EU AI Act: 8 Real-World Examples of Prohibited AI Practices for 2026

What Are the 8 Prohibited AI Practices Under the EU AI Act?

The EU AI Act bans eight categories of AI outright. These are classified as "Uefence. It is also a legal requirement.nacceptable Risk" under Article 5 — and they have carried full legal force since 2 February 2025. Violations carry fines of up to €35 million or 7% of global annual turnover, whichever is higher.

The eight banned practices are:

• Subliminal and deceptive manipulation — AI that exploits psychological vulnerabilities to distort behaviour and cause harm. 
• Exploitation of vulnerable groups — AI targeting children, elderly, or disabled people to distort decision-making. 
• Social scoring by public authorities — state-run systems that rate citizens' trustworthiness across contexts. 
• Individual crime prediction — profiling individuals as future criminals based on personality or behavioural traits. 
• Untargeted biometric scraping — mass harvesting of facial images from the internet to build identification databases. 
• Emotion recognition in workplaces and schools — AI inferring emotional states of workers or students. 
• Biometric categorisation of sensitive traits — AI inferring race, religion, political views, or sexual orientation from biometric data. 
• Real-time remote biometric identification — live facial recognition in public spaces by law enforcement (with narrow exceptions).

Introduction: The February 2025 Reality Check

Most organisations are focused on August 2026. That is when the bulk of the EU AI Act's obligations kick in.

They are already behind.

Article 5 — the complete ban on prohibited AI practices — became enforceable on 2 February 2025. That date has passed. The prohibitions are active. Enforcement has begun.

And the penalties are not hypothetical. The EU AI Act's fine structure for prohibited practices is the most severe in the regulation: €35 million or 7% of global annual turnover — whichever figure is higher. For a mid-sized company with €200M in global revenue, that is a potential €14 million fine. For a larger enterprise, it is tens of millions.

This is not a future compliance project. It is a present legal obligation.

The practices banned under Article 5 are not edge cases. They are not experimental technologies deployed only by the largest tech firms. They are tools that HR teams, marketing platforms, insurers, landlords, schools, and public bodies are using — or considering — right now.

This guide covers all eight prohibited categories. For each one, it provides a concrete real-world example, the precise legal test that determines liability, and the practitioner insights that separate surface-level awareness from genuine compliance.

The EU AI Risk Pyramid: Where "Unacceptable Risk" Sits

The EU AI Act uses a four-tier risk classification system. Understanding the pyramid is essential context before examining the bans.

"Unacceptable Risk" sits at the apex. These are not systems that require additional safeguards. They are systems that cannot be deployed at all. No risk assessment, no mitigation measure, and no business justification makes them legal.

This is the category this guide addresses.

The 8 Banned Practices: What They Mean in Practice

1. Subliminal and Deceptive Manipulation

What the law says: Article 5(1)(a) prohibits AI systems that deploy subliminal techniques beyond a person's consciousness, or that exploit psychological weaknesses or biases, in a way that materially distorts behaviour and causes or is likely to cause significant harm.

Real-world example: A workplace wellbeing app uses "nudge" techniques — timed notifications, emotionally loaded language, and urgency cues — to push users toward decisions that benefit the platform provider, not the user. The app exploits stress and anxiety signals detected from usage patterns.

Practitioner Insight — The "Material Distortion" Test

This is where most compliance teams get it wrong. They assume any manipulative design pattern triggers the ban. It doesn't — at least not automatically.

The law requires two cumulative conditions: the technique must operate below the threshold of conscious awareness and it must produce a material distortion of behaviour that causes significant harm. Dark patterns that are irritating or unfair do not automatically meet the threshold. The manipulation must be covert, and the resulting harm must be real and significant.

In our compliance reviews, we consistently find that legal teams focus on the first condition — the subliminal technique — and underweigh the second. A system that gently nudges users toward a product upgrade is not the same as one that exploits a person's documented anxiety disorder to override their genuine preferences on a health decision.

The legal test is: Could a reasonable regulator demonstrate that the AI caused a person to act substantially against their interests in a way they would not have chosen freely? If yes, the ban applies. If uncertain, conduct a documented harm assessment before deployment.

2. Exploitation of Vulnerable Groups

What the law says: Article 5(1)(b) prohibits AI that exploits vulnerabilities of specific groups — including those based on age, disability, or socioeconomic circumstances — to materially distort behaviour in a way that causes or is likely to cause significant harm.

Real-world example: A children's smart toy uses an AI companion that learns a child's emotional state and loneliness patterns. It then uses this information to drive in-app purchase behaviour, encouraging the child to spend real money on virtual companionship. The toy's AI identifies periods of emotional vulnerability and increases engagement precisely when the child is most susceptible.

This is a direct violation. The AI is specifically targeting a vulnerability — childhood, emotional dependency — to distort purchasing decisions. The harm is both psychological and financial.

The broader application is wider than most people expect. AI tools that target elderly users with financial products during moments of cognitive uncertainty, or that exploit disability-related stress to drive insurance upselling, fall into the same category. The key question is always: Is the AI specifically leveraging a vulnerability to override genuine decision-making capacity?

3. Social Scoring by Public Authorities

What the law says: Article 5(1)(c) bans AI systems that evaluate or classify individuals based on their social behaviour or personal characteristics, where this leads to detrimental or unfavourable treatment in unrelated social contexts or treatment that is disproportionate to the behaviour.

Real-world example: A municipal housing authority implements an AI-powered "Tenancy Reliability Score." The system aggregates data from rent payment history, social media behaviour, utility payment records, and neighbourhood complaints — and produces a composite trustworthiness rating used to allocate public housing.

An applicant who paid rent late twice in five years, complained about a landlord on a neighbourhood forum, and missed two utility payments receives a low score. They are deprioritised for housing — a consequence wildly disproportionate to the behaviours assessed.

The Private Sector Question

The Article 5(1)(c) prohibition is explicitly directed at public authorities. A landlord or insurance company operating a similar system is not automatically caught by this specific prohibition.

However, this does not mean the private sector is free to implement social scoring. Such systems will almost certainly engage GDPR's restrictions on automated decision-making (Article 22), sector-specific financial regulation, and potentially Article 5(1)(a) or (b) if manipulation elements are present.

In our audit of a UK-based residential lettings firm in late 2025, we found a third-party tenant screening tool that assigned applicants a "lifestyle risk score" based on social media activity. The tool had not been reviewed under either the EU AI Act or GDPR's automated decision-making provisions. It was immediately suspended pending legal review.

4. Individual Crime Prediction Based on Profiling

What the law says: Article 5(1)(d) prohibits AI used to make risk assessments of individuals for the purpose of predicting future criminal activity based solely or primarily on personality traits, profiling, or other characteristic-based assessments.

Real-world example: A policing authority deploys an AI tool that analyses an individual's social media activity, purchasing patterns, prior associations, and psychological profile — without any specific criminal intelligence — and generates a "recidivism likelihood score." Officers use this score to determine whether to stop, question, or monitor an individual.

This is pre-crime profiling. The ban is absolute. No operational policing justification overrides it.

The critical distinction is between risk assessment based on specific, verified criminal behaviour and risk assessment based on personality traits and associations. Recidivism tools that incorporate actual criminal history alongside statistical risk factors sit in contested territory and are subject to challenge under this provision. Systems based primarily on psychological or social profiling — with no specific criminal act as the trigger — are outright prohibited.

5. Untargeted Biometric Scraping

What the law says: Article 5(1)(e) prohibits AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or from CCTV footage.

Real-world example: A private security firm builds an identification platform by harvesting millions of profile images from LinkedIn, Instagram, and public news archives — without the consent of the individuals pictured. The database is then licensed to clients for employee background checks and access control.

This is the Clearview AI model. It is banned in its entirety under Article 5.

The word "untargeted" is doing significant legal work here. Collecting images of a specific named individual as part of a lawful, targeted investigation is a different legal question — and may fall under the law enforcement exceptions discussed in prohibition 8. Collecting images indiscriminately to build a general-purpose database is the prohibited act.

Compliance implication: Any organisation currently using a third-party facial recognition or identity verification service should immediately audit the data sourcing practices of that provider. If the provider built its matching database through internet scraping, continued use of that service carries direct regulatory exposure.

6. Emotion Recognition in Workplaces and Schools

What the law says: Article 5(1)(f) prohibits the use of AI systems to infer the emotions of natural persons in the workplace and in educational institutions — with exceptions for medical or safety reasons.

Real-world example: A company monitoring remote workers uses an AI-powered webcam tool. The system analyses micro-expressions, gaze patterns, posture, and vocal tone during video calls. It generates an "engagement score" and a "productivity confidence level" for each employee. Managers receive weekly dashboards showing which team members appear "disengaged" or "stressed."

This is prohibited. The system infers emotional states — engagement, stress, confidence — in a workplace context for a productivity purpose. There is no medical or safety rationale. The ban applies directly.

Practitioner Insight — The Loophole That Isn't a Loophole

The medical and safety exception creates a genuine carve-out. AI that monitors a pilot for signs of fatigue to prevent a safety incident is permitted. AI that monitors a surgeon's stress levels during a procedure for patient safety reasons is permitted. These are emotion-recognition applications with a direct, proportionate safety justification.

What is not permitted — and what we consistently see attempted in compliance consultations — is rebranding a productivity monitoring tool as a "wellbeing" or "safety" tool to avoid the prohibition.

In a recent consultation with a logistics firm, we reviewed a "driver wellbeing system" that assessed driver alertness and emotional state every 90 seconds. The stated purpose was road safety. The actual output — a weekly mood and engagement report sent to HR — revealed that the primary use was performance management. The safety label did not change the legal classification. The tool was prohibited.

The test is not what the vendor calls the tool. The test is what the output is actually used for.

7. Biometric Categorisation of Sensitive Traits

What the law says: Article 5(1)(g) prohibits AI systems that categorise individuals based on biometric data to deduce or infer race, ethnicity, political opinions, trade union membership, religious or philosophical beliefs, sexual orientation, or health status.

Real-world example: An event security firm uses a crowd-analysis AI that does not identify individuals but categorises attendees by perceived ethnicity and uses this categorisation to trigger differential security screening thresholds. Individuals flagged in certain ethnic categories receive more intensive checks.

This is a direct violation. The system is using biometric data — physical appearance — to infer ethnicity and apply differential treatment. The harm here is both discriminatory and fundamental to human dignity.

A critical nuance: This prohibition extends beyond obvious racial categorisation. An AI that analyses voice patterns to infer probable political alignment — and uses that inference to adjust the content served to a user — is also prohibited. An AI that analyses walking gait or clothing choices to infer religious affiliation for targeting purposes is prohibited.

The common thread is using biometric signals to make inferences about characteristics that are both sensitive and protected — and then acting on those inferences.

8. Real-Time Remote Biometric Identification in Public Spaces

What the law says: Article 5(1)(h) prohibits the use of real-time remote biometric identification systems in publicly accessible spaces by law enforcement — except in three narrowly defined circumstances.

Real-world example: A city's police department deploys live facial recognition cameras at football stadiums, transit hubs, and public squares. The system continuously matches faces against a wanted persons database and alerts officers in real time.

This is the paradigm case the prohibition targets. Mass, live surveillance of the general public through biometric identification is banned as the default position.

The three narrow exceptions are:

• Targeted searches for victims of specific crimes — including missing children and trafficking victims. 
• Prevention of a specific, imminent threat to life or a terrorist attack. 
• Identification of a suspect in a serious crime where a judicial or independent authority has granted prior authorisation.

These exceptions are narrow, time-limited, and subject to prior authorisation requirements in most cases. They are not a general licence for preventive surveillance. An authority that deploys live facial recognition on a routine basis — without a specific imminent threat or active investigation — is operating outside the exceptions.

Note for the private sector: This prohibition is directed at law enforcement. Private businesses deploying real-time facial recognition for access control, loyalty identification, or security purposes are not caught by this specific provision — but they remain subject to GDPR's strict biometric data processing rules and high-risk AI requirements under other parts of the Act.

The Article 4 Bridge: You Cannot Avoid What You Cannot Recognise

Here is the compliance gap that organisations consistently underestimate.

Article 4 of the EU AI Act requires providers and deployers of AI systems to take measures to ensure sufficient AI literacy among their staff — specifically, the knowledge and skills needed to make informed decisions about AI tools, to recognise their limitations, and to identify when a system crosses into prohibited territory.

This is not aspirational guidance. It is a legal obligation.

An HR manager who approves an emotion recognition tool for remote team monitoring has violated Article 5. But if that HR manager received no training on what emotion recognition is, what the EU AI Act prohibits, or how to evaluate vendor claims — the organisation has also violated Article 4.

The two obligations are interconnected. You cannot rely on staff to avoid prohibited AI practices if those staff have never been trained to recognise them.

In our AI compliance audits, the most common failure mode is not deliberate misuse. It is uninformed procurement. A department head purchases a "productivity analytics" tool. The vendor's marketing materials emphasise performance insights. No one reads the technical documentation. No one identifies that the underlying model infers emotional states from video input. The tool goes live. The prohibition is violated.

AI literacy training is the first line of defence. It is also a legal requirement.

Conclusion: February 2025 Was the Starting Gun

The EU AI Act's prohibited practices are not future compliance obligations. They are active law.

Every organisation that procures, deploys, or uses AI in any form — regardless of size, sector, or location — needs to conduct an immediate review of its AI tools against the Article 5 prohibitions.

The eight bans are not obscure edge cases. Emotion recognition tools are being marketed to HR teams today. Biometric scraping databases are powering identity verification services right now. Social scoring mechanisms are embedded in tenant screening and insurance underwriting platforms that are already live.

The question is not whether these tools exist in your supply chain. The question is whether you know they do.

AI literacy — mandated by Article 4 — is the mechanism that closes this gap. Staff who understand what is prohibited can flag it before it is deployed. Staff who have never received structured AI training cannot.

This article reflects the EU AI Act (Regulation 2024/1689) as enforceable from 2 February 2025 (Article 5 prohibitions) and 2 August 2026 (remaining provisions). National enforcement authority designation varies by member state. Always seek qualified legal advice for your specific AI deployment context and jurisdiction.