full requirements for high-risk systems in education, employment and biometrics will apply from December 2027.
What it means for Poland
For Polish companies deploying solutions built on major providers' models, Surfshark's findings signal that the cost of non-compliance with data regulations can far exceed the cost of deploying AI itself. Poland has already established the Commission for the Development and Security of Artificial Intelligence (Komisja Rozwoju i Bezpieczeństwa Sztucznej Inteligencji, a new state body overseeing AI policy), whose founding bill was passed on March 31, 2026, aimed at preparing the domestic market for the full entry into force of EU transparency and AI-content labeling rules in August 2026.
The report's authors note that the fines issued so far are just the beginning of a regulatory wave. Further proceedings are underway, and the full AI Act requirements coming into force in the next few years could significantly increase both the number and size of sanctions imposed on companies developing AI systems in the European market.
Sources: Rzeczpospolita/Parkiet (parkiet.com), TechRadar (techradar.com), Digital Information World (digitalinformationworld.com)


