EU AI Act topic guide

Prohibited AI practices under the EU AI Act (Article 5)

Since 2 February 2025, certain AI applications are banned outright in the EU. These are uses the legislator judged to pose an "unacceptable risk" that cannot be mitigated by conditions - the potential harm to people is simply too great. Article 5 lists eight current prohibitions. A provisional political agreement of May 2026 would add a ninth (not yet law). This page walks through each ban in plain English.

Reviewed by the AI Act Navigator team · Last updated 9 June 2026

TL;DR

  • Eight AI uses are banned under Article 5, applicable since 2 February 2025.
  • The bans cover: manipulative/subliminal techniques, exploiting vulnerabilities, social scoring, predictive policing by profiling, untargeted facial-image scraping, workplace/school emotion recognition, sensitive-attribute biometric categorisation, and real-time remote biometric identification in public for law enforcement.
  • Penalties for breach: up to €35 million or 7% of global annual turnover (whichever is higher).
  • [PROPOSED, NOT YET LAW] The Digital Omnibus provisional agreement would add a ninth ban on AI-generated non-consensual intimate imagery and AI-generated CSAM.
Classify your AI systemObligations guide

Scope

What this covers

  • AI systems using subliminal, manipulative or deceptive techniques that materially distort behaviour and cause significant harm.
  • AI exploiting vulnerabilities due to age, disability or socio-economic situation to distort behaviour and cause significant harm.
  • Social-scoring systems that evaluate or classify people based on social behaviour or personal traits and lead to detrimental or unjustified treatment.
  • Predictive-policing AI that assesses or predicts criminal risk based solely on profiling or personality traits.
  • AI systems that build or expand facial-recognition databases by untargeted scraping of facial images from the internet or CCTV.
  • Emotion-recognition AI deployed in workplaces or educational institutions (except for medical or safety reasons).
  • AI performing biometric categorisation to infer sensitive attributes: race, political opinions, trade-union membership, religious or philosophical beliefs, sex life or sexual orientation.
  • "Real-time" remote biometric identification in publicly accessible spaces for law enforcement - with very narrow exceptions subject to judicial authorisation.

Each prohibition has precise scope conditions in Article 5. The narrow law-enforcement exceptions (e.g. searching for missing persons, preventing an imminent terrorist attack) are strictly defined and require prior authorisation.

Source: Regulation (EU) 2024/1689 (EUR-Lex)

Compliance challenges

Key compliance challenges

  • Identifying whether your AI system crosses the manipulative-technique threshold - the test is whether it materially distorts a person's behaviour in a way that impairs informed decision-making and causes or is likely to cause significant harm.
  • Emotion recognition: while banned in workplaces and schools, it remains allowed in other contexts (e.g. medical) and as a biometric-categorisation system carrying transparency obligations, creating definitional complexity.
  • Real-time biometric ID: even for law enforcement, the narrow exceptions require prior judicial or administrative authorisation in most cases - and Member States may impose stricter limits.
  • Penalties are the highest in the Act - €35m/7% - so compliance certainty matters.

The EU AI Act applies a risk-based approach: obligations scale with the level of risk posed. AI Act high-level summary

What to do

What to do

  1. Map every AI system in your portfolio that touches biometrics, emotion recognition, content recommendation, or vulnerability-based personalisation.
  2. For each, check whether any Article 5 prohibition could apply given the system's intended purpose and reasonably foreseeable uses.
  3. If a system falls within a prohibition, it cannot be placed on the market or put into service - it must be withdrawn or fundamentally redesigned.
  4. Document your assessment; keep records in case of regulatory inquiry.
  5. Monitor the Digital Omnibus adoption to track whether the ninth prohibition becomes law before 2 August 2026.

For the full obligations breakdown, see the AI Act obligations guide, and for role-specific duties see the provider vs deployer guide.

Proposed ninth prohibition - not yet law

The provisional Digital Omnibus political agreement of 7 May 2026 would add a ninth Article 5 prohibition: AI systems generating non-consensual intimate imagery ("nudifier" apps) and AI-generated child sexual abuse material. Co-legislators intend to adopt the amendment before 2 August 2026, but it is not yet formally adopted. Until then, the eight prohibitions in 2a are the binding legal default. Council press release, 7 May 2026

FAQ

Prohibited AI practices: common questions

When did the Article 5 prohibitions take effect?
The prohibited practices under Article 5 have been applicable since 2 February 2025 - six months after the AI Act entered into force on 1 August 2024.
Can the real-time biometric identification prohibition be waived for law enforcement?
Yes, but very narrowly. Law-enforcement agencies may use real-time remote biometric identification in publicly accessible spaces only for specific purposes (targeted search for victims or missing persons, preventing an imminent threat to life or terrorist attack, locating or identifying suspects of serious crimes), and typically only with prior judicial or administrative authorisation. Member States can impose stricter limits.
Is emotion-recognition AI completely banned?
It is banned in the workplace and in educational institutions, except for medical or safety reasons. Outside those contexts it is not prohibited - but deployers must still comply with Article 50 transparency obligations (informing people whose emotions are being inferred).
What happens if we already have a system that falls within a prohibition?
You must withdraw it from the EU market or discontinue its use in the EU. The prohibitions are absolute - there is no conformity-assessment route that would authorise a banned practice. Continued operation risks fines of up to €35 million or 7% of global annual turnover.
Does the Article 5 prohibition on social scoring apply to private companies?
Yes. The ban applies to any provider or deployer, public or private, whose AI system evaluates or classifies people based on their social behaviour or personal traits and leads to detrimental or unjustified treatment across unrelated social contexts or disproportionate to the original context. This covers private credit-scoring and insurance-risk contexts where those conditions are met, though those use cases may also be regulated as high-risk (Annex III) rather than prohibited depending on precise scope.

Get AI Act-ready

Use the risk classifier to find your system's tier, then explore the obligations and checklist for your role.

Classify your AI system

This is guidance, not legal advice

This is guidance to help you understand how the EU AI Act applies to prohibited ai practices, not legal advice. For decisions specific to your organisation, confirm with the official sources we link or a qualified legal adviser.

Sources

  1. [1]Regulation (EU) 2024/1689 (EU AI Act) - EUR-Lexretrieved 9 Jun 2026
  2. [2]European Commission: AI regulatory frameworkretrieved 9 Jun 2026
  3. [3]AI Act Explorer: high-level summaryretrieved 9 Jun 2026
  4. [4]AI Act implementation timelineretrieved 9 Jun 2026
  5. [5]Council of the EU: Digital Omnibus provisional agreement, 7 May 2026retrieved 9 Jun 2026

The AI Act Brief

Subscribe to The AI Act Brief

We watch Brussels so you don't. Plain-English EU AI Act updates, free.

No spam. Unsubscribe anytime.

Prohibited AI practices under the EU AI Act: the 8 bans explained | AI Act Navigator · AI Act Navigator