Quick answer

Since February 2, 2025, Article 5 of the EU AI Act bans eight practices, including harmful manipulation, exploiting vulnerabilities, social scoring, predictive criminal profiling of individuals, untargeted facial image scraping, emotion recognition in workplaces and schools, biometric categorisation of sensitive traits, and real-time remote biometric identification for law enforcement outside narrow exceptions. Violations carry the Act's highest fines.

Updated June 2026 · MmowW AI Compliance

EU AI Act Prohibited Practices: Real-World Examples of Banned AI

What Are the Prohibited Practices in the EU AI Act

Article 5 of Regulation (EU) 2024/1689 lists the AI practices the EU considers incompatible with fundamental rights, and it does not regulate them, it bans them. The prohibitions have applied since February 2, 2025, ahead of almost everything else in the Act, and they carry its heaviest penalties: up to 35 million euros or 7 percent of worldwide annual turnover, whichever is higher. The list is about practices, not technologies: the same computer vision or language model is lawful in one use and banned in another. For ordinary businesses, most of the list is comfortably remote, but two or three items, manipulation, vulnerability exploitation, and emotion recognition at work, sit closer to everyday commercial temptation than many assume, which is why concrete examples matter more than legal abstractions.

Manipulation and Exploitation: The Two Behavioural Bans

The first ban covers AI deploying subliminal techniques beyond a person's awareness, or purposefully manipulative or deceptive techniques, with the objective or effect of materially distorting behaviour by impairing informed decision-making, causing or reasonably likely to cause significant harm. Example: an engagement engine that learns to push users with signs of compulsive behaviour into escalating in-app purchases through dark patterns they cannot perceive would cross the line; ordinary advertising and recommendation, which people can recognise and resist, does not. The second ban covers exploiting vulnerabilities due to age, disability, or a specific social or economic situation to distort behaviour harmfully. Examples: a voice assistant nudging children toward dangerous stunts, or a loan-marketing model deliberately tuned to target people in acute financial distress with ruinous products. The keywords limiting both bans are material distortion and significant harm; persuasion as such remains lawful.

Social Scoring and Predictive Criminal Profiling

The social scoring ban targets evaluating or classifying people over time based on social behaviour or inferred personal characteristics, where the resulting score leads to detrimental treatment in contexts unrelated to where the data was generated, or treatment disproportionate to the behaviour. The canonical example is a state-run citizen score, but the ban is not limited to governments: a private platform aggregating tenants' social media conduct into a worthiness score used to deny unrelated services would raise the same issue. Distinct, contextual scoring remains lawful, which is why credit scoring built on financial data is regulated as high-risk rather than banned. The related ban on predictive policing prohibits assessing or predicting the risk of a person committing a criminal offence based solely on profiling or personality traits; risk assessment grounded in objective, verifiable facts tied to actual criminal activity stays outside the ban.

Facial Scraping and Biometric Categorisation

Two bans address biometric data harvesting and inference. Creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage is prohibited, a rule aimed squarely at the business model of scraping billions of photos without consent to sell identification services. And biometric categorisation systems that infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation from biometric data are banned, with carve-outs for lawful labelling of datasets and certain law enforcement contexts. Example: a retail analytics product claiming to segment shoppers by ethnicity or inferred sexuality from camera feeds is not a risky product to be documented, it is a banned one.

Emotion Recognition at Work and School: The Ban Businesses Trip Over

AI systems that infer emotions of people in workplaces and education institutions are prohibited, except where intended for medical or safety reasons. This is the prohibition most likely to surface in an ordinary company's procurement pipeline, because vendors sell it as a feature: call-centre software scoring agents' emotional tone for performance management, interview platforms reading candidates' facial expressions for enthusiasm, classroom tools tracking pupil attention through webcams. All of these, used on workers or students, fall within the ban. The medical and safety exception covers genuine cases such as fatigue detection for drivers and machinery operators. Note the boundaries: sentiment analysis of customer text outside workplaces and schools is not within this ban, and detecting readily apparent expressions or states, as distinct from inferring emotions, sits outside the definition of emotion recognition, though products in this zone deserve careful, documented assessment.

Real-Time Remote Biometric Identification

The final ban concerns the use of real-time remote biometric identification systems, live facial recognition, in publicly accessible spaces for law enforcement purposes. It is prohibited except in exhaustively listed situations: targeted searches for victims of abduction, trafficking, and sexual exploitation or missing persons; prevention of a specific, substantial, and imminent threat to life or safety, or a genuine and foreseeable terrorist threat; and locating suspects of serious offences listed in the Act. Even the exceptions require prior authorisation by a judicial or independent administrative authority and national legislation enabling them, plus safeguards. Private businesses are not the addressees of this particular ban, but its existence shapes the wider climate: post-event identification and any biometric identification by companies fall under high-risk rules and other strict conditions rather than this prohibition.

Penalties and the Cost of Getting This Wrong

Violation typeMaximum fine
Prohibited practice under Article 535 million euros or 7 percent of worldwide annual turnover, whichever is higher
Most other obligations15 million euros or 3 percent
Misleading information to authorities7.5 million euros or 1 percent

For SMEs each cap is read as the lower of the two amounts. Beyond fines, a product built on a banned practice has no compliance path: it cannot be documented, assessed, or registered into legality, only discontinued. That makes Article 5 screening the first gate in any AI product or procurement decision, not a detail for later.

How to Screen Your Organisation Against Article 5

Run a focused review with five questions. Do any of our systems or vendor tools infer emotions of employees or students, under any feature name, such as engagement scoring or attention analytics? Do any marketing or engagement systems target people identified as vulnerable, by age, disability, or financial distress, in ways that could cause significant harm? Do we aggregate behavioural data into general-purpose scores that affect people in unrelated contexts? Do any tools build or buy facial image databases of unclear origin? Do any camera-based analytics claim to infer sensitive attributes? Document the answers, including clean negatives, and add Article 5 screening to procurement checklists, because the realistic route into a prohibited practice for a normal company is not building one, it is buying one inside a feature list nobody read closely. The European Commission published guidelines on the prohibited practices in early 2025, and they are the reference to consult for boundary cases.

Where the Bans Stop and High Risk Begins

Several lawful, regulated practices sit immediately next to banned ones, and knowing the dividing lines prevents both violations and overreaction. Credit scoring on financial data is high-risk, not banned; a general behaviour score reused across unrelated contexts is banned. Targeted advertising that people can recognise is lawful; covert manipulation that materially distorts behaviour toward significant harm is not. Post-event facial recognition by police under strict conditions is high-risk with safeguards; live public identification outside the listed exceptions is banned. Verifying an employee's identity by face match to unlock a device is biometric verification, regulated but permitted; inferring that same employee's emotional state for performance review is banned. Fatigue monitoring of a truck driver for safety is within the exception; enthusiasm scoring of a sales team is not. Mapping your use cases against these pairs is more illuminating than reading the prohibitions in isolation, because real products usually live near a boundary rather than at the extremes.

Building Article 5 Screening into Ordinary Governance

Because the bans are already in force, screening cannot wait for the wider 2026 programme, and because they reach acquired tools, it cannot stop at in-house development. Three insertion points cover most exposure. Procurement: add a standing question to vendor assessments asking whether the product performs emotion inference, biometric categorisation, behaviour scoring, or vulnerability-targeted personalisation, with feature names listed, since vendors rarely use Article 5 vocabulary. Product development: make the prohibited list a gate in design reviews for anything touching personalisation, biometrics, or workplace analytics. Periodic review: re-screen annually and on major vendor upgrades, because features added in routine updates have already moved products across legal lines in other domains. Keep the outcomes in your AI inventory alongside risk classifications. The work is light, an hour per review cycle for most SMEs, and it addresses the one tier of the Act where discovery of a problem means stopping an activity outright rather than improving its paperwork.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.