EU AI Act Art.5 Prohibited Practices 2026: What SaaS Developers Must Disable Before August

Post #1329 in the sota.io EU Compliance Series

Article 5 of the EU AI Act lists AI practices that are not merely regulated — they are forbidden outright. No conformity assessment, no CE marking, no data governance framework makes them legal. If your product contains one of these features, it must be removed before enforcement begins.

The original prohibited list took effect on February 2, 2025. The Omnibus revision, formally adopted in July 2026, has extended that list with new categories targeting NCII deepfakes, emotional manipulation, and expanded biometric weaponization. For SaaS developers, the critical planning horizon is August 2, 2026 — when the second wave of Omnibus-amended prohibitions become enforceable.

Why Prohibited Practices Are Different from High-Risk AI

Before diving into the list, it is worth understanding the legal architecture. The AI Act creates a tiered system:

• High-risk AI (Annex III) — permitted but subject to conformity assessments, technical documentation, transparency requirements, and registration in the EU database
• Limited-risk AI — permitted with transparency obligations (disclosure that a user is interacting with AI)
• Minimal-risk AI — permitted with no specific requirements
• Prohibited AI (Article 5) — banned entirely, regardless of safety measures taken

The distinction matters because prohibited AI cannot be "compliant" in any meaningful sense. You cannot document your way out of a prohibition. The only path to compliance is removing or fundamentally restructuring the feature.

Penalties for deploying prohibited AI: up to €35 million or 7% of global annual turnover, whichever is higher. This is the highest penalty tier in the AI Act, sitting above high-risk violations (€15M/3%) and transparency violations (€7.5M/1.5%).

The Original Art.5 Prohibitions (in force since 2025-02-02)

1. Real-Time Remote Biometric Identification in Public Spaces

What is prohibited: Using AI to identify individuals in real time from biometric data (face, gait, fingerprint, iris) in publicly accessible spaces for law enforcement purposes without prior judicial authorisation.

Exceptions exist for three narrow law enforcement scenarios (searching for missing persons, preventing specific imminent terrorist threats, prosecuting specific serious crimes listed in the Directive), but these require case-by-case authorisation and are unavailable to private operators entirely.

SaaS implications: If your platform offers crowd analytics, retail heat mapping, or security camera intelligence that identifies individuals without consent, you must audit whether your system meets the definition of "real-time remote biometric identification." The Act defines "real-time" as any situation where identification occurs before the subject has left the area — post-processing from recorded footage has different treatment under Article 10.

What to do: Remove real-time identification from publicly accessible deployments. If you offer biometric attendance or access control in private premises (offices, factories), you are not in scope for this prohibition, but you are in scope for the high-risk AI provisions of Annex III, Point 1(A).

2. Retrospective Remote Biometric Identification — Except for Prosecution of Serious Crimes

What is prohibited: Large-scale retrospective biometric identification — building databases from scraped or collected biometric data to identify individuals after the fact.

This addresses the business models of companies like Clearview AI: scraping billions of faces from the internet, building identification databases, and licensing access to law enforcement.

SaaS implications: Any product that aggregates biometric data to build searchable identification databases is directly prohibited. This includes:

• Face recognition APIs that compare uploaded images against a proprietary database of individuals who did not consent
• Services that scrape LinkedIn, social media, or public surveillance footage to build people-search databases
• Employee monitoring tools that build individual behavioral biometric profiles without explicit consent for identification purposes

What to do: If you build or license biometric identification databases: stop. There is no compliant version of this product for private operators in the EU. Existing datasets must be reviewed for GDPR adequacy and — if used for identification at scale — deleted.

3. Social Scoring by Public Authorities

What is prohibited: AI systems that evaluate or classify individuals or groups based on social behaviour or personal characteristics to produce a social score that leads to detrimental treatment unrelated to the context of the data generation, or disproportionate harm.

SaaS implications: The prohibition explicitly covers public authorities. Private sector use cases are not directly captured here — but courts and regulators in several EU member states have taken the position that private insurance, credit, and employment scoring systems that use protected characteristics or proxies for protected characteristics violate GDPR's Article 22 (automated decision-making) even without the AI Act. The prohibition closes the door on any government-adjacent contract involving social scoring.

What to do: Avoid selling social scoring functionality to public sector clients. If your product scores individuals on "reliability," "risk," or "social compatibility" in ways that aggregate data across context boundaries (health → employment, online behaviour → credit), seek legal review before entering the EU public sector market.

4. AI Exploiting Vulnerabilities of Specific Groups

What is prohibited: AI systems that deploy subliminal techniques beyond a person's consciousness, or that exploit specific vulnerabilities of a group (age, disability, social/economic situation) to materially distort behaviour in a way that causes or is likely to cause significant harm.

SaaS implications: This covers:

• Addiction-design features in social media and gaming platforms that target vulnerable users
• Dark pattern UX that uses AI to identify hesitation signals and deploy fear-of-missing-out triggers at moments of cognitive vulnerability
• Financial products that use ML to detect emotional distress and escalate cross-selling at that moment
• Any AI system that specifically identifies and exploits low-digital-literacy users

What to do: Review onboarding and conversion funnels for AI-driven personalization that uses behavioural vulnerability signals. Engagement-maximizing recommendation systems that specifically downrank protective content for identified at-risk users (addiction, eating disorders, self-harm) face the most direct exposure.

5. Emotion Recognition in Workplaces and Educational Institutions

What is prohibited: AI systems that infer emotions of individuals in the workplace or educational institutions.

This prohibition is categorical and without exceptions. It covers:

• Engagement scoring of employees based on facial expression during video calls
• Stress detection for performance management
• Attention or concentration analysis for students
• Productivity monitoring that uses facial expression or vocal tone

SaaS implications: This is one of the most commercially relevant prohibitions. Dozens of HR technology products marketed in 2024 as "employee engagement AI" or "workforce analytics" included emotion inference components. Any product that claims to measure, score, or report on emotional states of employees or students must remove that functionality before operating in the EU.

What to do: Audit your product for emotion inference. This includes features marketed under adjacent labels: "engagement scoring," "attention analysis," "stress detection," "sentiment measurement from voice." If the underlying model infers emotional states from facial images, voice patterns, or physiological signals — it is prohibited. The prohibition does not require the output label to say "emotion."

6. Biometric Categorisation for Sensitive Characteristics

What is prohibited: AI systems that categorise individuals based on biometric data to infer or deduce race, political opinions, trade union membership, religious or philosophical beliefs, or sexual orientation.

SaaS implications: This catches demographic inference products: systems that guess protected characteristics from face images, voice, or movement data to enable targeting or profiling. It also applies to systems that use biometric categorisation to enable discrimination — even if the downstream use is framed as personalisation or recommendation.

What to do: Remove any model that takes biometric inputs and produces outputs that include or correlate with protected characteristic categories, even if those categories are not explicitly labelled in the output. A model that outputs "Group A / Group B" where Group A correlates 90% with a protected religious group is categorisation in practice.

New Prohibitions Added by the Omnibus (effective 2026-08-02)

The EU AI Act Omnibus, formally adopted in July 2026, added three new categories to Article 5. These become enforceable on August 2, 2026 — the same date as several other Omnibus-amended provisions.

7. Non-Consensual Intimate Image Generation (NCII)

What is prohibited: AI systems specifically designed or deployed to generate realistic synthetic intimate images of identifiable individuals without their consent.

This closes a significant gap. The original AI Act did not explicitly address deepfake pornography and NCII. Under the Omnibus, any SaaS product whose primary or significant commercial use case involves generating intimate images of real people without consent is prohibited. This covers:

• Image synthesis APIs used primarily for NCII generation
• Character-to-face substitution models deployed in adult content platforms
• "Face swap" products where the product is specifically marketed for or primarily used for intimate image generation

What to do: If your platform hosts or enables NCII generation at scale, you need to implement robust prohibitions before August 2026. The Omnibus imposes both the ban and requires proactive technical controls — not merely a terms-of-service prohibition.

8. Manipulative AI Without Consent Signals

What is prohibited (extended scope): The Omnibus extended Prohibition 4 (exploitation of vulnerabilities) to cover any AI system that uses psychological profiling to identify and exploit decision-making biases, emotional states, or cognitive limitations to drive commercial decisions without meaningful consent mechanisms.

This is broader than the original prohibition, which focused on "specific vulnerable groups." The extension captures general-population manipulation: A/B testing frameworks that systematically identify and exploit cognitive biases (urgency heuristics, social proof cascades, anchoring) across the general population.

SaaS implications: This is where the Omnibus gets into growth engineering territory. If your product includes AI-driven conversion optimization that identifies psychological trigger points and personalizes them — and if you cannot demonstrate that users had a meaningful opportunity to understand and opt out of this personalization — you may be operating in the extended prohibition zone.

What to do: Implement consent architecture that clearly explains AI-driven personalization for commercial purposes. "We use AI to improve your experience" does not constitute adequate consent. Specific categories (personalized pricing, urgency signals, social proof manipulation) require separate, specific consent.

9. Facial Recognition Databases from Untargeted Scraping

What is prohibited (new explicit provision): Building or expanding facial recognition training datasets through untargeted scraping of facial images from the internet or CCTV footage.

This existed implicitly under GDPR's lawful basis requirements and the original prohibition 6 — but the Omnibus makes it an explicit Article 5 prohibition to close uncertainty created by enforcement inconsistency across member states.

SaaS implications: If your computer vision product improves models by scraping publicly posted images (Instagram, LinkedIn, news sites) without the consent of the individuals depicted, you must stop. This covers both the scraping activity and the use of scraped datasets in model training.

What to do: Audit model training data provenance. If facial data was collected through untargeted scraping post-February 2025, legal exposure is significant. Synthetic data generation from consented source datasets is an increasingly viable alternative that several EU-based vision AI companies have shifted to.

The Compliance Audit Checklist for SaaS Developers

Before August 2, 2026, every EU-market SaaS product should complete the following assessment:

Biometric Processing:

• Does any feature process biometric data (face, voice, gait, fingerprint) to identify individuals in public spaces in real time? → Prohibited
• Does any feature build or query identification databases from scraped biometric data? → Prohibited
• Does any feature categorise individuals by race, political opinion, religion, or sexual orientation from biometric data? → Prohibited

Workplace and Education AI:

• Does any feature infer employee emotional states from face, voice, or physiological signals? → Prohibited
• Does any feature generate emotion-derived engagement or productivity scores? → Prohibited
• Does any feature analyse student attention or emotional state in educational settings? → Prohibited

Manipulation and Exploitation:

• Does any AI feature specifically identify and exploit psychological vulnerabilities to drive commercial behaviour? → Potentially prohibited (especially post-Omnibus extension)
• Does any feature use AI to generate intimate images of identifiable individuals? → Prohibited

Data Provenance:

• Were any facial recognition training datasets built from untargeted internet scraping after February 2025? → Prohibited (Omnibus explicit provision)

What Enforcement Looks Like in Practice

The EU AI Act created national market surveillance authorities in each member state. Germany's Federal Network Agency (Bundesnetzagentur), France's CNIL, and the Netherlands' Authority for the Financial Markets have been designated as lead supervisors in their respective jurisdictions. The European AI Office coordinates cross-border enforcement.

Enforcement of prohibited practices works differently from high-risk AI violations:

High-risk AI violations typically begin with a notice-and-cure period. Authorities flag non-conformity, you have time to remediate.

Prohibited AI violations are not subject to cure periods in most member states' implementing legislation. The product is illegal. Authorities can issue immediate suspension orders, mandatory withdrawal, and penalty decisions without a prior remediation window.

For SaaS products distributed across multiple EU member states, a prohibited practices finding in one country is likely to trigger coordinated action under the AI Office's cross-border mechanism. The €35M/7% penalty cap is calculated on global turnover — not EU revenue.

The Documentation You Need Anyway

Even if your product does not currently include any prohibited features, you should maintain documentation demonstrating that assessment — specifically:

1. Feature inventory with AI/ML component identification
2. Processing activity records showing what data is used, how, and for what inference purpose
3. Use case analysis mapping features to Art.5 categories with explicit "not applicable because..." rationale
4. Training data provenance records for any biometric processing models

This documentation serves two purposes: it protects you in an audit, and it helps your legal team identify edge cases before they become enforcement events.

EU-Native Alternatives to Common Prohibited Features

For each prohibited category, EU-native or prohibition-compliant alternatives exist:

Coming Next in This Series

This post covers the prohibited practices overview. Upcoming posts will examine each category in depth:

• Post #2: Biometric Surveillance Bans — Real-Time CCTV, Facial Recognition in Retail, and What "Public Space" Means
• Post #3: Emotion Recognition Prohibition — Workplace Monitoring Tools, Video Interview AI, and HR Platform Obligations
• Post #4: Social Scoring and Manipulation Bans — Credit AI, Dark Patterns, and Conversion Engineering
• Post #5: Complete Prohibited Practices Compliance Framework — Audit Templates, Legal Defensibility, and EU-Native Stack

sota.io is a European cloud platform committed to EU-first compliance. Our infrastructure runs entirely within EU jurisdiction — no CLOUD Act exposure, no US subprocessors.