§ EU AI Act · Article 5
AI Act Article 5: Obligations, Deadlines & Penalties
At a glance
Article 5 of the AI Act imposes 16 obligations on deployer, independent administrative authority, judicial authority and 2 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 5
Obligation 1
Prohibit the placing on the market, putting into service, or use of AI systems that deploy subliminal techniques or purposefully manipulative/deceptive techniques to materially distort behavior and cause significant harm.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
Obligation 2
Prohibit the placing on the market, putting into service, or use of AI systems that exploit vulnerabilities of natural persons or groups due to age, disability, or social/economic situation to materially distort behavior and cause significant harm.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
Obligation 3
Prohibit the placing on the market, putting into service, or use of AI systems for social scoring that leads to detrimental or unjustified treatment of persons based on social behavior or personal characteristics.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
Obligation 4
Prohibit the placing on the market, putting into service, or use of AI systems for predicting criminal offense risk based solely on profiling or personality traits, excluding systems supporting human assessment based on objective facts.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
- Exemptions
- AI systems used to support human assessment based on objective and verifiable facts directly linked to criminal activity
Obligation 5
Prohibit the placing on the market, putting into service, or use of AI systems that create or expand facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
Obligation 6
Prohibit the placing on the market, putting into service, or use of AI systems to infer emotions in workplace and education institutions, except for medical or safety reasons.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Sector scope
- workplace, education
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
- Exemptions
- Use intended for medical or safety reasons
Obligation 7
Prohibit the placing on the market, putting into service, or use of biometric categorisation systems to deduce race, political opinions, trade union membership, religious beliefs, sex life, or sexual orientation, excluding lawful law enforcement labeling/filtering.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
provider, deployer
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
- Exemptions
- Labelling or filtering of lawfully acquired biometric datasets in the area of law enforcement
Obligation 8
Prohibit the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement, unless strictly necessary for specific objectives like searching for victims, preventing imminent threats, or locating suspects of serious crimes.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
- Exemptions
- Strictly necessary for targeted search for victims/missing persons, prevention of imminent threats/terrorist attacks, or localization of suspects of serious crimes
Obligation 9
Ensure that the use of real-time remote biometric identification systems for law enforcement is deployed only to confirm the identity of specifically targeted individuals and takes into account the nature of the situation and consequences for rights and freedoms.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 10
Comply with necessary and proportionate safeguards and conditions in national law regarding temporal, geographic, and personal limitations when using real-time remote biometric identification systems for law enforcement.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
comply
- Deadline
-
—
- Penalty
-
—
Obligation 11
Complete a fundamental rights impact assessment as provided for in Article 27 before authorizing the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
assess
- Deadline
-
prior to use
- Penalty
-
—
Obligation 12
Register the real-time remote biometric identification system in the EU database according to Article 49 before use, unless in a duly justified case of urgency where registration must be completed without undue delay.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
register
- Deadline
-
prior to use, or without undue delay in cases of urgency
- Penalty
-
—
- Exemptions
- Duly justified cases of urgency
Obligation 13
Obtain prior authorization from a judicial or independent administrative authority for each use of real-time remote biometric identification systems for law enforcement, issued upon a reasoned request.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
obtain authorization
- Deadline
-
prior to use
- Penalty
-
—
- Exemptions
- Duly justified situations of urgency
Obligation 14
Request authorization without undue delay, at the latest within 24 hours, if the use of real-time remote biometric identification systems is commenced in a duly justified situation of urgency without prior authorization.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
request
- Deadline
-
within 24 hours
- Penalty
-
—
Obligation 15
Stop the use of the system with immediate effect and immediately discard and delete all data, results, and outputs if the authorization for real-time remote biometric identification is rejected.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
law enforcement authority
- Sector scope
- law enforcement
- Action required
-
stop, delete
- Deadline
-
immediate effect
- Penalty
-
—
Obligation 16
Grant authorization for real-time remote biometric identification only if satisfied that the use is necessary and proportionate to achieving specified objectives, limited to what is strictly necessary regarding time, geography, and personal scope.
Regulation (EU) 2024/1689, Article 5, Article 5
- Obligated entity
-
judicial authority, independent administrative authority
- Sector scope
- law enforcement
- Action required
-
grant
- Deadline
-
—
- Penalty
-
—
§ Deadlines
EU AI Act compliance deadlines
-
2025-02-02
Article 4 AI literacy
in_force
-
2025-02-02
Article 5 prohibitions (unacceptable risk)
in_force
-
2025-08-02
GPAI model obligations (Articles 51 to 56)
in_force
-
2026-08-02
Article 50(2) machine-readable marking (watermarking) of AI-generated content
provisionally_amended
-
2026-08-02
Article 50 transparency obligations OTHER than the 50(2) marking grace (for example disclosure that a user is interacting with an AI system)
scheduled
-
2026-08-02
Annex III stand-alone high-risk obligations
provisionally_amended
-
2026-08-02
National AI regulatory sandboxes (establishment deadline)
provisionally_amended
-
2026-12-02
NEW Article 5 prohibition: AI generation of non-consensual intimate imagery (NCII) and CSAM
provisionally_amended
-
2027-08-02
Annex I embedded (regulated-product) high-risk obligations
provisionally_amended
§ Frequently asked
Questions about Article 5
Who must comply with Article 5 of the AI Act?
+
deployer, independent administrative authority, judicial authority, law enforcement authority, provider.
What does Article 5 of the AI Act require?
+
prohibit ensure comply
What is the compliance deadline for AI Act Article 5?
+
immediate effect; prior to use; prior to use, or without undue delay in cases of urgency; within 24 hours