We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
Book a scoping call
  1. Help Center
  2. Compliance & frameworks
  3. EU AI Act Article 5 — Prohibited practices
Browse categories
Getting started
Shield Control
Shield Web
Policies & presets
Compliance & frameworks
  • EU AI Act Article 26 — Deployer obligations
  • EU AI Act Article 4 — AI literacy
  • EU AI Act Article 5 — Prohibited practices
  • GDPR Article 32 — Security of processing
  • GDPR Article 5 — Principles of processing
  • GDPR Article 6 — Lawfulness of processing
  • Illinois HB 3773 — AI in employment
  • NYC Local Law 144 — Automated employment decision tools
Admin & security
Troubleshooting
FAQ
Getting started
Shield Control
Shield Web
Policies & presets
Compliance & frameworks
  • EU AI Act Article 26 — Deployer obligations
  • EU AI Act Article 4 — AI literacy
  • EU AI Act Article 5 — Prohibited practices
  • GDPR Article 32 — Security of processing
  • GDPR Article 5 — Principles of processing
  • GDPR Article 6 — Lawfulness of processing
  • Illinois HB 3773 — AI in employment
  • NYC Local Law 144 — Automated employment decision tools
Admin & security
Troubleshooting
FAQ

EU AI Act Article 5 — Prohibited practices

Updated July 5, 2026·1 min readAll plans

Note: this explainer is informational and framework references are never a compliance guarantee — align your program with your legal counsel.

What Article 5 requires

Article 5 prohibits AI practices the EU deems unacceptable — among them manipulative techniques that materially distort behavior and cause harm, exploitation of vulnerabilities, social scoring, and untargeted scraping for facial-recognition databases. These prohibitions are already in force, with the AI Act's highest penalty band attached.

What it means for your company

No sane company sets out to deploy a prohibited system — the real risk is unknowingly using one: an employee adopts an unvetted tool whose functionality crosses an Article 5 line, and your organization is the deployer. The practical duty is therefore control over which AI tools enter your environment at all.

How Shield operationalizes it

The Block unsanctioned / high-risk AI tools preset (referenced to Art. 5) fully blocks known high-risk tools, org-wide, for whichever of them appear in your environment. Upstream of that, AI Discovery makes every new tool visible for triage — you decide what is sanctioned before it becomes habit, and the "Ungoverned" metric shows your open exposure at a glance.

Apply it via the preset library; it is part of the EU AI Act & GDPR Starter bundle.

The outcome

Prohibited-class and high-risk tools cannot quietly take root: discovery surfaces them, the block policy stops them, and the audit trail evidences that your organization exercised the control Article 5 assumes.

Was this article helpful?

Related articles

Apply policy presets and bundles

Deploy compliance-ready policies from the preset library — EU AI Act, GDPR, DIFC, Korea AI Basic Act, US AI in Employment, and ISO 42001/NIST bundles.

Read article

EU AI Act Article 26 — Deployer obligations

Article 26 defines your duties when deploying high-risk AI — applicable from December 2027 under the Digital Omnibus. What paragraphs (1), (5), and (6) require and how Shield prepares you now.

Read article

EU AI Act Article 4 — AI literacy

Article 4 requires a sufficient level of AI literacy in your workforce — already in force. What that means in practice, and how Shield turns it into an operational program.

Read article

GDPR Article 32 — Security of processing

Appropriate technical and organizational measures, including for the AI channel: how blocking secrets, redacting personal data, and warning on source code map to Article 32.

Read article

Still stuck?

Send us the details — we answer within one business day.

Contact support

On this page

  • What Article 5 requires
  • What it means for your company
  • How Shield operationalizes it
  • The outcome

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing
    • Download
  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams
  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services
  • Resources

    • Help Center
    • Blog
    • Guides
    • Glossary
    • Changelog
    • AI Risk Calculator
    • Compare
    • FAQ
  • Company

    • About
    • Careers
    • Security & Trust
    • Contact
  • Legal

    • Legal
    • Privacy
    • Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.