EU AI Act Art. 5: Banned Practices to Drop by August

EU AI Act Article 5: The Eight Prohibited AI Practices Luxembourg Companies Must Stop Before August 2026

Learn more about AI implementation in Luxembourg in our comprehensive guide.

Most of the Luxembourg AI Act conversation in 2026 has been about high-risk systems, GPAI obligations, and the AI literacy duty. We have covered each in turn — the August 2026 deadline overview, the high-risk systems roadmap, the GPAI / foundation-model breakdown, and the Article 4 AI literacy obligation. The piece almost no Luxembourg company has read closely is the shortest and the strictest part of the Act: Article 5. It does not regulate — it prohibits.

The Article 5 prohibitions have technically been applicable since 2 February 2025, well before the high-risk-system rules that hit on 2 August 2026. But enforcement, fines, and the national-authority designation under ILNAS land in the same August wave. With ~9–10 weeks to go, this is the right moment for a Luxembourg company to check it has not, inadvertently, deployed one of the banned uses inside a chatbot, an HR tool, a marketing optimiser, or a security camera platform.

The penalty makes this the most expensive Article in the Act

Article 5 carries the heaviest financial sanction in the regulation: up to €35 million or 7% of worldwide annual turnover, whichever is higher. That is materially above the high-risk-systems penalty (the lower €15 million / 3% band) and above the GPAI penalty band. The drafters chose this consciously: these are the uses considered incompatible with EU fundamental rights, full stop.

For a Luxembourg-headquartered group of any size — a fintech, a fund administrator, a multilingual SaaS, a retailer — 7% of group turnover is an existential number. The way to think about Article 5 is not "compliance risk" in the usual sense. It is closer to a hard product-design constraint: a class of features that cannot exist in your AI stack, regardless of how commercially attractive they might appear.

The eight prohibited practices, in plain language

The Act is dense; the substance is not. Here is what each prohibition actually means and where Luxembourg companies most often drift toward it.

1. Subliminal, manipulative or deceptive techniques that materially distort behaviour

AI systems that use techniques operating below the threshold of a person's awareness — or are deliberately manipulative or deceptive — and that cause the person to make a decision they would not otherwise have made, with significant harm. This is broader than it sounds. Conversion-rate-optimisation AI that personalises against a user's documented biases to push purchases the user genuinely cannot afford is in scope. So is a "support" chatbot designed to appear human, where the deception itself drives a contractual decision.

Where Luxembourg companies drift: aggressive ML-driven nudging in fintech onboarding flows, or "AI advisor" framing of what is actually a paid-distribution recommendation engine. The fix is usually a transparency redesign rather than killing the product.

2. Exploiting vulnerabilities (age, disability, socio-economic situation)

AI systems that exploit a vulnerability of a specific group — minors, people with disabilities, people in precarious economic situations — to materially distort their behaviour with likely harm. This is a stricter cousin of (1) and does not require subliminal techniques: aiming the manipulation at a protected group is enough.

Where Luxembourg companies drift: insurance and credit cross-sell models that materially over-target people the data flags as financially stretched. The internal "this segment converts 4× better" memo is the smoking gun in the post-incident audit.

3. Social scoring by public authorities or on their behalf

AI-driven evaluation or classification of natural persons based on social behaviour or personal characteristics, where the scoring leads to detrimental or unfavourable treatment in unrelated contexts or in a way that is unjustified or disproportionate.

Where Luxembourg drifts: this is mostly a public-administration concern (see our communes AI guide for the cleaner side). Private firms rarely meet the "by or on behalf of public authorities" trigger, but a CSSF-supervised firm running cross-product, cross-context customer-quality scoring should still pressure-test it against this language — even if Article 5(3) does not formally apply, the spirit of it foreshadows where enforcement attention will land.

4. Predictive policing of individuals based solely on profiling

AI used to assess or predict the risk of a person committing a criminal offence, solely on the basis of profiling or personality traits. The word "solely" matters — there is a narrow carve-out where the assessment supports a human investigator working from objective, verifiable facts directly linked to a criminal activity. The blanket profile-only system is banned.

Where Luxembourg drifts: AML/fraud monitoring is not prohibited — but if your AML model produces a "high-risk person" output that drives a customer-life-cycle decision without a verifiable factual nexus, you are in dangerous territory. Document the factual basis, document the human-in-the-loop.

5. Untargeted scraping of facial images for biometric databases

Building or expanding facial-recognition databases through untargeted scraping of facial images from the internet or CCTV footage.

Where Luxembourg drifts: rarely intentionally, but the retail-security and physical-security sectors sometimes inherit vendor stacks that quietly do this. A short audit of any computer-vision vendor's training-data provenance is the right safeguard — the vendor due-diligence checklist covers exactly this kind of question.

6. Emotion recognition in the workplace and in education

AI inferring emotions of natural persons in workplaces or educational institutions — outside narrow medical or safety carve-outs. This bites broader than HR-tech vendors realise.

Where Luxembourg drifts: "engagement scoring" in remote-work monitoring tools, sentiment-analysis dashboards over Teams/Zoom calls for sales coaching, AI proctoring in employee training platforms. Any of these in a Luxembourg workplace context need to be removed or restructured before 2 August.

7. Biometric categorisation inferring sensitive attributes

Biometric categorisation systems that categorise individuals based on biometric data to infer race, political opinions, trade-union membership, religious or philosophical beliefs, sex life, or sexual orientation. Filtering of legally acquired biometric datasets in law-enforcement contexts has a narrow carve-out; everything else is prohibited.

Where Luxembourg drifts: marketing-tech audience-builder products that quietly use facial analysis to infer demographic attributes. Rare in Luxembourg-headquartered stacks but common in inherited US-built ad-tech components. Worth a deliberate vendor scan.

8. Real-time remote biometric identification in publicly accessible spaces (for law enforcement)

This one is overwhelmingly a public-sector concern with narrow law-enforcement carve-outs subject to judicial authorisation. Private Luxembourg firms are almost never the deployer — but they can be the provider if their product is sold into that use case. If you are building computer-vision tooling and any of your buyers are in this category, the obligations on you as a provider are significant.

How to run an Article 5 audit in three meetings

A pragmatic, week-long internal sweep:

Meeting 1 — Inventory (60 minutes, product + IT + DPO). List every AI feature in production and in pilot, including the ones built by marketing and HR without IT involvement. The undocumented "shadow AI" is where Article 5 problems almost always sit. The AI literacy framework from Article 4 helps here: the team that has had the training is the team that surfaces these.

Meeting 2 — Map (90 minutes, same group + a legal reviewer). Walk each item against the eight prohibitions. Most items are obviously safe; a small number trigger the "let's check" instinct. Document the reasoning either way — that document is your defence file.

Meeting 3 — Decide (60 minutes, with the management member who can shut a feature down). For each flagged item: keep with documented justification, restructure to remove the prohibited element, or kill. Build vs. buy questions sometimes resurface here — see our build vs. buy decision guide for the framing.

Three meetings, one short defence file. That is the entire Article 5 compliance exercise for the typical Luxembourg SME or mid-cap.

How this fits inside the wider AI Act file

Article 5 is the prohibition layer. The high-risk-systems and GPAI obligations sit on top, governing the much larger universe of AI uses that are permitted but regulated. The right mental model is concentric:

• Innermost circle — Article 5 prohibitions: uses that cannot exist.
• Middle circle — high-risk systems (Annex III): uses that must be heavily documented and governed (see the high-risk roadmap).
• Outer circle — GPAI obligations: transparency and downstream-information duties on foundation-model providers and the companies building on them (see the GPAI breakdown).
• All-of-it — Article 4 literacy: the staff-readiness baseline that runs across the whole regulation.

For CSSF-supervised firms, the DORA + AI Act overlap sits parallel to all of this and the documentation expectations compound rather than substitute.

The Luxembourg context: ILNAS, the CNPD, and what enforcement will look like

Luxembourg's national designations under the AI Act are stabilising around ILNAS as the lead market-surveillance authority for AI, with the CNPD retaining the data-protection dimension where personal data is involved. The CSSF retains supervisory authority over financial institutions. Practical implication: in a regulated firm, expect Article 5 questions to arrive through both ILNAS (as a market-surveillance authority) and the sectoral regulator (via the existing supervisory relationship).

The early-enforcement profile we expect — based on how DSA and DMA played out — is targeted, high-profile, and used to set the tone rather than to fill an enforcement quota. The first published Luxembourg enforcement action under Article 5 will be a calibration message; the right place to be on 2 August is two steps away from it, with the three-meeting defence file ready.

What we actually do

We run the Article 5 sweep as a one-week governance exercise inside the wider AI Act readiness work. The deliverable is the defence file: an inventory of every AI use in the organisation, an explicit Article 5 assessment per item, the decision and the reasoning, and a record of the management approval. The same exercise typically surfaces the next 2–3 highest-ROI AI workloads to add — because the inventory is also a roadmap.

If you have not yet run an Article 5 sweep — and almost no Luxembourg company we have walked into in 2026 has — book an AI Act readiness session. One week, three meetings, a signed defence file, and a clean conscience on the riskiest article in the regulation.

Related reading:

• EU AI Act August 2026 deadline — Luxembourg compliance overview
• EU AI Act high-risk systems — Luxembourg compliance roadmap
• EU AI Act GPAI / foundation-model obligations
• EU AI Act Article 4 AI literacy obligation
• DORA + EU AI Act: Luxembourg financial compliance in 2026
• AI vendor due-diligence checklist for Luxembourg buyers
• AI Knowledge Hub — 20 More Resources