Reminder: EU AI Act prohibited practices took effect Feb 2 2025

The European Union AI Act's prohibited practice provisions entered into force on February 2, 2025, establishing the first legally binding global bans on specific AI applications. Banned practices include: subliminal manipulation techniques that distort behaviour without conscious awareness, exploitation of vulnerable groups including minors and persons with cognitive impairments, social scoring by public authorities, real-time biometric identification in public spaces (with narrow law enforcement exceptions), and emotion recognition AI in workplace and educational settings. Violations can attract fines up to 7% of global annual turnover.

**Why this matters for APAC enterprises with EU market exposure.** The prohibited practices apply extraterritorially: any AI system whose outputs are used within the EU is in scope, regardless of where the system is built or hosted. APAC enterprises supplying AI-enabled B2B products to European customers, operating European subsidiaries, or providing AI as part of software sold into EU markets face direct legal exposure. The most commonly implicated systems for APAC companies are: emotion recognition HR tools used in European hiring, social media content recommendation algorithms that could be characterised as subliminal manipulation, and insurance or credit systems using proxied demographic scoring.

**Common misunderstandings about scope.** The prohibited practices list does not ban emotion recognition AI entirely — it bans emotion recognition in workplace and educational settings. Healthcare and research uses remain permitted. Similarly, biometric identification AI is not banned universally; real-time identification in public spaces (outdoor cameras doing live face matching) is banned, while after-the-fact forensic identification and identity verification remain legal. The precise scope matters for compliance assessments.

**Enforcement timeline and early signals.** The European AI Office has primary enforcement authority for general-purpose AI providers; national data protection authorities (many of which already enforce GDPR) have enforcement authority over deployers. Early enforcement is expected to focus on obvious cases — systems that are clearly in scope for the bans — rather than edge cases. Companies with AU operations or EU customer deployments should conduct a systems inventory against the prohibited practice list before Q4 2025.

**AIMenta's editorial read.** For APAC enterprises with EU market exposure, the February enforcement date is now in the past. If you have not yet conducted a prohibited practices assessment against your deployed AI systems, treat this as overdue. The scope is narrower than media coverage suggests — most enterprise AI applications are not prohibited — but the specific categories (emotion recognition, biometric ID, subliminal manipulation, social scoring) warrant a specific audit against each deployed system.