The Provisions That Are Now Enforceable
The EU AI Act’s prohibited practices provisions entered full enforcement in February 2025. Unlike the high-risk AI system requirements, which have longer phase-in timelines, the prohibited practices are absolutely prohibited from the date of enforcement with no transition period and no compliance programme grace period.
For enterprise technology leaders, the prohibited practices provisions present a specific risk profile: unlike the high-risk requirements that are complex to assess and implement, prohibited practices are conceptually clearer but require a comprehensive audit of AI deployments to confirm that no deployed system falls within the prohibited categories. The risk of prohibited practice deployment is low for most enterprises, but the consequence is severe and the audit investment required to confirm compliance is non-trivial.
Understanding exactly what is prohibited, conducting a credible audit to confirm no prohibited systems are deployed, and establishing the governance process that prevents future prohibited practice deployment are the three obligations that follow from the February 2025 enforcement date.
What Prohibited Practices Actually Cover
The EU AI Act’s prohibited practice categories are six in number, and understanding each with sufficient precision to audit against it requires reading the actual regulatory text rather than the summary descriptions that most compliance briefings provide. The six categories, summarised with the precision required for audit purposes, are:
AI systems that use subliminal techniques below the threshold of conscious awareness to materially distort a person’s behaviour in a manner that causes or is likely to cause harm to that person or another person. The threshold for prohibition is the combination of subliminal technique and material behaviour distortion with harm. AI systems that use persuasive design without subliminal techniques, or that influence behaviour without causing harm, are not within this prohibition.
AI systems that exploit vulnerabilities of specific groups (by reason of age, physical or mental disability, or social or economic situation) to materially distort their behaviour in a manner that causes or is likely to cause harm. The specific vulnerability exploitation and the material distortion causing harm are both required elements. Personalisation that targets specific demographic groups without exploiting vulnerability is not within this prohibition.
AI systems used by public authorities or acting on their behalf for social scoring of natural persons based on their social behaviour over time, or known or predicted personal characteristics, with the result of differential treatment that is detrimental or unjustified. This prohibition applies to public authorities and their agents; it does not directly prohibit private sector social scoring, though GDPR provisions create separate constraints.
Real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes, with specific exceptions for serious crime investigation and child protection. The prohibition targets law enforcement use cases specifically; commercial real-time biometric identification in private spaces is not within this specific prohibition, though it may be regulated under other provisions.
AI systems that infer emotions in the workplace or educational institutions, with limited exceptions for safety purposes. Emotion recognition AI used for productivity monitoring, work assessment, or educational evaluation is prohibited.
AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage. The untargeted scraping is the key element; targeted investigation of specific identified individuals for law enforcement purposes is within the exception framework.
The Audit Process
The prohibited practice audit for an enterprise AI portfolio has two components: inventory completeness and system assessment.
Inventory completeness is the prerequisite. The audit cannot assess systems that are not in the inventory. The shadow AI problem that NIS2 and AI Act compliance discussions have consistently raised applies here too: AI capabilities embedded in HR platforms, customer experience tools, marketing technology, and productivity software may not have been included in the AI inventory if the inventory was built from IT procurement records rather than from a comprehensive discovery process. The prohibited practices audit should include a discovery phase that goes beyond the known AI inventory to identify potential AI deployments that were not captured in the initial inventory exercise.
System assessment for each AI system in the scope applies the prohibited practice criteria described above. Most enterprise AI deployments will be clearly outside all six prohibited practice categories: the customer service AI chatbot, the predictive analytics platform, the AI coding assistant, the document generation tool. The assessment for these systems can be documented relatively quickly.
The AI systems that require more careful assessment are those with characteristics that require judgment about whether they fall within a prohibited category. Personalisation systems that target vulnerable populations. Employee monitoring systems with any inference about emotional or psychological states. Customer segmentation systems that might be characterised as social scoring in specific use cases. For each of these, a documented assessment that concludes why the system is not within a prohibited category, with legal input where the assessment is not straightforward, is the appropriate audit output.
The Governance Process That Prevents Future Exposure
The compliance gap that the prohibited practice audit is designed to address is the past deployment of AI systems without adequate assessment against AI Act requirements. The governance process that prevents this gap from recurring is the AI system review gate that applies to all future AI system deployments before production deployment.
The review gate should include a prohibited practice assessment as a standard component, with the assessment documented for each AI system regardless of how clearly it falls outside the prohibited categories. The documentation creates the audit trail that demonstrates due diligence in the event of a regulatory inquiry.
The prohibited practice assessment should also be applied to AI system updates and to AI capability expansion in existing systems. An AI system that was deployed before the enforcement date and assessed as compliant may incorporate new capabilities in a subsequent update that bring it closer to a prohibited practice category. The governance process should include a reassessment trigger for material AI system changes.
The Exposure If Non-Compliance Is Found
The enforcement consequences for prohibited practice AI deployment are at the top of the AI Act’s penalty framework: fines up to 35 million euros or seven percent of total worldwide annual turnover, whichever is higher. This is a significantly higher penalty ceiling than the high-risk AI system provisions.
The investigation and decommissioning process for a prohibited practice AI system, if one is found in the portfolio, involves both immediate steps and medium-term programme work. The immediate steps are suspension of the prohibited system’s AI functionality while the assessment is completed, notification to the relevant supervisory authority if the system has been deployed and is in scope for mandatory notification, and documentation of the assessment and the remediation plan. The medium-term work is the programme to either modify the system so that it no longer falls within the prohibited practice category, or to decommission it, with board-level governance of that decision.
The enterprise that has completed its prohibited practice audit and confirmed no prohibited systems are deployed is in a defensible compliance position. The one that has not completed the audit is in an unknown position, which is a different kind of risk from confirmed non-compliance but is not comfortable risk to carry indefinitely.
The audit investment required to achieve a defensible position is a small fraction of the enforcement exposure it addresses.