AI Sigil Logo
Contact Us
Back to all insights
A magnifying glass

Sections

Prohibited AI Practices Under the EU AI Act: Key Insights

The EU Commission Guidelines on Prohibited AI Practices Under the AI Act

On February 4, 2025, the European Commission (EC) issued guidelines regarding prohibited artificial intelligence (AI) practices established by the EU AI Act. These guidelines, while currently non-binding, aim to clarify AI practices that pose significant risks to the values and fundamental rights of the European Union, such as public security, the right to privacy, and the right to non-discrimination.

Background

The purpose of this two-part briefing series is to assist privacy professionals and operators of AI systems in understanding the implications of the guidelines. Part One focuses on the first four use cases under Article 5(1)(a) to 5(1)(d), while Part Two will address the remaining prohibited use cases from Article 5(1)(e) to Article 5(1)(h) and other important takeaways.

Interim Period – Enforcement

The provisions related to prohibited AI systems came into force on February 2, 2025. Penalties for non-compliance will be applicable from August 2, 2025, establishing a six-month interim period for enforcement. During this time, although domestic market surveillance authorities have yet to be identified, the prohibitions on certain AI systems remain mandatory.

Prohibited AI Practices

Article 5 of the AI Act outlines the specific AI use cases that are expressly prohibited. These include:

1. Manipulation and Deception (Article 5(1)(a))

This article bans AI systems that utilize subliminal techniques or manipulative strategies to significantly distort individuals’ behavior and alter their decision-making abilities, potentially causing significant harm.

Key Conditions: To apply this prohibition, all cumulative conditions must be met, including:

  • The practice must involve the ‘placing on the market’, ‘putting into service’, or ‘use’ of an AI system.
  • The AI must deploy subliminal or purposefully manipulative techniques.
  • The distortion must impair informed decision-making, leading to decisions that the individual would not have made otherwise.
  • The resulting behavior must likely cause significant harm.

Examples of prohibited practices include visual and auditory subliminal messages that impair decision-making. In contrast, personalized recommendations based on transparent algorithms do not constitute manipulation.

2. Harmful Exploitation of Vulnerabilities (Article 5(1)(b))

This article prohibits using AI to exploit vulnerabilities related to age, disability, or socio-economic conditions that materially distort behavior and result in harm.

Key Conditions: The AI system must:

  • Exploit vulnerabilities due to age, disability, or socio-economic situations.
  • Materially distort behavior, likely causing significant harm.

Examples of harmful exploitation include AI-powered toys that encourage risky behavior in children. Conversely, AI systems that promote healthy choices without manipulation are not considered harmful.

3. Social Scoring (Article 5(1)(c))

This article bans AI systems used to categorize individuals based on their social behavior or personal characteristics, leading to unjustified or detrimental treatment.

Key Conditions: The practice must involve:

  • The evaluation or classification of individuals over time based on their social behavior.
  • Detrimental treatment in unrelated social contexts or disproportionate to the gravity of social behavior.

Financial credit scoring systems that assess creditworthiness based on relevant financial data are permitted as long as they comply with consumer protection laws.

4. Prediction of Criminal Offences (Article 5(1)(d))

This article prohibits AI systems assessing the likelihood of criminal behavior solely based on automated profiling or personal characteristics.

Key Conditions: The AI system must:

  • Assess or predict the risk of an individual committing a criminal offence based solely on profiling or personality traits.

The prohibition does not extend to risk assessments that include objective, verifiable facts linked to criminal activity, which may qualify as high-risk AI systems under the AI Act.

Implementation Timeline

The implementation timeline for the AI Act is as follows:

  • By August 2025: Obligations for general-purpose AI model providers will take effect.
  • By August 2026: Compliance obligations for high-risk AI systems will commence.
  • By August 2027: Compliance obligations for specific high-risk AI systems will go into effect.

These guidelines serve as a crucial framework for understanding the implications and responsibilities associated with AI practices within the European Union.

More Insights

A globe with a digital lock

US Rejects UN’s Call for Global AI Governance Framework

November 23, 2025 AI,Artificial Intelligence Governance,Global Collaboration,International Policy
U.S. officials rejected the establishment of a global AI governance framework at the United Nations General Assembly, despite broad support from many nations, including China. Michael Kratsios of the...
Read More
A digital lock

Agentic AI: Managing the Risks of Autonomous Systems

November 23, 2025 AI,AI Governance,Artificial Intelligence Governance,Regulatory Compliance
As companies increasingly adopt agentic AI systems for autonomous decision-making, they face the emerging challenge of agentic AI sprawl, which can lead to security vulnerabilities and operational...
Read More
A puppet

AI as a New Opinion Gatekeeper: Addressing Hidden Biases

November 23, 2025 AI,AI Ethics,AI Governance,AI Regulation Awareness
As large language models (LLMs) become increasingly integrated into sectors like healthcare and finance, a new study highlights the potential for subtle biases in AI systems to distort public...
Read More
A blueprint to illustrate the structured approach to creating regulatory frameworks.

AI Accountability: A New Era of Regulation and Compliance

November 23, 2025 AI,AI Accountability,AI Regulation,Regulatory Compliance
The burgeoning world of Artificial Intelligence (AI) is at a critical juncture as regulatory actions signal a new era of accountability and ethical deployment. Recent events highlight the shift...
Read More
A blueprint

Choosing Effective AI Governance Tools for Safer Adoption

November 23, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
As generative AI continues to evolve, so do the associated risks, making AI governance tools essential for managing these challenges. This initiative, in collaboration with Tokio Marine Group, aims to...
Read More
A network globe illustrating global consensus and collaboration on AI governance.

UN Initiatives for Trustworthy AI Governance

November 23, 2025 AI,AI Governance,AI Regulation,Global AI Policy
The United Nations is working to influence global policy on artificial intelligence by establishing an expert panel to develop standards for "safe, secure and trustworthy" AI. This initiative aims to...
Read More
A compass

Data-Driven Governance: Shaping AI Regulation in Singapore

November 23, 2025 AI,AI Ethics,AI Governance,Technology Policy
The conversation between Thomas Roehm from SAS and Frankie Phua from United Overseas Bank at the SAS Innovate On Tour in Singapore explores how data-driven regulation can effectively govern rapidly...
Read More
A roadmap

Preparing SMEs for EU AI Compliance Challenges

November 23, 2025 AI,AI Governance,AI Regulation Awareness,EU Compliance
Small and medium-sized enterprises (SMEs) must navigate the complexities of the EU AI Act, which categorizes many AI applications as "high-risk" and imposes strict compliance requirements. To adapt...
Read More
A digital lock – representing security and control over AI systems.

Draft Guidance on Reporting Serious Incidents Under the EU AI Act

November 23, 2025 AI,AI Regulation,EU Compliance,Regulatory Frameworks
On September 26, 2025, the European Commission published draft guidance on serious incident reporting requirements for high-risk AI systems under the EU AI Act. Organizations developing or deploying...
Read More