← Back to blog

What AI Has Actually Cost Companies: From Meta's $1.4 Billion to Air Canada's $812

Seven real penalties, primary-sourced, told with the one thing most “biggest fines” lists leave out: the difference between a penalty imposed, collected, and upheld. The smallest number is the one that reaches you.

Published July 2026 · 9 min read · ai-liability / regulation / privacy / provenance / audit


The two most important numbers in the short history of AI liability are $1.4 billion and $812. They are almost exactly three orders of magnitude apart. And the small one is the one that should scare you.

The big one is a settlement Meta agreed to pay the state of Texas. The small one is what a Canadian tribunal ordered Air Canada to pay a grieving passenger after its chatbot invented a refund policy. If you operate any customer-facing AI, the $1.4 billion is a story about someone else. The $812 is a story about you.

Here is what AI has actually cost companies so far: ranked, primary-sourced, and told with the one thing most “biggest fines” lists leave out, which is the difference between a penalty that was imposed, one that was collected, and one that still stands. That difference is the whole story.

1. Meta — $1.4 billion (and it's a settlement, not a fine)

On July 30, 2024, Meta agreed to pay Texas $1.4 billion to resolve claims that it captured the facial geometry of millions of Texans through Facebook's old “Tag Suggestions” feature, without consent, in violation of the state's biometric-privacy law (CUBI). It is the largest settlement ever obtained by a single U.S. state, and the largest privacy settlement a state attorney general has ever secured.

Read the referent carefully: this was a settlement, an agreed payment to make a lawsuit go away, not a court-imposed fine after a finding of guilt. That matters, because a settlement is a company pricing its own risk, not a judge pricing the harm. It also matters that the mechanism was a Texas state law, not Europe's GDPR: a reminder that the biggest AI bill to date was written in Austin, not Brussels.

And notice what the offense actually was: facial recognition on training data. The single largest dollar figure “AI” has ever cost one company is a biometrics case. Hold that thought, because it's the pattern.

2. Clearview AI — ~€100 million imposed across Europe, and by the regulators' own account, largely unpaid

Clearview AI scraped billions of faces off the public web to build a facial-recognition search engine, and European regulators lined up to punish it: €20 million each from France, Italy, and Greece in 2022, and its largest single penalty, €30.5 million from the Dutch data-protection authority in 2024, the Dutch fine alone exceeding the earlier three combined. Add it up and you get roughly €100 million in fines.

Now the caveat that makes this honest instead of impressive: Clearview appears to have paid essentially none of it, and, by the regulators' accounts, deleted no European data either. It has no EU establishment, so collection is a genuine problem, and the Dutch authority has been weighing whether to hold the company's executives personally liable to make the penalty bite. So the real headline is not “€100 million in fines.” It is this: a company can be fined €100 million across a continent and simply not pay. Imposed is not collected.

3. OpenAI — €15 million, then zero

Italy's privacy watchdog, the Garante, fined OpenAI €15 million in late 2024 for training ChatGPT on personal data without an adequate legal basis, for transparency failures, and for not properly notifying a 2023 data breach, plus a mandated public-awareness campaign.

Then, on March 18, 2026, the Court of Rome annulled the fine entirely. The court did not rule that OpenAI was innocent. It ruled that the Garante lacked jurisdiction, because Ireland's Data Protection Commission had become OpenAI's lead EU supervisor on February 15, 2024, months before the Garante issued its decision. The substantive questions, was the training data lawful, was the breach handled right, were never reached. The headline number is now zero, killed on a jurisdictional technicality. The one marquee fine against a model-training company un-happened.

Put the top three together and a striking fact emerges: the AI “liability wave” is, for now, mostly a privacy-and-biometrics wave wearing an AI label. The mega-numbers are facial recognition and data scraping. The one fine aimed squarely at how a large model was trained was comparatively small, and got reversed.

4. Amazon — $25 million for what Alexa remembered

In 2023 the FTC and DOJ charged that Amazon kept children's Alexa voice recordings forever, even after parents asked for deletion, and used them to improve its algorithms, a violation of the children's-privacy law COPPA. Amazon paid a $25 million civil penalty and was ordered to delete the data. A smaller number, but a cleaner one: it was actually imposed and paid, and it's about the exact thing operators underestimate, that the data an AI system quietly retains is itself the liability.

5. Rite Aid — the penalty with no dollar sign

Sometimes the cost isn't money. In December 2023 the FTC banned Rite Aid from using facial-recognition technology for five years, after finding the pharmacy chain had deployed it to flag “shoplifters” in ways that disproportionately, and wrongly, accused women and people of color, without telling customers or reasonably guarding against harm. There was no headline fine here. The penalty was you may not use this technology at all. For a lot of businesses, a capability ban is far more expensive than a check.

6. The FTC's quietest and scariest weapon: delete the model

Which brings us to the enforcement mechanism that belongs on every operator's radar and appears on almost no “biggest fines” list, because it isn't measured in dollars. It's called algorithmic disgorgement, or bluntly, model destruction.

In the Everalbum case (a facial-recognition app), the FTC required the company to delete not just the improperly collected photos but the algorithms and models built from them. In 2022's WW/Kurbo case, a weight-loss app that collected children's data in violation of COPPA, the FTC went further: a $1.5 million penalty and an order to destroy any models or algorithms trained on the illegally gathered data. It was the first time the FTC used model destruction as a COPPA remedy, and it's a template now.

Think about what that does to the math. A model can cost tens of millions of dollars and months of compute to train. If the data underneath it was collected improperly, the FTC can order you to throw the whole thing away. The most expensive AI penalty a company can face may not be a fine at all. It's being made to delete the asset. Money you can budget for. A destroyed model you cannot.

7. Air Canada — $812, and the ruling that reaches everyone

And so, finally, back to the number that started this: CA$812.

In Moffatt v. Air Canada (2024), a passenger asked Air Canada's website chatbot about bereavement fares after his grandmother died. The chatbot told him he could book now and apply for the discounted fare retroactively within 90 days. That policy did not exist. The bot made it up. When Air Canada refused the refund, the passenger took it to British Columbia's Civil Resolution Tribunal.

Air Canada's defense is the part every builder should sit with. It argued, in effect, that the chatbot was a separate legal entity responsible for its own actions, that the company couldn't be held liable for what its bot said. The tribunal rejected this flatly. The chatbot is part of Air Canada's website; Air Canada is responsible for all the information on it, whether it comes from a static page or a generative agent. The company was ordered to honor the invented policy and pay damages and fees, about CA$812 in total.

Eight hundred and twelve dollars. It is the cheapest item on this list by a factor of more than a million, and it is the only one that changes what you have to do on Monday. Because it settles, in plain language, the question every operator of a customer-facing AI agent was quietly hoping to avoid: you own your agent's outputs. “The AI said it, not us” is not a defense. If your bot promises a refund, a discount, a policy, a fact, you promised it.

The through-line

Line the seven up and three lessons fall out, in ascending order of importance.

First: the biggest AI costs so far aren't about the models, they're about the data. Faces, voices, children's records, scraped photos. If you're worried about AI liability, start with what your system ingests and retains, not just what it generates.

Second: imposed, collected, and upheld are three different things, and the gap between them is where the real story lives. Clearview's €100 million went largely unpaid. OpenAI's €15 million was annulled. A “biggest fines” list that doesn't say so is selling you a number, not the truth. The honest version is less tidy and far more useful: enforcement is real, but it is uneven, contestable, and sometimes toothless, until it suddenly isn't.

Third, and most practical: the smallest ruling is the one to internalize. Not the billion-dollar biometrics settlement, which is a story about a handful of giants. The $812 chatbot ruling, which is a story about anyone who has put a generative agent in front of a customer. The dollar figure is trivial precisely because the principle is not: your AI's words are your words. Price the model-destruction risk into your data practices, and price the Air Canada principle into every agent you ship. The bill for getting the second one wrong starts at $812 and has no ceiling.


Sources

If you own your agent's outputs, the one thing you cannot afford is not knowing what it actually did.

The Air Canada principle is the whole reason to keep a faithful record of every agent action. Chain of Consciousness is that record: an append-only, tamper-evident log of what each agent did, anchored so it can be checked against a timestamp no one can quietly rewrite. When the question is “did the bot really promise that, and inside what policy,” the log is what answers it. It is one layer of the Agent Trust Stack, the harness for inventorying authority, gating the irreversible, and retaining the record before you need it.

See Hosted Chain of Consciousness  ·  Read the Theory of Agent Trust

pip install chain-of-consciousness  ·  npm install chain-of-consciousness