How does the AI risk calculator work?

It combines your revenue band, company size and AI governance maturity with the [EU AI Act](https://eur-lex.europa.eu/eli/reg/2024/1689/oj) fine framework and published breach-cost benchmarks. The result is a benchmark exposure range you can use to prioritise governance work — not a quote and not a forecast.

What is the EU AI Act exposure based on?

The [EU AI Act](https://eur-lex.europa.eu/eli/reg/2024/1689/oj) sets administrative [fines of up to EUR 35 million or 7% of global annual turnover](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-99), whichever is higher. We apply the 7% threshold to your selected revenue band, cap it at EUR 35 million and weight it by your governance maturity.

Where does the shadow AI breach uplift come from?

From published breach-cost research such as [IBM's Cost of a Data Breach report](https://www.ibm.com/reports/data-breach), which quantifies the additional cost when unmanaged AI is involved in an incident. We scale that benchmark by company size and governance maturity.

How do I reduce this exposure?

Visibility, enforced policies and audit-ready documentation. Moving from no policy to managed [AI governance](https://en.wikipedia.org/wiki/Regulation_of_artificial_intelligence) is the biggest lever in the model — and exactly what Qadar AI Shield operationalises: discover AI usage, enforce guardrails and document controls.

Benchmark Risk Snapshot

See your AI risk exposure in under a minute

Estimate benchmark exposure using EU AI Act statutory maximums and IBM breach-cost benchmarks. This is an orientation tool for security and operations teams, not legal advice.

Book a scoping call Start risk snapshot

Live benchmark

EUR 10M · 51–250 · Informal use

High

Total benchmark exposure

€871,725

EUR/USD conversion rate: 0.92

Estimated EU AI Act exposure

€525,000

Estimated Shadow AI breach uplift

$376,875

Benchmark inputs

Risk context from statutory and breach-cost benchmarks

EU AI Act reference

Uses statutory maximum orientation up to EUR 35M or 7% of global turnover.

Breach-cost benchmark

Uses IBM 2024 breach-cost research as a directional exposure baseline.

Decision support

Designed to frame governance conversations, not replace legal or compliance advice.

Calculator

Set your exposure profile

Adjust three inputs. Results update in real time.

Exposure profile

Move from rough assumptions to a board-ready benchmark in three inputs.

Annual company revenueEUR 10M

We apply the selected revenue tier to EU AI Act statutory maximum fine benchmarks.

Company size

1–50

51–250

251–1,000

1,000+

Used to scale breach-cost benchmark exposure by operating footprint.

AI governance maturity

No policyElevatedAI tools are used with no enforceable governance controls.

Informal useHighTeams use AI tools with limited visibility and ad-hoc controls.

Partial controlsModeratePolicy exists but coverage and enforcement remain incomplete.

ManagedLowPolicy and controls are active, monitored, and consistently enforced.

What to do with the number

Turn the snapshot into a control plan

Identify the exposure drivers

Use the split between statutory exposure and breach uplift to see where governance maturity changes the risk profile.

Scope runtime controls

Map the benchmark to policies, prompt controls, approval gates, and audit evidence across your AI surfaces.

Prepare the rollout

Use the result to prioritize which teams, tools, and data categories should move into governed AI usage first.

Methodology

How we calculate this

EU AI Act exposure. We estimate exposure by applying the selected revenue tier to the 7% turnover threshold and capping at EUR 35 million, then weighting by governance maturity. This is a benchmark orientation model, not a legal determination.

Shadow AI breach uplift. We apply company-size and governance multipliers to IBM's 2024 benchmark data and present the resulting uplift as a directional risk estimate.

The AI risk exposure figures shown are benchmark-based estimates for orientation purposes only. EU AI Act fine ranges are statutory maximums under Regulation (EU) 2024/1689 and do not represent expected or average penalties. Breach-cost benchmarks are sourced from the IBM Cost of a Data Breach Report 2024. Results are not legal advice, compliance assessments, or guarantees of any outcome. Consult qualified legal and compliance counsel for advice specific to your organization.

Common questions

Understanding your risk numbers

Common questions

It combines your revenue band, company size and AI governance maturity with the EU AI Act fine framework and published breach-cost benchmarks. The result is a benchmark exposure range you can use to prioritise governance work — not a quote and not a forecast.

No. Actual penalties depend on the specific violation, the authority, cooperation and many case-specific factors. The calculator is an orientation tool for security and operations teams, not legal advice.

The EU AI Act sets administrative fines of up to EUR 35 million or 7% of global annual turnover, whichever is higher. We apply the 7% threshold to your selected revenue band, cap it at EUR 35 million and weight it by your governance maturity.

From published breach-cost research such as IBM's Cost of a Data Breach report, which quantifies the additional cost when unmanaged AI is involved in an incident. We scale that benchmark by company size and governance maturity.

No. The calculator runs entirely in your browser. Your selections are reflected in the URL so you can share a scenario deliberately, but nothing is submitted to or stored on our servers.

Visibility, enforced policies and audit-ready documentation. Moving from no policy to managed AI governance is the biggest lever in the model — and exactly what Qadar AI Shield operationalises: discover AI usage, enforce guardrails and document controls.

From benchmark exposure to a scoped AI governance rollout

Book your AI governance assessment

A product specialist will reply within one business day

Benchmark Risk Snapshot

See your AI risk exposure in under a minute

Estimate benchmark exposure using EU AI Act statutory maximums and IBM breach-cost benchmarks. This is an orientation tool for security and operations teams, not legal advice.

Book a scoping call Start risk snapshot

Live benchmark

EUR 10M · 51–250 · Informal use

High

Total benchmark exposure

€871,725

EUR/USD conversion rate: 0.92

Estimated EU AI Act exposure

€525,000

Estimated Shadow AI breach uplift

$376,875

Benchmark inputs

Risk context from statutory and breach-cost benchmarks

EU AI Act reference

Uses statutory maximum orientation up to EUR 35M or 7% of global turnover.

Breach-cost benchmark

Uses IBM 2024 breach-cost research as a directional exposure baseline.

Decision support

Designed to frame governance conversations, not replace legal or compliance advice.

Calculator

Set your exposure profile

Adjust three inputs. Results update in real time.

Exposure profile

Move from rough assumptions to a board-ready benchmark in three inputs.

Annual company revenueEUR 10M

We apply the selected revenue tier to EU AI Act statutory maximum fine benchmarks.

Company size

1–50

51–250

251–1,000

1,000+

Used to scale breach-cost benchmark exposure by operating footprint.

AI governance maturity

No policyElevatedAI tools are used with no enforceable governance controls.

Informal useHighTeams use AI tools with limited visibility and ad-hoc controls.

Partial controlsModeratePolicy exists but coverage and enforcement remain incomplete.

ManagedLowPolicy and controls are active, monitored, and consistently enforced.

What to do with the number

Turn the snapshot into a control plan

Identify the exposure drivers

Use the split between statutory exposure and breach uplift to see where governance maturity changes the risk profile.

Scope runtime controls

Map the benchmark to policies, prompt controls, approval gates, and audit evidence across your AI surfaces.

Prepare the rollout

Use the result to prioritize which teams, tools, and data categories should move into governed AI usage first.

Methodology

How we calculate this

Shadow AI breach uplift. We apply company-size and governance multipliers to IBM's 2024 benchmark data and present the resulting uplift as a directional risk estimate.

Common questions

Understanding your risk numbers

Common questions

No. The calculator runs entirely in your browser. Your selections are reflected in the URL so you can share a scenario deliberately, but nothing is submitted to or stored on our servers.

From benchmark exposure to a scoped AI governance rollout

Book your AI governance assessment

A product specialist will reply within one business day

See your AI risk exposure in under a minute

Risk context from statutory and breach-cost benchmarks

EU AI Act reference

Breach-cost benchmark

Decision support

Set your exposure profile

Exposure profile

Turn the snapshot into a control plan

Identify the exposure drivers

Scope runtime controls

Prepare the rollout

How we calculate this

Understanding your risk numbers

How does the AI risk calculator work?

Is this a prediction of an actual fine?

What is the EU AI Act exposure based on?

Where does the shadow AI breach uplift come from?

Is my input stored or sent anywhere?

How do I reduce this exposure?

From benchmark exposure to a scoped AI governance rollout

See your AI risk exposure in under a minute

Risk context from statutory and breach-cost benchmarks

EU AI Act reference

Breach-cost benchmark

Decision support

Set your exposure profile

Exposure profile

Turn the snapshot into a control plan

Identify the exposure drivers

Scope runtime controls

Prepare the rollout

How we calculate this

Understanding your risk numbers

How does the AI risk calculator work?

Is this a prediction of an actual fine?

What is the EU AI Act exposure based on?

Where does the shadow AI breach uplift come from?

Is my input stored or sent anywhere?

How do I reduce this exposure?

From benchmark exposure to a scoped AI governance rollout