The prohibited AI practices under Regulation (EU) 2024/1689 became applicable on 2 February 2025. Organisations that deploy any of the eight prohibited practices risk administrative fines of up to €35 million or 7% of global annual turnover, whichever is higher. What exactly is prohibited, and where the line falls between outright bans and high-risk obligations that are not banned, remains unclear for many organisations. This article provides an overview of all eight prohibitions, with concrete examples and an explanation of the most important boundary cases.
The eight prohibitions at a glance
Article 5 prohibits the placing on the market, putting into service, or use of AI systems for the following practices:
1. Harmful manipulation and deception (Article 5(1)(a)): AI systems that deploy subliminal techniques or purposefully manipulative or deceptive techniques to materially distort people's behaviour and thereby cause significant harm. An example is a recommendation system that unconsciously triggers fear responses in order to drive purchases.
2. Exploitation of vulnerabilities (Article 5(1)(b)): AI systems that exploit vulnerabilities related to age, disability, or a specific social or economic situation. Examples include chatbots that manipulate elderly users with cognitive decline, or apps that encourage financially vulnerable users to take out loans.
3. Social scoring (Article 5(1)(c)): AI systems that evaluate or classify persons over a period of time based on social behaviour or personality characteristics, where the resulting score leads to detrimental treatment in unrelated contexts, or to disproportionate treatment. The classic example is the Chinese model in which citizens are assessed across all aspects of social life and consequently excluded from services or the right to travel.
4. Predictive criminal profiling (Article 5(1)(d)): AI systems that assess or predict the risk of a person committing a criminal offence based solely on profiling or personality traits and characteristics. This is distinct from systems that support human assessments of involvement in criminal activity already grounded in objective, verifiable facts.
5. Untargeted scraping to build facial recognition databases (Article 5(1)(e)): AI systems that collect facial images from the internet or CCTV footage without targeting a specific individual or group, in order to create or expand facial recognition databases. This prohibition covers practices such as those associated with Clearview AI.
6. Emotion recognition in the workplace and education (Article 5(1)(f)): AI systems that infer emotions of employees or students from biometric data, except where the system is intended solely for medical or safety purposes. An HR tool that monitors employees' moods in real time via camera footage falls squarely within this prohibition.
7. Biometric categorisation based on sensitive characteristics (Article 5(1)(g)): AI systems that classify individuals on the basis of biometric data to deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation.
8. Real-time remote biometric identification in publicly accessible spaces (Article 5(1)(h)): The use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes is prohibited, subject to three exhaustively defined exceptions: the targeted search for victims of serious crimes or missing persons, the prevention of a specific and serious threat to life or safety or of a terrorist attack, and the localisation of suspects of criminal offences punishable by a maximum custodial sentence of at least four years.
Boundary cases: what is prohibited and what is high-risk?
A common error is conflating prohibited practices with high-risk applications. The two are distinct categories with fundamentally different legal consequences.
Private credit scoring is a clear example of a boundary case. A bank using AI to assess a consumer's creditworthiness on the basis of relevant financial data does not fall within the prohibition in Article 5(1)(c). The assessment is directly linked to the application and does not lead to treatment in an unrelated social context. Such systems are, however, explicitly designated as high-risk under Annex III, point 5(b) of the Regulation. This means conformity assessment, technical documentation, human oversight, and registration are required, but there is no outright ban.
Fraud detection at banks or insurers based on transaction patterns similarly falls outside the prohibition, provided the analysis is grounded in objective financial indicators and does not rely on personality characteristics or data from unrelated social contexts.
Emotion detection for medical or safety purposes is expressly excluded from the prohibition. A system that detects fatigue in drivers or operators of heavy machinery is not covered by Article 5(1)(f), provided it is deployed exclusively for that safety purpose.
One-off behavioural assessments in a clearly defined context (such as evaluating a job applicant against relevant role requirements) do not automatically fall within the social scoring prohibition, because that prohibition requires a cumulative assessment over a given period of time. Such systems are, however, high-risk under Annex III.
Scope: who is bound?
The prohibitions apply to both providers and deployers, and to organisations established inside and outside the EU that offer or use AI systems with effects on persons in the EU. The prohibitions therefore have extraterritorial reach. AI systems used exclusively for national security or military purposes are outside scope, but only where that is the exclusive purpose. Dual-use systems do not benefit from this exclusion.
Guidelines from the European Commission
On 4 February 2025, the European Commission published non-binding guidelines on the practical application of the prohibitions. These guidelines provide legal explanations and concrete examples for each prohibition. They stress that the prohibitions must be interpreted broadly to prevent circumvention, and that compliance with other EU legislation (such as the GDPR or the Digital Services Act) does not automatically mean that an AI practice is permissible under the AI Act.
Enforcement and fines
The prohibitions have been applicable since 2 February 2025. Supervisory authorities' enforcement powers became applicable on 2 August 2025. Violations of Article 5 may be subject to administrative fines of up to €35 million or 7% of total worldwide annual turnover, whichever is higher. For small and medium-sized enterprises, including start-ups, a lower ceiling applies. In addition to fines, supervisory authorities may require an AI system to be withdrawn from the market or restrict its availability. The prohibitions are directly enforceable before national courts, making civil enforcement equally possible.
Practical implications for organisations
Organisations must review all current AI applications against the eight prohibited categories. Particular attention is warranted for systems that process biometric data, monitor employees or students, aggregate behavioural data over extended periods, or produce automated risk assessments. Where the classification of an application is in doubt, the default position is: even if a practice is not prohibited, it may still be high-risk, triggering substantial compliance obligations that become fully applicable in August 2026.