Guidelines on Prohibited AI Practices

European Commission guidelines on prohibited artificial intelligence practices under Article 5 of the EU AI Act, with legal interpretations and practical examples.

What is this document?

The Guidelines on Prohibited AI Practices are an official European Commission document published on 4 February 2025. It is a comprehensive 135-page document that provides detailed clarification of artificial intelligence practices deemed unacceptable due to the risk they pose to fundamental rights and EU values.

The prohibitions under Article 5 of the AI Act began to apply on 2 February 2025 — they were the first provision of the EU AI Act to enter into force. From 2 August 2025, competent authorities in Member States (or the European Data Protection Supervisor for EU institutions) may enforce these prohibitions.

Key points

Prohibited practices

Article 5 of the EU AI Act prohibits the following AI practices:

1. Manipulative and deceptive techniques (Art. 5(1)(a))

AI systems that deploy subliminal techniques, purposefully manipulative or deceptive techniques with the objective of materially distorting the behaviour of a person or group, causing significant harm.

2. Exploitation of vulnerabilities (Art. 5(1)(b))

AI systems that exploit vulnerabilities of persons due to their age, disability, or specific social or economic situation, with the objective of materially distorting behaviour in a manner that causes significant harm.

3. Social scoring (Art. 5(1)(c))

AI systems for the evaluation or classification of natural persons based on their social behaviour or personal characteristics, where this leads to detrimental treatment in unrelated contexts or treatment that is unjustified or disproportionate.

4. Predictive policing (Art. 5(1)(d))

AI systems that assess the risk of committing a criminal offence based solely on profiling or the personality and characteristics of a person (with the exception of AI systems that support human assessment based on objective and verifiable facts).

5. Untargeted scraping of facial images (Art. 5(1)(e))

AI systems that create or expand facial recognition databases through untargeted scraping of images from the internet or CCTV footage.

6. Emotion recognition (Art. 5(1)(f))

AI systems for emotion recognition in the workplace and educational institutions, except for medical or safety purposes.

7. Biometric categorisation (Art. 5(1)(g))

AI systems for biometric categorisation to infer race, political opinions, trade union membership, religious beliefs, sex life, or sexual orientation.

8. Real-time remote biometric identification (Art. 5(1)(h))

Use of real-time remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement, with strictly limited exceptions.

Key interpretations by the Commission

The guidelines clarify several important concepts:

"Materially distorting behaviour" — behaviour that the person would not otherwise have undertaken
"Significant harm" — need not be physical; may include financial, psychological, or social harm
"Subliminal techniques" — techniques that the person cannot consciously perceive

How does this apply to organisations?

Immediate obligation

All organisations that develop or use AI systems must immediately verify that none of their systems falls under the prohibited practices. This applies regardless of the size of the organisation.

Practical steps

Audit AI systems — Review all AI systems in the organisation against the list in Article 5
Legal analysis — For any system that potentially borders on a prohibited practice, obtain a legal opinion
Documentation — Document the analysis and conclusions for each system
Staff training — Ensure all those working with AI understand the prohibited practices
Reporting mechanism — Establish an internal process for reporting potential violations

Penalties

Violation of the prohibitions under Article 5 carries the strictest penalties under the AI Act:

Up to EUR 35 million or up to 7% of total global annual turnover (preceding financial year), whichever is greater

Relevant articles of the EU AI Act

Article	Topic
Art. 5	Prohibited AI practices
Art. 99(3)	Penalties for violation of prohibitions
Art. 113	Date of application of prohibitions (2 February 2025)
Recitals 28-46	Explanatory considerations for each prohibited practice

Source document

The European Commission guidelines are available at: Commission publishes the Guidelines on prohibited artificial intelligence (AI) practices

What is this document?

Key points

Prohibited practices

Article 5 of the EU AI Act prohibits the following AI practices:

1. Manipulative and deceptive techniques (Art. 5(1)(a))

2. Exploitation of vulnerabilities (Art. 5(1)(b))

3. Social scoring (Art. 5(1)(c))

4. Predictive policing (Art. 5(1)(d))

5. Untargeted scraping of facial images (Art. 5(1)(e))

AI systems that create or expand facial recognition databases through untargeted scraping of images from the internet or CCTV footage.

6. Emotion recognition (Art. 5(1)(f))

AI systems for emotion recognition in the workplace and educational institutions, except for medical or safety purposes.

7. Biometric categorisation (Art. 5(1)(g))

AI systems for biometric categorisation to infer race, political opinions, trade union membership, religious beliefs, sex life, or sexual orientation.

8. Real-time remote biometric identification (Art. 5(1)(h))

Use of real-time remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement, with strictly limited exceptions.

Key interpretations by the Commission

The guidelines clarify several important concepts:

"Materially distorting behaviour" — behaviour that the person would not otherwise have undertaken
"Significant harm" — need not be physical; may include financial, psychological, or social harm
"Subliminal techniques" — techniques that the person cannot consciously perceive

How does this apply to organisations?

Immediate obligation

All organisations that develop or use AI systems must immediately verify that none of their systems falls under the prohibited practices. This applies regardless of the size of the organisation.

Practical steps

Audit AI systems — Review all AI systems in the organisation against the list in Article 5
Legal analysis — For any system that potentially borders on a prohibited practice, obtain a legal opinion
Documentation — Document the analysis and conclusions for each system
Staff training — Ensure all those working with AI understand the prohibited practices
Reporting mechanism — Establish an internal process for reporting potential violations

Penalties

Violation of the prohibitions under Article 5 carries the strictest penalties under the AI Act:

Up to EUR 35 million or up to 7% of total global annual turnover (preceding financial year), whichever is greater

Relevant articles of the EU AI Act

Article	Topic
Art. 5	Prohibited AI practices
Art. 99(3)	Penalties for violation of prohibitions
Art. 113	Date of application of prohibitions (2 February 2025)
Recitals 28-46	Explanatory considerations for each prohibited practice

Source document

The European Commission guidelines are available at: Commission publishes the Guidelines on prohibited artificial intelligence (AI) practices

Guidelines on Prohibited AI Practices

What is this document?

Key points

Prohibited practices

1. Manipulative and deceptive techniques (Art. 5(1)(a))

2. Exploitation of vulnerabilities (Art. 5(1)(b))

3. Social scoring (Art. 5(1)(c))

4. Predictive policing (Art. 5(1)(d))

5. Untargeted scraping of facial images (Art. 5(1)(e))

6. Emotion recognition (Art. 5(1)(f))

7. Biometric categorisation (Art. 5(1)(g))

8. Real-time remote biometric identification (Art. 5(1)(h))

Key interpretations by the Commission

How does this apply to organisations?

Immediate obligation

Practical steps

Penalties

Relevant articles of the EU AI Act

Source document

Need compliance documentation?

Guidelines on Prohibited AI Practices

What is this document?

Key points

Prohibited practices

1. Manipulative and deceptive techniques (Art. 5(1)(a))

2. Exploitation of vulnerabilities (Art. 5(1)(b))

3. Social scoring (Art. 5(1)(c))

4. Predictive policing (Art. 5(1)(d))

5. Untargeted scraping of facial images (Art. 5(1)(e))

6. Emotion recognition (Art. 5(1)(f))

7. Biometric categorisation (Art. 5(1)(g))

8. Real-time remote biometric identification (Art. 5(1)(h))

Key interpretations by the Commission

How does this apply to organisations?

Immediate obligation

Practical steps

Penalties

Relevant articles of the EU AI Act

Source document

Need compliance documentation?