LET'S TALK
← All work
Compliance ROIRisk QuantificationPenalty MathDeep Prototype

PenaltyCalc — Compliance Penalty Exposure Calculator

Computes the dollar exposure per missed compliance control. Models GDPR Art 83 sliding-scale (4% of global revenue), HIPAA tiered fines, FLSA back-wages + 2× liquidated damages, OFAC penalties, PCI scheme fines, EU AI Act sliding-scale, CCPA private right of action. 20 toggleable scenarios.

PenaltyCalc — Compliance Penalty Exposure Calculator preview
Open live →

What it is

The board-ready answer to “what’s the cost of not doing this?” Real penalty math from real regulators. Configure your organization’s parameters; PenaltyCalc returns the dollar exposure per missed control.

What it models

  • GDPR Article 83 — Tier 2 max (greater of €20M or 4% of global revenue), Tier 1 max (€10M or 2%).
  • HIPAA Tiered Fines — Willful Neglect uncorrected ($71,162 per violation, $2.13M annual cap), Reasonable Cause ($142 × violations, $71k cap). Updated to 2025-adjusted amounts.
  • FLSA Overtime — back-wages = (avg wage × OT hours × 52 weeks × affected workers). Plus 2× liquidated damages per 29 USC §216(b).
  • OFAC Egregious Violation — settlement benchmark from recent enforcement.
  • PCI Scheme Fines — $5k-$100k/month per scheme × duration. Plus forensic investigator + reissue ($5 per card + $50k investigation).
  • OSHA Citations — Serious ($16,550/violation 2025-adjusted), Willful or Repeated ($165,514).
  • SEC Cyber-Disclosure — typical settlement $4-10M based on recent enforcement actions.
  • CCPA Civil Penalty — $7,500 per intentional violation × estimated affected records.
  • CCPA Private Right of Action — $100-$750 per consumer × breach scope.
  • FCRA Background-Check Class — $100-$1,000 per applicant.
  • FCPA Corporate Criminal Fine — typically 2× benefit derived.
  • BSA/AML Civil Penalty — $100,000 per willful violation.
  • SOC2 Contractual Breach — typical enterprise contract value × customers lost.
  • EU AI Act — prohibited practice = max of €35M or 7% of global revenue.
  • Data Breach — $165 per record (IBM Cost of Breach 2024 average).

Why it matters

When you’re choosing between funding a compliance project or skipping it, the answer is almost always the dollar exposure. PenaltyCalc puts every relevant regulator on one screen with the same parameters, so the comparison is one button-press away. Lets the CISO present “X investment vs Y exposure” to the audit committee in 5 seconds.

How it ships

Single HTML file, ~22KB. Zero dependencies. The 20 penalty scenarios with regulatory citations and computation formulae are 220 lines of vanilla JavaScript. Parameters update in real-time.

Open the tool →