EU AI Act Article 5 prohibits eight AI practices with unacceptable risk. These bans apply from 2 February 2025. They cover subliminal manipulation, social scoring, real-time biometric identification in public spaces, emotion recognition at work, biometric categorisation inferring sensitive traits, and NCII/CSAM generation.
Prohibited practices are already law — since 2 February 2025
Article 5 of the EU AI Act prohibits eight categories of AI practices deemed to pose unacceptable risk. These prohibitions entered into force on 2 February 2025 — six months after the Act entered into force — and apply to all providers and deployers in the EU without exception. The 2026 Digital Omnibus did not change these prohibitions.
Enforcement is live. National market surveillance authorities and the EU AI Office have authority to investigate, impose injunctions, and levy fines.
The eight prohibited practices
1. Subliminal manipulation
AI systems that deploy techniques operating below the threshold of human consciousness to distort behaviour in ways that cause or are likely to cause significant harm. This targets AI that exploits cognitive biases, psychological weaknesses, or subconscious triggers to steer behaviour against users' own interests.
Distinguishing feature: the manipulation must be below conscious perception AND cause (or likely cause) significant harm. Persuasive but transparent AI is not prohibited.
2. Exploitation of vulnerabilities
AI that exploits specific vulnerabilities of particular groups — children, elderly persons, people with disabilities, those in economic distress — to distort behaviour in a way that causes or is likely to cause significant harm.
3. Social scoring by public authorities
General-purpose social scoring systems operated by public authorities that evaluate or classify natural persons based on their social behaviour or personal characteristics, where the scoring leads to detrimental treatment unrelated to the context in which the data was generated.
This targets Chinese-style social credit systems. It applies only to public authorities — private sector credit scoring in specific domains (financial creditworthiness) remains permissible under Annex III.
4. Real-time remote biometric identification in public spaces (law enforcement)
Real-time remote biometric identification of natural persons in publicly accessible spaces for the purpose of law enforcement is prohibited, with three narrow exceptions:
- Targeted search for specific victims of crime (kidnapping, trafficking, sexual exploitation)
- Prevention of specific, substantial, and imminent terrorist threat
- Identification of perpetrators of listed serious criminal offences carrying custodial sentences above 3 years
Exceptions require prior judicial or independent administrative authorisation, are time- and location-limited, and are notified to a national authority.
5. AI-based individual criminal risk prediction
AI systems that assess or predict the risk of a natural person committing a criminal offence based solely on profiling or personality characteristics, without reference to objective, verifiable facts directly linked to criminal activity.
6. Emotion recognition in the workplace and educational institutions
AI systems used to infer emotions of natural persons in the workplace or educational institutions are prohibited. Exceptions exist for medical purposes (e.g., pain assessment) and safety purposes (drowsiness detection for vehicle operators).
7. Biometric categorisation inferring sensitive characteristics
AI systems that categorise individuals based on biometric data to infer or deduce race, political opinions, trade union membership, religious or philosophical beliefs, sexual orientation, or health status are prohibited.
Standard facial recognition for access control (identifying who someone is) is different from categorisation (inferring what group they belong to). The latter is prohibited.
8. NCII and CSAM generation
AI systems that generate or manipulate image, audio, or video content constituting non-consensual intimate images (NCII) or child sexual abuse material (CSAM) are prohibited. This was added to address the specific harm from generative AI models in these categories.
Penalties
Non-compliance with Article 5 carries the highest tier of AI Act fines:
- €35 million or 7% of total worldwide annual turnover for the preceding financial year, whichever is higher
- For SMEs and start-ups: the lower of the two figures applies
National competent authorities also have powers to require immediate withdrawal of the AI system from the market.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
The prohibited practices under Article 5 of the EU AI Act have applied from 2 February 2025. This deadline was not changed by the 2026 Digital Omnibus. Non-compliance has been actionable since that date.
Violations of Article 5 prohibited practices carry the highest fines in the AI Act: up to €35 million or 7% of total worldwide annual turnover for the preceding financial year, whichever is higher.
No — only in specific contexts. Emotion recognition AI in the workplace and educational institutions is prohibited. It is permitted for medical and safety purposes (e.g., detecting driver drowsiness) with appropriate safeguards.
No. The prohibition covers biometric categorisation systems that infer sensitive characteristics (race, political opinions, trade union membership, sexual orientation, religion) from biometric data. Standard biometric identification for access control or payment is not covered by this prohibition.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.