EU AI Act Article 5 — Prohibited practices
Note: this explainer is informational and framework references are never a compliance guarantee — align your program with your legal counsel.
What Article 5 requires
Article 5 prohibits AI practices the EU deems unacceptable — among them manipulative techniques that materially distort behavior and cause harm, exploitation of vulnerabilities, social scoring, and untargeted scraping for facial-recognition databases. These prohibitions are already in force, with the AI Act's highest penalty band attached.
What it means for your company
No sane company sets out to deploy a prohibited system — the real risk is unknowingly using one: an employee adopts an unvetted tool whose functionality crosses an Article 5 line, and your organization is the deployer. The practical duty is therefore control over which AI tools enter your environment at all.
How Shield operationalizes it
The Block unsanctioned / high-risk AI tools preset (referenced to Art. 5) fully blocks known high-risk tools, org-wide, for whichever of them appear in your environment. Upstream of that, AI Discovery makes every new tool visible for triage — you decide what is sanctioned before it becomes habit, and the "Ungoverned" metric shows your open exposure at a glance.
Apply it via the preset library; it is part of the EU AI Act & GDPR Starter bundle.
The outcome
Prohibited-class and high-risk tools cannot quietly take root: discovery surfaces them, the block policy stops them, and the audit trail evidences that your organization exercised the control Article 5 assumes.
Was this article helpful?
Related articles
Apply policy presets and bundles
Deploy compliance-ready policies from the preset library — EU AI Act, GDPR, DIFC, Korea AI Basic Act, US AI in Employment, and ISO 42001/NIST bundles.
Read articleEU AI Act Article 26 — Deployer obligations
Article 26 defines your duties when deploying high-risk AI — applicable from December 2027 under the Digital Omnibus. What paragraphs (1), (5), and (6) require and how Shield prepares you now.
Read articleEU AI Act Article 4 — AI literacy
Article 4 requires a sufficient level of AI literacy in your workforce — already in force. What that means in practice, and how Shield turns it into an operational program.
Read articleGDPR Article 32 — Security of processing
Appropriate technical and organizational measures, including for the AI channel: how blocking secrets, redacting personal data, and warning on source code map to Article 32.
Read articleStill stuck?
Send us the details — we answer within one business day.