Home · Synthesis · cl-ai-prohibited-practices

EU AI Act prohibited practices + India AI capacity building

EU AI ActMeitY AI

Primary statement

EU AI Act Article 5 prohibited practices (eight categories + Dec 2026 addition for nudifier/CSAM) + Article 2 jurisdictional scope + Article 10 data and data governance for HRAIS. Plus India MeitY AIGG2025.13 capacity building. The prohibited practices are absolute — no risk treatment, no mitigation acceptable.

Audit-fatigue payoff

A unified prohibited practices screening — applied to all AI systems at design and deployment gates — satisfies Article 5 + adjacent requirements across both contributing frameworks.

Strictness matrix

Scope
Scope: eight prohibited categories (+ Dec 2026 nudifier/CSAM addition) — subliminal techniques, exploitation of vulnerability, social scoring, biometric categorisation of sensitive attributes, real-time remote biometric identification in public spaces (with narrow exceptions), individual risk assessment for criminal offences, facial scraping for facial recognition databases, emotion recognition in workplace/education (with exceptions). Ceiling source: eu_ai_act:Art.5 Rationale: EU AI Act Art 5 enumerated prohibitions are absolute.
Threshold
Threshold: ABSOLUTE prohibition. No risk mitigation, no contractual safeguard, no transparency disclosure makes prohibited practices acceptable. Binary — practice prohibited or not. Ceiling source: eu_ai_act:Art.5 Rationale: EU AI Act Art 5 absolute-prohibition threshold is uniquely strict.
Method
Method: AI screening at design + procurement + deployment gates against eight categories + Art 5 documentation + integration with Art 2 jurisdictional scope (extraterritorial reach) + Art 10 data governance for HRAIS + capacity building (MeitY AIGG2025.13). Ceiling source: eu_ai_act:Art.5 Rationale: EU AI Act Art 5 + Art 2 + Art 10 + MeitY combined are most prescriptive.
Frequency
Screening: per AI system at every gate (design, procurement, deployment, material change). Continuous monitoring for Art 5 prohibited practices throughout operation. Ceiling source: eu_ai_act:Art.5 Rationale: Per-gate screening is the audit-defensible cadence.
Evidence
Evidence: AI screening methodology + per-system Art 5 screening records + screening at each gate (design, procurement, deployment) + capacity building records (MeitY). Ceiling source: eu_ai_act:Art.5 Rationale: EU AI Act Art 5 evidence with per-system screening is comprehensive.

Auditor test pattern

Step 1: Inspect AI screening methodology. Step 2: For each AI system in inventory, verify Art 5 screening record. Step 3: Verify screening triggered at design + procurement + deployment gates. Step 4: For Dec 2026 nudifier/CSAM addition, verify preparation.

Common findings

Common findings: (1) Art 5 screening never performed; (2) Screening at design only, not procurement / deployment; (3) Dec 2026 addition not in scope of screening; (4) Capacity building absent.