8 AI Practices That Are Already Illegal in Spain Under the EU AI Act

Artificial intelligence compliance is no longer only about preparing for future high-risk AI obligations.

For some AI practices, the legal line has already been crossed.

Under the EU AI Act, prohibited AI practices and AI literacy obligations entered into application from 2 February 2025. That means certain AI systems are not merely “high risk” or “subject to future documentation requirements.” They are already prohibited in the European Union, including Spain. The European Commission also confirms that later high-risk rules follow separate phased timelines, including extended transition periods for certain regulated product systems. (Digital Strategy)

For Spanish companies, this matters immediately.

A company may be waiting for the later high-risk AI deadlines, but if it is using an AI system that falls under Article 5 prohibited practices, the issue is not future readiness. It is present legal exposure.

This is especially important for organisations using AI in recruitment, employee monitoring, customer profiling, biometric identification, education, insurance, finance, public-facing services, online platforms or automated decision-making.

Spain is also moving quickly in AI governance. AESIA, Spain’s AI supervisory authority, has already published practical guidance to support implementation of the AI Act, including checklists and technical guidance for areas such as risk management, data governance, transparency, cybersecurity, records, documentation and human oversight. (aesia.digital.gob.es)

This guide explains the 8 AI practices already prohibited under the EU AI Act, what they mean in real business situations, and what Spanish organisations should do now to avoid deploying systems that should never be used in the first place.

What Are Prohibited AI Practices Under the EU AI Act?

The EU AI Act uses a risk-based structure.

Some AI systems are low risk. Some are subject to transparency duties. Some are high-risk and require governance, documentation, risk management and human oversight. But a small group of AI practices is considered so harmful to fundamental rights, human autonomy and public trust that the law prohibits them outright.

These are found in Article 5 of the EU AI Act.

The AI Act Service Desk explains that Article 5 prohibits the placing on the EU market, putting into service or use of AI systems involving manipulative, exploitative, social scoring, certain biometric, emotion recognition and criminal risk-assessment practices. (AI Act Service Desk)

In simple terms, a prohibited AI practice is not an AI system that needs “better paperwork.”

It is an AI system that should not be placed on the market, put into service or used for that prohibited purpose.

That distinction is critical.

A high-risk AI system may be allowed if it satisfies strict requirements. A prohibited AI system is different. If the system falls within Article 5, the correct response is usually to stop, redesign, remove the prohibited function, or avoid deployment altogether.

Why This Matters for Businesses in Spain

Many businesses still think the EU AI Act is mostly a future issue.

That is dangerous.

The bans on prohibited AI practices already apply. Penalties for violating Article 5 are also the highest category of fines under the AI Act. Non-compliance with the Article 5 prohibitions may lead to administrative fines of up to €35 million or 7% of total worldwide annual turnover, whichever is higher. For SMEs and start-ups, the AI Act includes adjusted fine logic, but the exposure remains serious. (aiact-info.eu)

For Spanish organisations, the risk is not limited to AI Act enforcement. Many prohibited or near-prohibited AI practices also overlap with GDPR, LOPDGDD, employment law, consumer protection, anti-discrimination law and sector-specific rules.

This is why AI compliance cannot be managed only by the IT department.

A prohibited AI review should involve legal, compliance, HR, privacy, procurement, cybersecurity, business leadership and operational teams.

For a broader foundation, read the pillar guide: Ethical AI and EU AI Act Compliance: The Professional’s Complete Guide for Spain (2026).

The 8 AI Practices Already Prohibited Under Article 5

1. Manipulative or Deceptive AI That Distorts Human Decisions

The first prohibited practice covers AI systems that use subliminal, manipulative or deceptive techniques to materially distort a person’s behaviour in a way that impairs their ability to make an informed decision and causes, or is reasonably likely to cause, significant harm. (AI Act Service Desk)

This is not about ordinary advertising or standard personalisation.

The concern is AI that pushes people into decisions they would not otherwise make by manipulating their perception, emotions, vulnerabilities or decision-making environment.

Business example

Imagine a financial services app that uses AI to detect when a user is under emotional stress and then pushes them toward a high-cost credit product using urgency-based messaging, hidden design choices and personalised pressure.

Or an online platform that uses AI-generated messages to make vulnerable users believe they will lose access, status or support unless they buy something immediately.

The legal problem is not simply that the company used AI.

The problem is that the AI is being used to undermine informed choice.

What businesses should check

Businesses should review AI-driven interfaces, recommendation engines, conversion tools, behavioural targeting systems, sales automation and customer journey personalisation.

Ask:

• Does the AI pressure users into decisions?
• Does it hide important information?
• Does it exploit emotional state, confusion or urgency?
• Would the user make the same decision if the process were transparent?
• Could the design cause financial, psychological, legal or other significant harm?

If the answer is yes, the system may need urgent legal review.

2. AI That Exploits Vulnerabilities Based on Age, Disability or Social/Economic Situation

The second prohibited practice covers AI systems that exploit vulnerabilities linked to age, disability or specific social or economic situations in a way that materially distorts behaviour and causes, or is likely to cause, significant harm. (AI Act Service Desk)

This is highly relevant for businesses serving children, elderly people, patients, financially vulnerable customers, jobseekers, migrants, students or people with disabilities.

Business example

A children’s learning app uses AI to identify when a child is frustrated, lonely or eager for approval, then encourages repeated paid upgrades or emotionally manipulative engagement.

A debt management platform uses AI to target financially distressed users with misleading repayment products that benefit the provider more than the customer.

A health-related chatbot detects anxiety and pushes unnecessary services without clear boundaries, professional oversight or transparent information.

What businesses should check

Any AI system that adapts messaging based on vulnerability should be treated with caution.

This includes:

• AI chatbots
• EdTech systems
• healthcare-facing AI assistants
• financial products
• insurance pricing tools
• marketing automation
• customer retention systems
• behavioural nudging tools

The key question is not only “Does the AI personalise content?”

The better question is:

Does the AI exploit vulnerability in a way that changes behaviour and creates significant harm?

3. AI-Based Social Scoring That Leads to Unfair Treatment

Article 5 prohibits AI systems used to evaluate or classify people over time based on social behaviour or personal characteristics where the resulting score leads to detrimental or unfavourable treatment in unrelated contexts, or treatment that is unjustified or disproportionate. (AI Act Service Desk)

This is often described as a ban on “social scoring.”

For most companies, the danger is not a formal government-style social score. The risk is creating a business version of social scoring without calling it that.

Business example

A company creates a “trust score” for customers by combining payment history, social media activity, complaint behaviour, location data, browsing behaviour and inferred personality traits.

That score is then used to deny access to unrelated services, increase prices, restrict support, downgrade user rights or deprioritise certain customers.

Another example would be a platform that ranks gig workers or contractors using behavioural signals from unrelated contexts, then automatically limits their access to jobs without a fair explanation.

What businesses should check

Be careful with AI systems that combine data from different contexts to produce a score about a person.

Risk increases when the score affects:

• access to services
• employment opportunities
• credit or insurance
• pricing
• public benefits
• housing
• education
• platform visibility
• customer treatment

A score may look like an efficiency tool internally, but if it creates unfair treatment across contexts, it may become an Article 5 risk.

4. AI Used to Predict Criminal Risk Based Solely on Profiling or Personality Traits

The AI Act prohibits AI systems used to assess or predict the risk of a natural person committing a criminal offence when that assessment is based solely on profiling or personality traits and characteristics. The law allows limited support for human assessment only where it is based on objective and verifiable facts directly linked to criminal activity. (AI Act Service Desk)

This is most relevant to law enforcement and security contexts, but private businesses should still pay attention.

Business example

A private security provider offers a system that flags individuals as likely offenders based only on behavioural profiling, appearance, movement patterns, personality inference or historical group-level assumptions.

A shopping centre, stadium or transport operator uses an AI vendor that claims to identify “potential criminals” from facial expression, clothing style, movement or demographic patterns without objective facts linked to a specific incident.

What businesses should check

Private companies should be extremely cautious with AI products marketed as:

• crime prediction tools
• suspicious person detection
• offender likelihood scoring
• threat personality profiling
• automated criminal risk assessment
• behavioural crime prediction

If the system predicts criminality based only on profiling or inferred traits, it may fall into prohibited territory.

Even where the AI Act does not directly prohibit a specific business use case, GDPR, security law, discrimination law and reputational risk may still apply.

5. AI That Creates or Expands Facial Recognition Databases Through Untargeted Scraping

Article 5 prohibits AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage. (AI Act Service Desk)

This is one of the clearest red lines in the EU AI Act.

The law targets the mass collection of facial images to build recognition databases without a targeted, lawful and proportionate basis.

Business example

A company scrapes public social media profiles, event photos, website images or CCTV footage to build a searchable database of faces.

A vendor offers facial recognition capabilities trained or expanded through broad, untargeted image collection from the internet.

A retail group collects CCTV footage across locations and uses it to develop a face-matching database without a clearly limited lawful purpose.

Spain-specific warning

Spain already has a strong enforcement culture around biometric and sensitive data. In 2024, the AEPD ordered a precautionary measure against Worldcoin, requiring the cessation of collection and processing of special categories of personal data in Spain and the blocking of data already collected. The AEPD referred to complaints involving insufficient information, data from minors and withdrawal of consent issues. (AEPD)

The Worldcoin matter was a GDPR action, not an Article 5 AI Act penalty. But it shows the same wider point: biometric data processing in Spain receives serious regulatory attention.

What businesses should check

Businesses should ask vendors directly:

• Was any facial recognition database built using scraped internet images?
• Was CCTV footage used to train or expand recognition capabilities?
• What is the lawful source of biometric training data?
• Can the vendor document data provenance?
• Can the company prove that the dataset was not built through untargeted scraping?

If the vendor cannot answer clearly, the risk is not only technical. It is legal.

6. Emotion Recognition in the Workplace or Education

The EU AI Act prohibits AI systems used to infer emotions of a natural person in the workplace and in education institutions, except where the system is used for medical or safety reasons. (AI Act Service Desk)

This is one of the most important prohibitions for employers and training providers.

It affects tools that claim to detect whether a person is happy, angry, bored, stressed, engaged, distracted, honest, confident or motivated based on face, voice, behaviour, typing patterns, eye movement or other signals.

Business example

An employer uses webcam analysis during remote work to infer whether employees are engaged or emotionally committed.

A recruitment platform uses facial analysis during interviews to infer confidence, honesty or enthusiasm.

A school or training provider uses AI to measure students’ emotional states during online learning and uses those scores for performance assessment.

A call centre deploys software that scores employees’ emotional state and uses that score in performance reviews.

What businesses should check

Organisations should review tools used in:

• HR
• recruitment
• online interviews
• remote work monitoring
• employee productivity tracking
• education
• e-learning
• training platforms
• call centres
• performance management

This point overlaps strongly with the HR cluster blog: EU AI Act and HR in Spain: What Every Employer Must Do Now.

The practical rule is simple:

If the tool claims to detect emotions in workers or students, do not assume it is only a “wellbeing” or “engagement” feature. It may be prohibited unless it fits a narrow medical or safety exception.

7. Biometric Categorisation That Infers Sensitive Personal Traits

Article 5 prohibits biometric categorisation systems that categorise individuals based on biometric data to deduce or infer sensitive characteristics such as race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation. (AI Act Service Desk)

This prohibition is especially important because many AI tools now claim to infer personal traits from face, voice, gait, body movement, behavioural patterns or other biometric signals.

Business example

A marketing platform uses face analysis to infer ethnicity or religious identity and then segments users for targeting.

An employer uses AI video analysis to infer political attitudes, union sympathies or personality traits from facial expressions or voice.

A venue security system categorises people by inferred ethnicity or other sensitive traits.

An insurance or finance tool uses biometric signals to infer lifestyle, sexuality or health-related characteristics.

Why this is dangerous

Sensitive trait inference is not only a privacy issue.

It can create discrimination, exclusion, reputational harm and fundamental rights violations.

Spanish organisations must also remember that GDPR treats biometric data used for uniquely identifying a person as special category data, and other sensitive characteristics receive heightened protection under EU data protection law.

What businesses should check

Ask whether any AI tool:

• analyses face, voice, gait, body or behavioural patterns;
• classifies people into demographic or sensitive categories;
• infers protected characteristics;
• uses biometric signals for targeting, ranking or access control;
• offers “personality,” “culture fit,” “trustworthiness” or “attitude” scoring based on biometric inputs.

If yes, review the system immediately.

8. Real-Time Remote Biometric Identification in Public Spaces for Law Enforcement, Except in Narrow Cases

The EU AI Act prohibits the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes, unless one of the narrow exceptions applies. These exceptions include targeted searches for certain victims or missing persons, prevention of specific serious threats, or identification of suspects for specified serious offences, subject to strict safeguards. (AI Act Service Desk)

This prohibition is mainly aimed at public authorities and law enforcement.

However, private companies should not ignore it.

Shopping centres, transport operators, event venues, stadiums, private security providers and technology vendors may become involved in biometric surveillance ecosystems through contracts, pilots, data access, infrastructure or vendor partnerships.

Business example

A private venue installs real-time facial identification in publicly accessible areas and shares alerts with security or public authorities without a clearly lawful, necessary and proportionate framework.

A technology vendor markets live biometric identification to public authorities without properly accounting for the AI Act’s restrictions and safeguards.

A company operating transport hubs uses live biometric matching for crowd control, access decisions or security alerts without understanding whether the use is lawful under AI Act, GDPR and Spanish law.

Spain-specific warning

In 2025, the AEPD sanctioned Aena over biometric facial recognition systems in Spanish airports. Reports stated that the regulator found shortcomings in the data protection impact assessment, including insufficient justification of the necessity of biometrics and insufficient assessment of less intrusive alternatives. Aena reportedly said it would appeal. (Cadena SER)

Again, this was a GDPR-related matter, not an Article 5 AI Act case. But it shows why biometric AI deployments in Spain must be treated as high-scrutiny projects, not as ordinary digital innovation.

Spain-Specific Compliance Risks: AESIA, AEPD and Biometrics

For Spanish organisations, Article 5 risk sits inside a broader regulatory environment.

AESIA is expected to play a central role in AI Act implementation in Spain. AESIA’s practical guides are designed to help SMEs, start-ups and large companies comply with the AI Act, especially in areas such as risk management, transparency, data governance, cybersecurity, records, documentation and human oversight. (aesia.digital.gob.es)

The AEPD remains highly relevant because many AI systems process personal data. This is especially true for AI used in biometrics, HR, customer profiling, health, finance, education and surveillance.

Spanish enforcement trends already show strong attention to privacy, biometrics and intrusive technologies. Cinco Días reported that the AEPD imposed 299 fines totalling €40 million in 2025, with the Aena biometric case highlighted as one of the most significant sanctions. (Cinco Días)

For businesses, the lesson is clear:

You cannot treat AI Act compliance, GDPR compliance and ethical AI governance as separate silos.

A prohibited AI practice may trigger AI Act risk. The same system may also trigger GDPR, LOPDGDD, labour, consumer protection, anti-discrimination or sector-specific risks.

Business Checklist: How to Identify Prohibited AI Practices

Use this checklist before deploying or continuing to use any AI system in Spain.

1. Create an AI inventory

List all AI systems used across the organisation, including:

• HR tools
• recruitment platforms
• customer service chatbots
• marketing automation
• fraud detection systems
• security tools
• biometric systems
• analytics platforms
• productivity monitoring tools
• education or training platforms
• third-party SaaS tools with embedded AI

Do not only list tools branded as “AI.” Many systems use AI features quietly inside broader software.

2. Identify the AI system’s real purpose

For each system, ask:

• What decision does it support?
• Who is affected?
• What data does it use?
• Does it influence access, pricing, opportunity, employment, education, credit, insurance, security or legal outcomes?
• Does it classify, rank, score, predict, infer or recommend?

The legal risk often comes from the system’s purpose and effect, not from the vendor’s marketing language.

3. Screen for Article 5 red flags

Flag any system that involves:

• behavioural manipulation
• vulnerability targeting
• social scoring
• criminal risk prediction
• facial scraping
• emotion recognition in work or education
• biometric categorisation of sensitive traits
• live biometric identification in public spaces

If a tool matches even one category, pause before deployment.

4. Ask vendors direct questions

Your procurement team should ask AI vendors:

• Does the system perform emotion recognition?
• Does it infer sensitive personal traits?
• Does it use biometric data?
• Was any training data collected from scraped internet images or CCTV?
• Does it score people across contexts?
• Does it classify users based on vulnerability?
• Does it predict criminal behaviour or suspiciousness?
• Can the vendor provide AI Act documentation?
• Can the vendor confirm the system is not prohibited under Article 5?

Do not rely only on generic vendor assurances.

Ask for written answers.

5. Review GDPR and LOPDGDD overlap

Even if a system is not prohibited under Article 5, it may still require:

• lawful basis analysis
• DPIA
• transparency notices
• human oversight
• data minimisation
• retention controls
• vendor agreements
• special category data safeguards
• employee consultation or labour law review

This is especially important for HR, biometrics, health, finance and education use cases.

6. Document the conclusion

For each AI system, document:

• whether Article 5 was reviewed;
• which prohibited practices were considered;
• why the system does or does not fall into a prohibited category;
• who reviewed it;
• what evidence was used;
• what vendor documents were checked;
• what mitigation or removal steps were taken.

If AESIA, the AEPD, a customer, auditor or regulator asks questions later, undocumented confidence will not be enough.

What to Do If Your Organisation May Be Using a Prohibited AI System

If you discover a system that may fall under Article 5, do not simply keep using it while “waiting for clarification.”

Take structured action.

Step 1: Pause or limit the risky use case

If possible, stop the specific function that creates the prohibited risk.

For example:

• disable emotion scoring;
• stop biometric categorisation;
• remove behavioural manipulation features;
• stop using scraped facial databases;
• suspend automated scoring that may create social scoring effects.

Step 2: Preserve documentation

Keep records of:

• vendor contracts;
• technical documentation;
• screenshots;
• model descriptions;
• data sources;
• decision logs;
• internal approvals;
• DPIAs or risk assessments;
• user notices;
• complaints or incidents.

This helps the organisation understand what happened and respond responsibly.

Step 3: Request vendor clarification

Ask the vendor to explain:

• how the system works;
• what data it uses;
• what inferences it makes;
• whether it involves biometric, emotional or sensitive-trait analysis;
• whether the vendor has performed AI Act classification;
• whether Article 5 prohibitions were assessed.

Step 4: Conduct a legal and compliance review

Bring together legal, compliance, privacy, HR, security and business teams.

For higher-risk areas, consider external legal advice.

This blog is educational and should not be treated as legal advice for a specific case.

Step 5: Replace, redesign or remove the system

If the system is prohibited, the solution is not cosmetic.

You may need to:

• remove the feature;
• change the intended purpose;
• choose a different vendor;
• redesign the workflow;
• switch to human-led assessment;
• use less intrusive data;
• implement a non-AI alternative.

How Training Helps Reduce Article 5 Risk

Many Article 5 risks do not start with bad intentions.

They start with people not knowing what to look for.

A marketing team may buy an AI personalisation tool without realising it uses manipulative profiling.

An HR team may test an interview platform without noticing emotion recognition.

A school may adopt an engagement analytics system without understanding that emotion inference in education is prohibited.

A security team may consider biometric identification because it appears efficient.

A procurement team may accept vendor claims without asking about training data, biometric categorisation or prohibited use cases.

This is exactly why Article 4 AI literacy matters.

AI literacy is not just technical training. It is the ability to understand AI risks, responsibilities and limits according to a person’s role in the organisation.

For more on this, read: EU AI Act Article 4 Explained: How to Build an AI Literacy Programme That Actually Satisfies AESIA.

Practical Article 5 Review Template for Businesses

Use this simplified internal review table when assessing AI tools.

Build EU AI Act Knowledge Before Risk Becomes Enforcement

The most dangerous AI systems are not always the most advanced.

Sometimes the greatest risk comes from a tool that looks ordinary: a recruitment platform, a chatbot, a scoring system, a biometric access tool, a customer analytics dashboard or an employee monitoring feature.

Under the EU AI Act, Spanish organisations need people who can recognise the difference between allowed AI, high-risk AI and prohibited AI.

The Compliance with the EU AI Act and Ethics in AI course from Spanish Compliance Institute is designed to help professionals understand AI Act obligations, ethical AI governance, high-risk classification, documentation, human oversight, FRIA, ISO 42001 alignment and Spain-specific compliance expectations.

The programme includes:

• 7 structured modules
• 15 hours of professional training
• practical AI Act compliance guidance
• EU AI Act and ethics focus
• Spain-specific regulatory context
• mock exam and final exam
• verified digital certificate
• trusted by 89+ learners and professionals

If your organisation uses AI, plans to buy AI tools, or advises clients on AI governance, this is the right time to build practical EU AI Act capability.