AIG-024 Prohibited AI Practices
Description
The organisation maintains a documented list of AI use cases that are prohibited, aligned with applicable law and organisational policy. Prohibited uses include at minimum: manipulation of persons through subliminal or deceptive techniques; exploitation of individual vulnerabilities to influence behaviour; real-time biometric identification in public spaces for law enforcement (without legal authorisation); social scoring systems; and any use case specifically excluded in the AI policy. Products and features are reviewed against the prohibited use list before launch. Third-party AI tools acquired by the organisation are also evaluated against this list.
Rationale
Prohibited use lists translate regulatory red lines (EU AI Act Article 5) and ethical commitments into operational guardrails that engineering and product teams can evaluate against.
Framework Mappings (8)
| EU-AI-Art.5.1a | Prohibited — Subliminal and Manipulative Techniques | full |
| EU-AI-Art.5.1b | Prohibited — Exploitation of Individual Vulnerabilities | full |
| EU-AI-Art.5.1c | Prohibited — Social Scoring Systems | full |
| EU-AI-Art.5.1d | Prohibited — Criminal Risk Assessment by Profiling Alone | full |
| EU-AI-Art.5.1e | Prohibited — Facial Recognition Database Scraping | full |
| EU-AI-Art.5.1f | Prohibited — Emotion Inference in Workplaces and Education | full |
| EU-AI-Art.5.1g | Prohibited — Biometric Categorisation for Protected Characteristics | full |
| EU-AI-Art.5.1h | Prohibited — Real-Time Remote Biometric Identification in Public Spaces | full |
Evidence (2)
Documented prohibited AI use list aligned with applicable law and the organisational AI policy, covering at minimum the categories specified in EU AI Act Art. 5 and any additional organisational exclusions.
Example: AI Prohibited Use Register v2.0 (Confluence), listing 12 prohibited categories including subliminal manipulation, social scoring, real-time biometric ID in public spaces, and 4 organisation-specific prohibitions; reviewed by Legal and approved by CTO 2025-11-01
Test: Request the prohibited AI use document. Verify: (1) all EU AI Act Art. 5.1 categories are enumerated (a–h), (2) any additional organisational prohibitions are documented with rationale, (3) the list is approved and dated within the last 12 months, (4) a mechanism for reviewing new products and features against this list is described.
Pre-launch review records for AI products and features demonstrating that each was assessed against the prohibited use list before release.
Example: Product Launch Review — AI Hiring Filter v1.2 (Jira AI-LAUNCH-2025-009): prohibited use checklist completed, social scoring and biometric categorisation criteria confirmed not applicable, legal sign-off recorded 2025-08-20
Test: Request pre-launch review records for the last 3 AI product or feature releases. Verify: (1) prohibited use checklist was completed before launch, (2) each prohibited category was explicitly assessed (not left blank), (3) legal or compliance sign-off is recorded, (4) any borderline cases were escalated and resolved with documented rationale.
Questions (2)
Does your organisation maintain a documented list of AI use cases that are prohibited?
A prohibited use list translates regulatory red lines (EU AI Act Art. 5) and organisational ethics commitments into concrete guardrails that engineering and product teams can evaluate against during design and launch review.
Which of the following prohibited use categories are explicitly enumerated in your prohibited AI use list?
All seven categories reflect EU AI Act Art. 5.1 prohibited practices. Missing any of these from a documented list is a compliance gap for organisations subject to the EU AI Act.