EU AI Act prohibited practices: complete compliance guide for May 2026

The EU AI Act, effective since August 2025, categorically bans eight specific categories of AI practices deemed harmful and incompatible with EU fundamental rights, imposing substantial penalties of up to €35 million or 7% of global revenue for violations. These prohibited practices include subliminal manipulation, exploitation of vulnerabilities, social scoring, emotion recognition in workplaces and education, biometric categorization, predictive policing based solely on profiling, untargeted facial image scraping, and real-time remote biometric identification in public spaces. The Act mandates pre-deployment classification, continuous monitoring for feature drift, and annual reviews to ensure compliance, as the European Commission can expand the list of prohibited categories without prior notice. The prohibited practices are regarded as fundamental rights breaches, not mere compliance failures, and require robust governance infrastructure to maintain evidence of compliance throughout the AI systems' lifecycle, with organizations needing to demonstrate real-time visibility into model behavior and maintain audit-ready trails to avoid regulatory exposure.