What is a prohibited AI practice?
Privacy, law and compliance
A prohibited AI practice is an AI use that the EU AI Act bans outright because the risk is considered unacceptable, not merely manageable. This is different from high-risk AI, which can still be used if strict controls are met. If a practice falls into the prohibited category, the basic question is not how to comply better, but whether the system should be placed on the market, put into service, or used at all for that purpose.
What this means
The clearest mental model is a traffic light. High-risk AI is a yellow light. You may proceed, but only with strong controls and care. Prohibited AI is a red light. It marks practices the law treats as fundamentally incompatible with the level of protection it wants to secure.
That distinction matters because the AI Act is not simply ranking technologies from weak to strong. It is judging certain practices by how they interfere with human dignity, autonomy, safety, or fundamental rights. Some uses are seen as too manipulative, too intrusive, too abusive, or too difficult to reconcile with core rights.
The category is about practices, not just products. You do not ask only, "What tool is this?" You also ask, "What is it being used to do?" A general image model, for example, may be lawful in many contexts and unlawful in a prohibited context. A biometric capability may be allowed in one setting and prohibited in another. That is why product teams need to review intended use and foreseeable misuse, not only software labels.
For leaders, this is one of the most important terms in the AI Act because it is a design and go to market screen. If your planned use falls into a prohibition, you do not move it forward on the assumption that more policy documents will solve the problem.
Why it matters
This term matters because prohibited practices create the clearest red flags in AI governance. They are the kinds of uses that boards, investors, regulators, civil society groups, and courts are least likely to treat as innocent experimentation.
It also matters because teams often make mistakes by thinking only in technical categories. They ask whether a model is general-purpose, whether a tool is accurate, or whether a prompt filter exists. Those are valid questions, but they are the wrong first question if the use case itself may be prohibited.
The practical business effect is early stage triage. A decent prohibited-practice screen can save months of wasted product work, contract effort, and reputational damage. It can also stop leaders from approving features that create immediate escalation risk with regulators, customers, employees, or the public.
As of mid 2026, this area is especially important because the prohibited list has already started to evolve. The Act itself required periodic review, and the 2026 Digital Omnibus compromise added a targeted new prohibition around AI that generates non-consensual intimate material or child sexual abuse material, with a limited safe-harbour style carve-out for providers that build in effective preventive safeguards. That shows the category is live, not frozen.
How it works
The base list sits in Article 5 of the AI Act. It prohibits a defined set of AI practices considered unacceptable. These include AI that uses subliminal, manipulative, or deceptive techniques in a way that materially distorts behaviour and causes or is reasonably likely to cause significant harm. It also includes AI that exploits vulnerabilities linked to age, disability, or a specific social or economic situation in a similarly harmful way.
The Act also prohibits social scoring systems that evaluate or classify people over time based on social behaviour or predicted personal characteristics where that leads to unrelated or disproportionate detrimental treatment. The target here is not ordinary analytics. It is AI driven scoring that shifts how people are treated in ways the law regards as fundamentally unfair.
Another prohibited category is AI used to assess or predict the risk that a person will commit a criminal offence based solely on profiling or personality traits. There is a narrow exception for tools supporting a human assessment that is already grounded in objective and verifiable facts directly linked to criminal activity. The line the Act draws is between evidence based support and speculative personality driven prediction.
The Act also bans AI systems that create or expand facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage. It bans emotion recognition systems in workplaces and education settings except for medical or safety reasons. It bans biometric categorisation systems that infer sensitive attributes such as race, political opinions, religion, trade union membership, sex life, or sexual orientation from biometric data, subject to limited carve-outs.
One of the most politically sensitive prohibitions concerns "real-time" remote biometric identification in publicly accessible spaces for law enforcement. In general this is prohibited, but the Act allows narrow exceptions where use is strictly necessary for very specific objectives, such as searching for particular victims, preventing an imminent threat, or locating or identifying suspects for a restricted list of serious offences, and then only with prior authorisation and detailed safeguards. So while people often call this a total ban, the law is more exact. It is a prohibition with tightly bounded exceptions.
The key practical lesson is that you must read both the headline prohibition and the exact conditions around it. Overstating the ban creates confusion. Understating it creates real risk.
The 2026 amendment work is especially important here. In the 7 May 2026 provisional political agreement, the co-legislators added a new provision to prohibit AI practices involving the generation of non-consensual sexual or intimate content and child sexual abuse material. The detailed compromise text is careful about scope. It covers systems intended to generate or manipulate such material, and also systems where such generation is a reasonably foreseeable and reproducible result without significant technical modification and where reasonable and adequate technical safety measures and other safeguards are not in place.
That matters because the new prohibition is not framed as a ban on all generative capability. It is framed around prohibited purpose and reasonably foreseeable misuse without adequate safeguards. The compromise text gives examples of the kinds of preventive measures expected, such as data cleaning, refusal training, safe prompt design, output controls, filtering, and mechanisms to respond to observed or reported misuse. That is why some commentators describe this as a safe harbour type structure for providers with effective safeguards.
The deployer side is narrower than many people assume. Under the compromise text, use is prohibited where the deployer uses the system for the purpose of generating or manipulating non-consensual intimate material or child sexual abuse material. Lawful uses of broader systems for other purposes are not automatically prohibited just because misuse is possible. That is an important nuance for businesses using general image, audio, or video tools for legitimate work.
The same text also limits the non-consensual intimate material prohibition to realistic depictions of identifiable natural persons' intimate parts or sexually explicit activity without that person's freely given, specific, informed, unambiguous, and explicit consent. It excludes some non-realistic or non-identifiable content and preserves certain medical uses. Again, the point is that the law is drawing a targeted prohibition, not banning all synthetic media.
Timing is again important. The original prohibited practices in Article 5 have applied since 2 February 2025. The new 2026 prohibitions are part of a provisional amending agreement and would apply from 2 December 2026 if formally adopted. Until adoption and publication, they are not yet part of the operative AI Act text. But any leader dealing with image, audio, or video generation should already be planning as though this direction is real.
The strategic point is simple. Prohibited practice review belongs at concept stage. If your team is building in sensitive biometrics, behaviour shaping, predictive policing logic, or image generation features that could be steered toward non-consensual intimate material, you do not want to discover the prohibition after launch preparation is finished.
Examples
A product team proposes a "nudify" feature that can turn an ordinary image of an identifiable person into explicit intimate imagery without verified consent. That is exactly the sort of use the 2026 amendment targets, and it should be treated as a stop sign, not a feature discussion.
A workplace analytics vendor offers an emotion recognition tool that claims to detect frustration, motivation, or disengagement from employees' faces during meetings. In the workplace setting, that is a direct red flag under the prohibited practice rules unless it falls under the very narrow medical or safety reasoning.
A business suggests scraping public social media images and CCTV footage to build a large facial database for later recognition training. That is not just a privacy concern. It is expressly prohibited by the Act's rules on untargeted scraping for facial recognition databases.
A public authority or landlord explores a social scoring style system that blends payment history, neighbourhood data, conduct signals, and vague behavioural markers into a trustworthiness score that affects access to services. That is the kind of rights distorting classification logic the social scoring prohibition is meant to stop.
A security team considers a real-time facial identification project in a public space and assumes any law enforcement use is banned in every case. The real answer is more precise. The law treats this as prohibited in principle, but permits narrow exceptions with strict necessity, authorisation, and safeguards.
Common misunderstandings
The first misunderstanding is that all biometric AI is prohibited. It is not. Some biometric uses are prohibited, some are high-risk, and some may be lawful under other frameworks. Leaders need to classify the actual use, not the whole field.
The second misunderstanding is that a prohibited practice can be turned into a normal product by writing a stronger policy. That misses the point. If the practice itself is prohibited, paperwork does not rescue it.
The third misunderstanding is that prohibited practices are defined only by provider intent. In reality, the 2026 compromise text on intimate material and child sexual abuse material also looks at reasonably foreseeable and reproducible misuse and whether reasonable safeguards exist.
The fourth misunderstanding is that "AI practice" means only the underlying model. It does not. The law often cares about the placing on the market, putting into service, or use of a system for a given purpose. Purpose and deployment context matter.
The fifth misunderstanding is that because the prohibited list is narrower than some campaign language implies, it is somehow unimportant. The opposite is true. These are the sharpest red lines in the regime, and they are likely to attract disproportionate scrutiny.
The sixth misunderstanding is that the 2026 additions are already fully in force. They are not yet operative law until formal adoption and publication. But they are far enough advanced that responsible businesses should not ignore them.
Risks and boundaries
The main risk boundary is this: a general capability can slide into a prohibited practice if design choices, default settings, user flows, or weak safeguards make abusive use reasonably foreseeable. That is why product safety and abuse prevention cannot be treated as separate teams working in isolation.
There is also a boundary between prohibited practices and other illegal acts. Some behaviour may be unlawful under criminal law, privacy law, consumer law, or platform rules even if it is not expressly named in Article 5. The prohibited list is important, but it is not the only legal screen.
For leaders, one hard truth is that "we are only a tool provider" is rarely a satisfying defence if the abusive purpose is obvious and the absence of safeguards is hard to justify. The 2026 compromise text makes that even clearer for certain synthetic sexual content risks.
At the same time, businesses should avoid panic classifications. Not every generative image or audio feature is prohibited. Not every biometric feature is prohibited. You need careful use case review, not headlines. This explainer is general information and not legal advice.
What to do next
First, create a prohibited-practice screen for ideation, procurement, and vendor review. Make it short and decisive. Ask whether the use touches manipulation, vulnerability exploitation, social scoring, predictive policing based solely on profiling, prohibited biometrics, or synthetic intimate abuse risks.
Second, review image, audio, and video generation tools now. If your organisation offers or integrates those capabilities, verify what preventive safeguards exist, how misuse is handled, what default restrictions apply, and how complaints can trigger correction or suspension.
Third, do not leave this to legal teams alone. Product managers, engineers, procurement leads, trust and safety teams, privacy leaders, and senior sponsors need a shared vocabulary around prohibited practices.
Fourth, kill clearly red-flagged use cases early. The cheapest prohibited practice is the one you stop at concept stage, before roadmap commitment, contract negotiation, and launch planning.
Fifth, tighten vendor questions. Ask how a vendor classifies the use under Article 5, what misuse they consider reasonably foreseeable, what safeguards they have implemented, and how they handle reports, circumvention, and abuse trends.
Sixth, track the formal adoption of the 2026 Omnibus amendments. Until publication, there is still a gap between political agreement and operative law. Your governance should reflect both the current text and the near-term direction of travel.
Seventh, keep the distinction between prohibited and high-risk clear in internal documents. Teams make better decisions when they know whether they are dealing with a red line or a controlled use case.
FAQs
Is a prohibited AI practice the same as high-risk AI?
No. High-risk AI can still be used if strict requirements are met. A prohibited AI practice is banned outright for that purpose, subject only to any narrow exceptions written into the law.
Are all emotion recognition tools prohibited?
No. The AI Act specifically prohibits emotion recognition in workplaces and educational institutions, except for medical or safety reasons.
Is real-time facial recognition in public spaces completely banned?
Not completely. The Act prohibits it in principle for law enforcement, but allows narrow exceptions with strict necessity, prior authorisation, and detailed safeguards.
Do the 2026 rules on non-consensual intimate material already apply?
Not yet as operative law. As of 2 June 2026, they are part of a provisional political agreement and will take effect only after formal adoption and publication.
Can a general-purpose image model still be lawful?
Yes. The issue is not simply that the model can generate images. The issue is whether it is placed on the market or used for a prohibited purpose, or designed without reasonable safeguards where abusive use is foreseeable.
What is the leadership mistake to avoid?
Treating prohibited practice review as a late legal check. It needs to happen at concept, design, procurement, and vendor review stage.
Sources
Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (EUR-Lex). Primary source for Article 5's original prohibited AI practices, the law enforcement biometric exception structure, and the date from which the original prohibitions applied.
Commission publishes the Guidelines on prohibited artificial intelligence (AI) practices, as defined by the AI Act (European Commission). Primary source for the Commission's interpretation and practical explanation of Article 5 prohibitions.
Report on the review of prohibitions and high-risk AI (European Commission). Primary source for the Commission's 2026 review, including the identification of a regulatory gap around non-consensual intimate content and child sexual abuse material and the link to the Omnibus agreement.
Artificial Intelligence: Council and Parliament agree to simplify and streamline rules (Council of the European Union). Primary source for the 7 May 2026 provisional agreement adding a new prohibited practice for non-consensual sexual and intimate content and child sexual abuse material.
ST 9247/26 Digital Omnibus on AI compromise text (Council of the European Union). Primary source for the exact proposed text on new Article 5 points, the scope tests, the safeguard condition, deployer purpose test, and the proposed 2 December 2026 application date for the new prohibitions.
Digital Omnibus on AI, Legislative Train Schedule (European Parliament). Secondary source confirming the political agreement, the new prohibited practice, and the broader legislative state of play.