Art. 5 EU AI Act: All 8 Prohibited AI Practices Explained

Updated: June 2026 — full revision to Validai quality standard

Introduction: Absolute Prohibitions Under the EU AI Act

Article 5 of the EU AI Act establishes the only category of AI systems that is banned outright — not subject to risk classification, not eligible for regulatory sandboxes, and not open to proportionality considerations. These are systems whose potential for harm is so severe that the European legislator made an absolute political choice: these practices shall not exist in the EU market.

The eight prohibitions took effect on 2 February 2025 — the earliest of all obligations under the EU AI Act. The stakes are correspondingly high: fines of up to €35 million or 7% of global annual turnover, whichever is higher.

This article provides a complete analysis of all eight prohibitions, including borderline cases, practical deployer implications, and the enforcement risks that Dutch supervisory authorities will prioritise.

The Regulatory Framework: Why These Eight?

The eight prohibitions are not random. They share a common characteristic: each involves a fundamental violation of human dignity, autonomy, or fundamental rights — violations that cannot be adequately mitigated by technical measures or human oversight. A risk classification system cannot make social scoring acceptable; a transparency notice cannot make subliminal manipulation harmless.

The structure of Art. 5 is deliberately broad. Each prohibition uses open-ended language ("AI systems that deploy subliminal techniques") rather than narrow technical definitions. This is intentional: the legislator wanted to capture future techniques that were not yet known at the time of drafting.

The Eight Prohibitions in Detail

1. Subliminal Manipulation (Art. 5.1.a)

What is prohibited: AI systems that deploy subliminal techniques operating below the threshold of human consciousness to materially distort a person's behaviour in a way that causes or is likely to cause that person or another person significant harm.

Key elements: The prohibition has three cumulative requirements: (1) subliminal technique — below conscious perception; (2) material distortion of behaviour; (3) significant harm. All three must be present.

Borderline: Personalised advertising that exploits known cognitive biases (e.g. scarcity framing, loss aversion) is not automatically prohibited. The technique must operate below the threshold of consciousness — if a user can consciously perceive and resist the influence, it does not meet the subliminal threshold. However, the boundary is contested and enforcement authorities are expected to interpret it broadly.

Deployer risk: Marketing tools using advanced psychological profiling at scale deserve careful review. Document your legal analysis explicitly.

2. Exploitation of Vulnerabilities (Art. 5.1.b)

What is prohibited: AI systems that exploit any of the vulnerabilities of a person or a specific group of persons due to their age, disability, or specific social or economic situation to materially distort behaviour in a way that causes or is likely to cause significant harm.

Key distinction from 5.1.a: Here the technique need not be subliminal — the exploitation of vulnerability is itself the wrong. Targeting elderly people with financial products using AI-driven persuasion that exploits cognitive decline is prohibited even if the user is consciously aware of the influence attempt.

Practical examples: AI-driven debt collection targeting people known to be in financial distress with emotionally manipulative messaging. Recommendation algorithms targeting children with harmful content that exploits developmental vulnerabilities. Gambling platforms using AI to identify and exploit problem gamblers.

3. Social Scoring by Public Authorities (Art. 5.1.c)

What is prohibited: AI systems used by or on behalf of public authorities for the evaluation or classification of natural persons based on their social behaviour or personal characteristics, resulting in detrimental or unfavourable treatment in unrelated social areas or treatment that is unjustified or disproportionate to the social behaviour.

Scope: This prohibition is explicitly limited to public authorities. Private organisations conducting internal scoring (e.g. credit scoring, employee performance assessment) are not covered by Art. 5.1.c — though they may fall under the high-risk classification in Annex III.

Dutch context: The SyRI system used by Dutch municipalities for benefit fraud detection was ruled unlawful by Dutch courts in 2020 — before the EU AI Act. Under Art. 5.1.c, similar systems would now be prohibited at EU level.

4. Risk Assessment for Criminal Prediction (Art. 5.1.d)

What is prohibited: AI systems used by law enforcement for risk assessments of natural persons to predict the probability of committing a criminal offence, based solely on profiling or personality traits — not based on objective, verifiable facts directly linked to criminal activity.

Nuance: This does not prohibit all predictive policing. AI tools that assess risk based on documented behavioural evidence are not automatically prohibited. The prohibition targets pure profile-based prediction — the "pre-crime" model — without factual grounding.

5. Untargeted Scraping for Facial Recognition Databases (Art. 5.1.e)

What is prohibited: AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.

Why this matters for deployers: Deployers who use third-party identity verification or facial recognition tools should verify that the vendor's training datasets were not built through untargeted scraping. Using such a system — even without direct knowledge — may expose a deployer to liability.

6. Emotion Recognition in Workplace and Education (Art. 5.1.f)

What is prohibited: AI systems that infer emotions of natural persons in the workplace and educational institutions. Limited exceptions exist for medical and safety purposes.

Practical scope: This prohibition is broader than it may appear. Employee monitoring tools that claim to measure "engagement" or "attention" through facial analysis are covered. Proctoring software used in online education that analyses facial expressions is covered. The prohibition applies regardless of whether the emotional inference is a primary or secondary function of the system.

7. Biometric Categorisation Based on Sensitive Characteristics (Art. 5.1.g)

What is prohibited: AI systems that categorise natural persons individually using biometric data to deduce or infer race, political opinion, trade union membership, religious or philosophical beliefs, or sexual orientation.

Note: This does not prohibit biometric identity verification. The prohibition targets the inference of sensitive characteristics from biometric data — not biometric identification itself.

8. Real-Time Remote Biometric Identification in Public Spaces (Art. 5.1.h)

What is prohibited: Real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes.

Exceptions: Art. 5.2 provides three narrow exceptions: searching for missing persons including child victims of trafficking; prevention of specific, imminent terrorist threats; identification of criminal suspects in serious crimes (as listed). All exceptions require prior judicial authorisation (or urgent post-hoc authorisation) and are subject to strict conditions.

Private sector scope: The prohibition explicitly covers "law enforcement purposes." Private organisations using facial recognition in retail or offices are not prohibited by Art. 5.1.h — though they face other legal requirements under the GDPR and potentially Annex III.

Enforcement and Sanctions

Violations of Art. 5 carry the highest sanctions in the EU AI Act: up to €35 million or 7% of global annual turnover, whichever is higher. For a multinational with €10 billion in revenue, this amounts to €700 million per violation.

National market surveillance authorities — in the Netherlands, the Autoriteit Persoonsgegevens (AP) is the designated authority — have investigative and enforcement powers including access to AI systems, inspection of documentation, and the power to order market withdrawal.

The AP has indicated that Art. 5 enforcement will be a priority in its 2025–2026 supervisory programme. Organisations using AI in HR selection, automated decision-making, and biometric applications are identified as primary supervision targets.

Deployer Compliance Checklist

1. Have you inventoried all AI systems used in your organisation against the eight prohibitions?
2. Do any marketing or personalisation systems use techniques that could constitute subliminal manipulation or exploitation of vulnerability?
3. If you are a public authority: does any AI system contribute to behavioural evaluation across social areas?
4. Do any workplace monitoring or proctoring tools include emotion recognition functionality?
5. Have you verified that facial recognition or identity verification vendor datasets comply with Art. 5.1.e?
6. Is your legal analysis of any borderline systems documented in writing?
7. Do you have an escalation procedure for AI systems that approach prohibited use cases?

FAQ

Q: Does Art. 5 apply to AI systems deployed before 2 February 2025?
A: Yes. The EU AI Act does not grandfather existing systems for prohibited use cases. Systems in active use after 2 February 2025 that meet the criteria of Art. 5 must be decommissioned or modified.

Q: Can we use emotion recognition software for customer satisfaction measurement?
A: Not in the workplace or educational context. In other contexts (e.g. consumer research with explicit consent), a legal analysis is required. The prohibition in Art. 5.1.f is specifically scoped to "the workplace and educational institutions."

Q: We use an AI-based employee engagement platform that measures sentiment. Is this prohibited?
A: Depends on the method. If the platform infers emotional states from facial analysis, voice tone, or other biometric signals — even without explicitly labelling it "emotion recognition" — it likely falls within Art. 5.1.f. Sentiment analysis based on text input (e.g. survey responses) is not biometric and is not prohibited by Art. 5.1.f, though other obligations may apply.