Above high-risk sits a tier the EU AI Act simply bans. Article 5 has applied since 2 February 2025 and carries the Act’s heaviest fines — up to €35M or 7% of worldwide turnover. Here is the full list, with the carve-outs that decide borderline cases.
Most of the EU AI Act regulates how you may use AI. Article 5 lists what you may not use it for at all — the “unacceptable risk” tier. There is no conformity assessment to pass and no documentation that makes these uses lawful: if a system falls under Article 5, the practice is banned. And unlike the high-risk obligations arriving in August 2026, the prohibitions are already in force.
Under Article 113 of Regulation (EU) 2024/1689, Chapters I and II apply from 2 February 2025 — and Article 5 is Chapter II. Together with the Article 4 AI-literacy duty, it is the part of the Act your organisation is already accountable for today. It also applies across the market: placing on the market, putting into service, and use are all prohibited — so deployers are exposed, not just the vendors who built the system.
Each prohibition has qualifying conditions in the full legal text; the table gives the practical shape of each one.
| Art. | Prohibited practice | In plain terms |
|---|---|---|
| 5(1)(a) | Harmful manipulation | Subliminal techniques beyond a person’s consciousness, or purposefully manipulative or deceptive techniques, that materially distort behaviour and cause (or are reasonably likely to cause) significant harm |
| 5(1)(b) | Exploiting vulnerabilities | Exploiting vulnerabilities due to age, disability, or a specific social or economic situation to materially distort behaviour, causing significant harm |
| 5(1)(c) | Social scoring | Evaluating or classifying people based on social behaviour or known, inferred or predicted personal characteristics, leading to detrimental treatment that is disproportionate or occurs in unrelated contexts |
| 5(1)(d) | Predictive policing by profiling | Assessing or predicting the risk that a person will commit a criminal offence, based solely on profiling or on personality traits and characteristics |
| 5(1)(e) | Untargeted facial scraping | Creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage |
| 5(1)(f) | Emotion recognition at work and school | Inferring emotions of people in workplaces and educational institutions — except for medical or safety reasons |
| 5(1)(g) | Biometric categorisation of sensitive attributes | Categorising individuals from biometric data to deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation |
| 5(1)(h) | Real-time remote biometric identification | Real-time remote biometric identification in publicly accessible spaces for law enforcement — unless one of three narrow exceptions applies (below) |
The two most relevant bans for ordinary companies. Most of Article 5 targets state or fringe uses — but 5(1)(f) reaches any employer: sentiment or emotion analysis of employees (call-centre monitoring, video-interview emotion scoring, “engagement” analytics) is prohibited in the workplace unless it serves a medical or safety purpose. And 5(1)(c) social scoring is drafted broadly enough that cross-context scoring of customers deserves a careful look, not a shrug.
Three qualifiers in the legal text do most of the work in practice:
Article 5(1)(h) bans real-time remote biometric identification (RBI) in publicly accessible spaces for law-enforcement purposes — then Articles 5(2)–(7) define three exceptions and wrap them in safeguards. RBI may be used only where strictly necessary to:
Even then: prior authorisation by a judicial authority or independent administrative authority is required (in urgent cases it may be requested within 24 hours), a fundamental rights impact assessment must be completed, the use must be registered, and each use requires Member State law that actually permits it. For private companies this section is mostly context — but it explains why “biometrics” appears in both Article 5 and the Annex III high-risk list: what is not prohibited outright is usually high-risk.
“Non-compliance with the prohibition of the AI practices referred to in Article 5 shall be subject to administrative fines of up to EUR 35 000 000 or, if the offender is an undertaking, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher.”
Regulation (EU) 2024/1689, Article 99(3)This is the highest fine tier in the Act — above the €15M / 3% tier that covers high-risk and transparency breaches. The prohibitions have applied since 2 February 2025; the enforcement and penalties framework became applicable on 2 August 2025, so national authorities can now act on it.
In February 2025 the European Commission published guidelines on the prohibited AI practices — a long, example-rich interpretation of each ban and its carve-outs. They are non-binding (only the Court of Justice can interpret the Act authoritatively), but they are the closest thing to an official answer on borderline cases and the natural first reference when you screen a system against Article 5.
Note on the Digital Omnibus on AI: the proposed simplification package — provisionally agreed in 2026 but not yet adopted into law as of mid-2026 — is aimed chiefly at deferring the high-risk obligations. Article 5 is already in force and is not deferred: the prohibitions, and their fines, stand today.
For most companies the realistic Article 5 risk is not building a social-scoring system on purpose — it is an emotion-analytics feature inside an HR tool, a “customer risk” score that drifts across contexts, or a vendor capability nobody screened. The prohibited check is therefore the first gate of classification: before you ask “is it high-risk?” under Article 6, you ask “is this use banned outright?” — per system, recorded, and repeated when the system or its use changes.
That only works if you can enumerate the systems in the first place. An AI inventory is where each system — built or bought — carries its Article 5 screening outcome, its Article 6 classification, and the rationale behind both.
No compliance team plans to ship a prohibited system — the practical risk is purpose drift: a sentiment tool bought for customer-satisfaction analytics quietly becomes workplace emotion monitoring under 5(1)(f). Model Inventory for Jira turns each AI system into a work item in the Jira your team already uses, with a built-in EU AI Act category field and dynamic risk tiering. Record each system’s intended use, capture the classification outcome and the rationale behind it, and keep an immutable change history — so when a system’s use changes, the record shows it and the screening can be redone. The legal judgement on borderline cases stays with your compliance team; the inventory makes sure no system skips the question.
See how it worksThis page is a practical explanation, not legal advice. Always confirm requirements against the official text of Regulation (EU) 2024/1689 and, where the stakes warrant it, qualified counsel.