Understanding Prohibited AI Practices in the EU AI Act
The EU AI Act follows a risk based model. At the top of that model is a strict category called unacceptable risk. These practices are prohibited under Article 5 because they can create serious harm for people, rights, and society.
For most companies, this is the first legal checkpoint. Before discussing model accuracy or documentation quality, you must verify that your use case is not in a prohibited category.
Main Prohibited Categories You Need to Know
The prohibited list includes specific cases such as harmful manipulation, certain exploitative uses targeting vulnerable groups, social scoring that causes unjustified detrimental treatment, and certain biometric uses that are considered too intrusive.
It also covers untargeted scraping of facial images to build facial recognition databases, plus restricted use of real time remote biometric identification in public spaces by law enforcement, subject to narrow legal exceptions.
Why Teams Misclassify Risk
Many organizations fail classification because they ask only technical questions. The EU AI Act test is broader. You need legal context, user impact analysis, and deployment context.
A model can be technically strong and still be prohibited in a specific use context. Compliance depends on purpose and effect, not only on architecture.
How to Build a Prohibited Use Screening Process
- Require an AI use case intake form before development or procurement.
- Add Article 5 screening questions at the start of product design.
- Escalate any biometric, behavioral influence, or public authority use case for legal review.
- Keep written classification decisions with reasoning and approvers.
- Re review classification when scope, user group, or geography changes.
Governance Controls That Help
You should define a policy that states prohibited categories clearly, then back it with workflow controls in product lifecycle management. A good policy without enforcement points in delivery workflows will fail in practice.
A strong setup usually includes product gating in Jira or equivalent tooling, legal sign off checkpoints, and quarterly sample based compliance reviews.
Penalty Exposure and Business Impact
Prohibited practice breaches can trigger the highest tier of AI Act penalties. Beyond financial exposure, the bigger risk is market trust damage with regulators, enterprise buyers, and partners.
Final Takeaway
The fastest way to reduce AI Act risk is to implement strict prohibited use screening early. If your organization can identify banned use cases at design stage, you avoid costly rebuilds, legal exposure, and launch delays later.