35 million euro fine: the 6 AI practices banned from 2025.
From 2 February 2025, six AI practices are formally banned in Europe. The maximum penalty: 35 million euros or 7% of global turnover. Here's what your organisation needs to know to mitigate risks.
Why these prohibitions?
The AI Act strictly regulates AI uses deemed dangerous to fundamental rights.
The EU Regulation classifies certain practices as unacceptable risks. These prohibitions apply to all actors, whether providers or deployers of AI systems. Penalties, set out in Article 99(2), aim to deter abusive uses.
The six prohibited practices cover diverse areas: behavioural manipulation, biometric surveillance, social scoring, and emotion analysis. Each addresses specific challenges in protecting individuals and society.
1. Subliminal or deceptive manipulation
Article 5(1)(a) prohibits techniques that act without a person's knowledge to alter their behaviour.
Legal definition
Any AI system designed to influence a person's decisions without their awareness, through subliminal stimuli or false information, is prohibited. The objective is to prevent physical or psychological harm.
Concrete example
A fitness app that uses subliminal audio messages to encourage users to purchase dietary supplements without their knowledge. These messages, embedded in ambient sounds, drive consumption under the guise of motivation.
Affected tool
Targeted advertising platforms using dark pattern algorithms to maximise engagement, such as certain features in social media or mobile games.
2. Exploitation of vulnerabilities
Article 5(1)(b) targets AI systems that exploit the weaknesses of vulnerable individuals.
Legal definition
AI systems that target specific groups (children, persons with disabilities, individuals facing economic hardship) to distort their behaviour and cause harm are prohibited.
Concrete example
A mobile game designed to encourage children to make in-app purchases by exploiting their cognitive immaturity. The game uses instant rewards and social pressure mechanisms to drive spending.
Affected tool
Quick-loan applications targeting economically disadvantaged populations, with high interest rates and algorithms designed to maximise indebtedness.
3. Social scoring
Article 5(1)(c) prohibits social scoring systems by public authorities.
Legal definition
AI systems used by public authorities to assess or rank citizens based on their social, economic, or personal behaviour are prohibited. This prohibition extends to private actors whose effects would be similar.
Concrete example
A citizen-rating system based on participation in community activities, credit history, or online behaviour, used to grant or deny social benefits.
Affected tool
Tenant or employee rating platforms, such as certain systems used in China, which influence access to housing or employment based on opaque criteria.
4. Real-time remote biometrics
Article 5(1)(d) strictly regulates the use of facial recognition in public spaces.
Legal definition
Real-time remote biometric identification in publicly accessible spaces is prohibited, except in strictly defined exceptions: counter-terrorism, missing persons searches, or prevention of a specific and substantial threat.
Concrete example
A facial recognition system deployed in a shopping centre to identify customers in real time and send them targeted advertisements. Such use, without explicit consent, is prohibited.
Affected tool
Clearview AI, whose database of faces collected without consent has already been subject to sanctions in Europe.
5. Emotion inference
Article 5(1)(f) prohibits emotion analysis in sensitive contexts.
Legal definition
AI systems designed to infer individuals' emotions in professional or educational settings are prohibited, except for strictly regulated medical or security purposes.
Concrete example
Facial analysis software used during job interviews to assess candidates' honesty or motivation based on their facial expressions. Such tools, based on unproven correlations, are prohibited.
Affected tool
Solutions like HireVue or Affectiva, which analyse candidates' or employees' emotions to influence HR decisions.
6. Biometric categorisation
Article 5(1)(g) prohibits systems that classify individuals based on sensitive biometric data.
Legal definition
AI systems that classify individuals into categories based on biometric data (ethnic origin, sexual orientation, religious beliefs) are prohibited, except in very limited exceptions.
Concrete example
A recruitment algorithm that classifies candidates based on ethnic origin or gender by analysing their facial features or voice. Such categorisation, even indirect, is prohibited.
Affected tool
Gait analysis software used to identify personal characteristics without a solid scientific basis.
Is your organisation using a prohibited AI system?
Identify your risks in 3 minutes with our free assessment.
How to verify that your organisation is not using any prohibited practice
Compliance requires a rigorous audit of your tools and processes.
1. Inventory AI tools
List all AI systems used in your organisation, including those integrated into third-party software. Verify their compliance with Article 5 of the AI Act.
2. Analyse use cases
For each tool, identify its context of use. For example, facial analysis software may be permitted in medical contexts but prohibited in job interviews.
3. Document exceptions
If a tool falls into a grey area (such as remote biometrics for security reasons), document the legal justifications and obtain necessary authorisations.
4. Train teams
Raise awareness among your staff about the AI Act's prohibitions, particularly HR, marketing, and security teams. Appropriate training reduces non-compliance risks.
5. Conduct regular audits
Compliance is not static. Implement regular audits to ensure your tools remain compliant with regulatory developments.
Frequently asked questions
Everything you need to know about the practices prohibited by the AI Act.
Penalties can reach 35 million euros or 7% of an organisation's global turnover, whichever is higher. These fines are set out in Article 99(2) of the AI Act.
Yes, if an organisation offers services or products on the EU market, it must comply with the AI Act, including the prohibitions under Article 5.
No, the prohibition applies only to professional and educational contexts. Strictly regulated medical or security uses may be permitted.
A compliance audit is required. It should include an analysis of the tool's features, its context of use, and its technical documentation. The AiActo assessment can identify risks in minutes.
Exceptions include counter-terrorism, missing persons searches, or prevention of a specific and substantial threat. Such uses must be authorised by a competent judicial or administrative authority.
