Three numbers about the EU AI Act that the press releases left out.
The headline framing is enforcement is real. The numbers underneath say: enforcement is selective, slow, and structurally favours the largest labs.
The EU AI Office published its first enforcement action this month. The press around it called it a milestone. The numbers in the filing tell a more specific story.
1. €0.04 per parameter. The fine was assessed against a mid-tier provider whose general-purpose model crossed the systemic-risk threshold. Scaled to the largest frontier model in operation, the same per-parameter rate would imply a penalty roughly equal to two weeks of that lab’s reported infrastructure spend. It is not a deterrent at the top. It is a deterrent in the middle.
2. 14 months. That is the elapsed time between the original conduct cited in the action and the publication of the enforcement notice. If the AI Office sustains that cadence, it will close fewer than ten major actions per year. The compute frontier moves faster than the docket.
3. Zero. That is the number of frontier-lab subjects in the published enforcement queue. The labs the regulation was designed to constrain are not the labs currently being constrained. The reasons are structural — documentation regimes, jurisdictional access, and lab cooperation — and they are not going to resolve themselves.
The takeaway is not that the AI Act is failing. It is that the enforcement architecture, as built, is producing a predictable outcome: pressure on the second tier, accommodation at the top, slow case throughput across the board.
If the goal is genuine constraint on systemic-risk models, the rate-limiting variables are docket capacity and lab access. Neither is on the public roadmap. Both will need to be, before any of this changes.
