Real compliance cost comparison across four approaches: specialized consultant, enterprise platform, self-service tools, and the cost of non-compliance. With calculations by company profile.
Companies operating in the EU face a growing volume of regulations. From cyber resilience to pay transparency, obligations are piling up. What varies enormously is how much it costs to comply, depending on the approach chosen. This page presents the four main options without judging which is better: every company has a different context, and the decision depends on size, product complexity, and internal capacity.
Law firms and regulatory affairs consultancies offering personalized advice, representation before authorities, and compliance audits. They work regulation by regulation, adapting the analysis to the company's specific product and market. The cost reflects senior professional hours and varies significantly depending on case complexity.
Comprehensive compliance solutions aimed at medium and large enterprises. They offer dashboards, workflow automation, evidence management, and reporting for multiple regulations. They require implementation, integration with internal systems, and team training. Typical cost: annual subscription plus initial setup.
Specialized online tools that enable companies to generate compliance documentation (assessment reports, structured checklists, gap analyses) independently. Priced per tool and usage. They do not replace legal advice: they cover documentation, not legal interpretation.
Not a recommended option, but it has a quantifiable cost. The fines established by each regulation — verified against EUR-Lex — set the upper limit of direct financial risk. Added to this: product withdrawal, marketing prohibition, reputational damage, and exclusion from public procurement.
| Regulation | Self-service | Consultant | Enterprise SaaS | Maximum fine (non-compliance) | Penalties art. |
|---|---|---|---|---|---|
| CRA Reg. (UE) 2024/2847 |
149 € CRACheck |
5.000–15.000 € market estimate |
15.000–50.000 €/year market estimate |
15 M € o 2,5 % global turnover |
Art. 64 |
| AI Act Reg. (UE) 2024/1689 |
249 € AICheck |
8.000–25.000 € market estimate |
20.000–80.000 €/year market estimate |
35 M € o 7 % global turnover (Art. 5) €15M or 3% (high risk) SMEs: the lower figure (Art. 99(6)) |
Art. 99 |
| EUDR Reg. (UE) 2023/1115 |
199 € EUDRCheck |
5.000–20.000 € market estimate |
15.000–60.000 €/year market estimate |
Minimum 4% EU turnover + product confiscation + public procurement exclusion (≤12 months) |
Art. 25 |
| GPSR Reg. (UE) 2023/988 |
49 € GPSRCheck |
3.000–10.000 € market estimate |
10.000–30.000 €/year market estimate |
Per national legislation + product withdrawal + marketing prohibition |
Art. 44 |
| EAA Dir. (UE) 2019/882 |
149 € EAA-Report |
3.000–12.000 € market estimate |
10.000–40.000 €/year market estimate |
Per national legislation Spain: €30,000–€1,000,000 Germany: up to €100,000 |
Art. 30 |
| Pay Transparency Dir. (UE) 2023/970 |
29 € BrechaCheck |
3.000–10.000 € market estimate |
10.000–30.000 €/year market estimate |
Per national legislation + mandatory joint pay assessment if gap > 5% without justification (Art. 10) |
Art. 23 |
| Data Act Reg. (UE) 2023/2854 |
99 € DataCheck coming soon |
5.000–15.000 € market estimate |
15.000–50.000 €/year market estimate |
Per national legislation If personal data: via GDPR up to €20M or 4% (Art. 83 GDPR) |
Art. 40 |
| RED + DA ciberseg. Dir. 2014/53/UE |
99 € REDCheck coming soon |
4.000–12.000 € market estimate |
12.000–40.000 €/year market estimate |
Per national legislation + CE marking prohibition + marketing prohibition |
Art. 45 |
| RoHS Dir. 2011/65/UE |
49 € RoHSCheck coming soon |
3.000–10.000 € market estimate |
10.000–30.000 €/year market estimate |
Per national legislation + CE marking prohibition + market withdrawal |
Art. 19 |
| Toy Safety Reg. (UE) 2025/2509 |
49 € ToyCheck coming soon |
3.000–10.000 € market estimate |
10.000–30.000 €/year market estimate |
Per national legislation + marketing prohibition |
Art. 79–80 |
About consultant ranges: The ranges indicated in the "Consultant" column are market estimates based on typical prices for European SMEs. They do not come from official European Commission studies or published data. The actual cost varies significantly depending on product complexity, the number of target markets, the need for laboratory testing, and the level of customization required. Complex projects (e.g., conformity of an AI-powered medical device in 5 markets) can easily exceed these ranges.
About "per national legislation" fines: Several regulations (GPSR, EAA, Pay Transparency, Data Act, RED, RoHS) delegate the definition of penalty amounts to each Member State. The Regulation or Directive requires them to be "effective, proportionate and dissuasive" (recurring wording in Art. 44 GPSR, Art. 30 EAA, etc.), but does not set a harmonized maximum amount at EU level. Spain, Germany, France, and the Netherlands have published their national frameworks with significantly different amounts.
Each profile applies only the regulations that affect it based on its activity. The consultant cost uses the midpoint of the estimated range. The cost of non-compliance indicates the maximum cumulative fine across all applicable regulations, without considering recidivism or concurrent offenses.
10 employees · €2M revenue · Product: B2B SaaS platform with integrated AI model · Headquarters: Barcelona
| Regulation | Self-service | Consultant | Non-compliance (maximum) |
|---|---|---|---|
| AI Act | 249 € | 16.500 € | 140.000 € (7% of €2M, Art. 99(6) SMEs) |
| CRA | 149 € | 10.000 € | 50.000 € (2.5% of €2M) |
| EAA | 149 € | 7.500 € | Per national legislation |
| Pay Transparency | 29 € | 6.500 € | Per national legislation |
| TOTAL | 576 € | 40.500 € | 190.000 € + national penalties |
50 employees · €8M EU revenue · Product: home Wi-Fi cameras · Headquarters: Shenzhen (China) · Sales via Amazon.de
| Regulation | Self-service | Consultant | Non-compliance (maximum) |
|---|---|---|---|
| CRA | 149 € | 10.000 € | 200.000 € (2.5% of €8M) |
| GPSR | 49 € | 6.500 € | Per national legislation + retirada |
| RED | 99 € | 8.000 € | CE prohibition + market withdrawal |
| RoHS | 49 € | 6.500 € | CE prohibition + market withdrawal |
| TOTAL | 346 € | 31.000 € | 200.000 € + national penalties + retirada |
15 employees · €5M revenue · Product: green and roasted coffee · Headquarters: Hamburg (Germany) · Imports from Colombia
| Regulation | Self-service | Consultant | Non-compliance (maximum) |
|---|---|---|---|
| EUDR | 199 € | 12.500 € | 200.000 € (4% of €5M EU turnover) + confiscation + public procurement exclusion |
| Pay Transparency | 29 € | 6.500 € | Per national legislation |
| TOTAL | 228 € | 19.000 € | 200.000 € + national penalties + confiscation |
80 employees · €12M revenue · Product: online electronics and fashion retail · Headquarters: Madrid · Sells in ES, FR, DE, IT
| Regulation | Self-service | Consultant | Non-compliance (maximum) |
|---|---|---|---|
| GPSR | 49 € | 6.500 € | Per national legislation + retirada |
| EAA | 149 € | 7.500 € | Spain: up to €1,000,000 (very serious offenses, Ley 11/2023) |
| Pay Transparency | 29 € | 6.500 € | Per national legislation |
| TOTAL | 227 € | 20.500 € | Up to €1,000,000 + additional penalties |
30 employees · €6M revenue · Product: Wi-Fi toys with mobile app · Headquarters: Milan (Italy) · Sells across the EU
| Regulation | Self-service | Consultant | Non-compliance (maximum) |
|---|---|---|---|
| Toy Safety | 49 € | 6.500 € | Per national legislation + retirada |
| CRA | 149 € | 10.000 € | 150.000 € (2.5% of €6M) |
| GPSR | 49 € | 6.500 € | Per national legislation + retirada |
| RED | 99 € | 8.000 € | CE prohibition + market withdrawal |
| RoHS | 49 € | 6.500 € | CE prohibition + market withdrawal |
| Pay Transparency | 29 € | 6.500 € | Per national legislation |
| TOTAL | 424 € | 44.000 € | 150.000 € + national penalties + retirada |
About the profiles: The five profiles are fictional and represent typical scenarios. The regulations applicable to each profile depend on the nature of the product, the role of the economic operator (manufacturer, importer, distributor), and the target market. A real analysis requires verifying on a case-by-case basis which regulations apply and which specific obligations correspond to the company's role in the value chain.
Self-service tools cover a specific scope: structured compliance documentation. They do not replace legal advice or operational consulting. This distinction is essential so each company can choose the right approach for its situation.
When self-service is not enough: If your product requires conformity assessment by a notified body (independent third party) — for example, an IoT device classified as "important" under the CRA, or a high-risk AI system under the AI Act — you need a certification process that goes beyond documentation. In these cases, self-service complements the consultant or notified body, but does not replace it.
The maximum fines indicated on this page come from the penalties articles of each regulation published in EUR-Lex. The consultant and enterprise SaaS ranges are market estimates and are expressly indicated as such. Last verified: May 2026.
Check if your product is affected at solidwaretools.com