Key facts
- In force since 2 February 2025 — already live, not a future date.
- Covers a short, specific list of practices, not AI generally.
- No compliance path exists for a banned practice — it must not be deployed.
- Includes manipulation, exploitation of vulnerabilities, social scoring, and most real-time biometric identification in public spaces.
- Check your systems against this list as part of any EU AI Act risk classification.
What is banned
The prohibited practices include: AI that deploys subliminal, manipulative or deceptive techniques causing significant harm; AI that exploits vulnerabilities related to age, disability or socio-economic situation; social scoring of individuals by public authorities leading to unjustified or disproportionate treatment; most real-time remote biometric identification in publicly accessible spaces for law enforcement purposes (with narrow, tightly defined exceptions); emotion recognition in workplaces and education (with limited exceptions); biometric categorisation inferring sensitive characteristics such as race, political opinions or sexual orientation; predictive policing based solely on profiling a person; and untargeted scraping of facial images from the internet or CCTV to build facial recognition databases.
Why this matters even if you are not building these systems
Most businesses will not build systems anywhere near this list, but it is worth checking deliberately rather than assuming. Emotion recognition tools marketed for workplace productivity or education, and biometric categorisation features bundled into other products, are the areas most likely to catch an otherwise well-intentioned business by surprise.
What to do
As part of classifying any AI system, explicitly check it against the prohibited-practices list before considering which risk tier it falls into. If a system matches a prohibited practice, it cannot be brought into compliance through documentation or oversight — it must not be deployed in the EU.
Frequently asked questions
What AI practices are banned under the EU AI Act?
Manipulative or deceptive AI causing harm, exploitation of vulnerabilities, public social scoring, most real-time biometric identification in public spaces, workplace/education emotion recognition, sensitive biometric categorisation, predictive policing based solely on profiling, and untargeted facial-image scraping.
When did the prohibited practices take effect?
2 February 2025 — the earliest-live obligations in the EU AI Act.
Can a prohibited AI practice be made compliant?
No — there is no compliance path; a prohibited practice must not be deployed in the EU.
Are there any exceptions to the biometric identification ban?
Yes, narrow, tightly defined law-enforcement exceptions exist, but they do not create general permission for real-time biometric identification in public spaces.
Does emotion recognition always fall under the ban?
Not always — it is banned specifically in workplace and education contexts, subject to limited exceptions, rather than banned outright everywhere.
Related pages
Sources
Last updated 19 June 2026.