AI Regulation in Action: How the EU AI Act’s Prohibited Practices Impact Your Business

February 12, 2025 – The European Union's Artificial Intelligence Act (AI Act) has entered a pivotal phase, with its initial provisions on prohibited practices becoming enforceable as of February 2, 2025. This development demands immediate attention from businesses across Europe, including those in the United Kingdom, particularly if they operate within the EU market.

Key Prohibited AI Practices Under the AI Act:

The AI Act employs a risk-based framework, categorising AI systems based on their potential impact on fundamental rights and safety. The following practices are now explicitly prohibited:

• Subliminal Manipulation: AI systems designed to manipulate human behaviour without conscious awareness, potentially causing harm.
  
  
• Exploitation of Vulnerabilities: Deploying AI that takes advantage of individuals’ vulnerabilities due to age, disability, or socio-economic status.
  
  
• Social Scoring: Systems that evaluate or classify individuals based on personal data unrelated to the context, leading to unjustified or adverse treatment.
  
  
• Real-Time Remote Biometric Identification: Particularly in public spaces, unless strictly necessary for law enforcement purposes and subject to appropriate safeguards.

These prohibitions aim to safeguard fundamental rights and prevent misuse of AI technologies.

Guidance and Enforcement:

The European Commission has published guidelines to assist stakeholders in understanding and complying with these prohibitions. These guidelines offer legal explanations and practical examples to ensure clarity and facilitate adherence. 

digital-strategy.ec.europa.eu

Enforcement of the AI Act is assigned to market surveillance authorities designated by EU Member States and the European Data Protection Supervisor. Businesses found in violation of these prohibitions may face significant penalties, including fines of up to 7% of their global annual turnover. 

ft.com

Implications for UK Businesses:

While the United Kingdom has departed from the EU, UK companies operating within the EU or engaging with EU citizens must comply with the AI Act’s provisions. Additionally, the UK is developing its own regulatory framework for AI. On January 31, 2025, the Department for Science, Innovation and Technology (DSIT) published a new AI Cyber Security Code of Practice, aiming to guide businesses in securing their AI systems against cyber threats. 

gov.uk

Furthermore, the UK government has outlined an AI action plan that emphasises a sector-based regulatory approach, with regulators expected to consider cross-sector principles such as safety, transparency, fairness, accountability, and contestability in their oversight of AI applications.

Steps for Businesses to Ensure Compliance:

Organisations must take proactive measures to align with the evolving regulatory landscape:

1. Conduct Comprehensive Risk Assessments: Evaluate existing and planned AI systems to identify potential risks and ensure they do not fall under prohibited categories.
   
   
2. Implement Robust Data Governance Policies: Ensure transparency in data collection, storage, and processing, adhering to relevant data protection regulations.
   
   
3. Establish Compliance Frameworks: Develop internal policies and training programs to promote adherence to AI regulations across all levels of the organisation.
   
   
4. Engage with Regulatory Authorities: Maintain open communication with relevant bodies to stay informed about compliance expectations and updates to the regulatory framework.
   
   
5. Monitor and Audit AI Systems: Regularly review AI deployments to ensure ongoing compliance and address any emerging risks promptly.

By taking these steps, businesses can navigate the complexities of AI regulation, mitigate potential compliance risks, and contribute to the responsible development and deployment of AI technologies.

Conclusion:

The enforcement of the AI Act’s prohibited practices provisions marks a transformative moment in AI regulation within the European Union. As the regulatory environment continues to evolve, businesses must remain vigilant, proactive, and committed to ethical AI practices to thrive in this new era of accountability. While the prohibited practices are now enforceable, the full application of the AI Act is set for August 2, 2026.

Additional Resources:

• Commission publishes the Guidelines on prohibited artificial intelligence (AI) practices, as defined by the AI Act
• Code of Practice for the Cyber Security of AI

By leveraging these resources, businesses can better understand the regulatory expectations and implement best practices to ensure compliance and foster trust in their AI systems.