Transparency rules in2 Aug 2026
Library / Guide

Article 5: the banned AI practices

Most of the Act is about managing risk. Article 5 is different: it draws a hard line and bans a handful of uses outright. They have been prohibited since February 2025.

What prohibited means

These uses are banned outright, regardless of any safeguards, consent, or good intentions you might bring. Unlike the high-risk tier, there is no compliance path that makes a prohibited use lawful; the only response is not to do it. The prohibitions have applied since 2 February 2025, among the first parts of the Act to take effect.

They also sit in the heaviest penalty band, up to 35 million euros or 7% of worldwide turnover. That weighting is deliberate: these are the uses the EU decided are incompatible with people's fundamental rights, not merely risky ones to be managed.

The banned practices

In plain terms, the Act prohibits: AI that uses subliminal or deliberately manipulative techniques to distort behaviour and cause harm; AI that exploits the vulnerabilities of a person or group, such as age or disability, to the same end.

It prohibits social scoring that leads to unfair or detrimental treatment; predicting a person's risk of committing a crime based solely on profiling or personality; and scraping facial images in bulk from the internet or CCTV to build recognition databases.

It prohibits emotion recognition in workplaces and schools, and biometric categorisation that infers sensitive traits like race, political views, or sexual orientation. Real-time remote biometric identification in public spaces for law enforcement is prohibited except in narrow, tightly controlled cases.

Why most SMBs are not affected

These prohibitions target manipulative, surveillance, and state-style uses of AI. The ordinary tools a business uses to write, summarise, support customers, analyse data, or schedule work do not fall here. For most organisations, Article 5 is a line to confirm you sit well clear of, not a daily concern.

That said, "we would never" is not the same as "we have checked". The value of reading the list once is being able to say, with confidence, that nothing in your stack comes near it.

Where ordinary businesses can stray close

A few common temptations sit near the line. Emotion recognition in a workplace setting, for instance staff-monitoring software that claims to read mood or engagement, is banned. So is biometric categorisation that sorts staff or customers by sensitive traits, and profiling that ranks people in ways that could be read as social scoring.

The pattern to watch for is any system that infers people's feelings, traits, or trustworthiness from their data, or that scores people for general purposes rather than a narrow, legitimate one. If you are weighing something like that, treat it as a stop-and-check moment before you go any further.

Exceptions and grey areas

There are narrow exceptions, for example certain medical or safety uses of emotion recognition, and tightly limited law enforcement cases with their own safeguards. They are specific carve-outs, not a general escape hatch, and they rarely apply to an ordinary business.

Article 5 is the part of the Act where the cost of getting it wrong is highest, both in penalties and in reputation. A use that looks close to the line is exactly the kind to put to qualified counsel rather than judge for yourself.

What to do about it

Run your AI inventory against the banned list once, paying particular attention to anything that infers people's emotions, traits, or trustworthiness, or that ranks people in ways that resemble scoring. For the vast majority of tools, this is a quick all-clear you can record and move on from.

If a use sits anywhere near the line, stop and take advice before proceeding. This is the one area where relying on your own reading carries the most downside.

Placeholder

This guide is general educational information, not legal advice. For how the Act applies to your organisation, classify your systems and consult qualified counsel.

Put it into practice

Classify your AI systems against the Act and generate the documents this guide describes.

A note on cookies

We use strictly necessary cookies to run the site and keep it secure. With your OK, we also use privacy-respecting, EU-hosted analytics to see how Veillo is used. No advertising, no third-party trackers. Read our cookie policy.