§ EU AI Act · Article 5

AI Act Article 5: Obligations, Deadlines & Penalties

Regulation (EU) 2024/1689, Article 5 · All obligations · EU AI Act · Full article analysis
At a glance
Article 5 of the AI Act imposes 16 obligations on deployer, independent administrative authority, judicial authority and 2 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 5

Obligation 1
Prohibit the placing on the market, putting into service, or use of AI systems that deploy subliminal techniques or purposefully manipulative/deceptive techniques to materially distort behavior and cause significant harm. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Action required
prohibit
Deadline
Penalty
Obligation 2
Prohibit the placing on the market, putting into service, or use of AI systems that exploit vulnerabilities of natural persons or groups due to age, disability, or social/economic situation to materially distort behavior and cause significant harm. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Action required
prohibit
Deadline
Penalty
Obligation 3
Prohibit the placing on the market, putting into service, or use of AI systems for social scoring that leads to detrimental or unjustified treatment of persons based on social behavior or personal characteristics. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Action required
prohibit
Deadline
Penalty
Obligation 4
Prohibit the placing on the market, putting into service, or use of AI systems for predicting criminal offense risk based solely on profiling or personality traits, excluding systems supporting human assessment based on objective facts. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Action required
prohibit
Deadline
Penalty
Exemptions
AI systems used to support human assessment based on objective and verifiable facts directly linked to criminal activity
Obligation 5
Prohibit the placing on the market, putting into service, or use of AI systems that create or expand facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Action required
prohibit
Deadline
Penalty
Obligation 6
Prohibit the placing on the market, putting into service, or use of AI systems to infer emotions in workplace and education institutions, except for medical or safety reasons. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Sector scope
workplace, education
Action required
prohibit
Deadline
Penalty
Exemptions
Use intended for medical or safety reasons
Obligation 7
Prohibit the placing on the market, putting into service, or use of biometric categorisation systems to deduce race, political opinions, trade union membership, religious beliefs, sex life, or sexual orientation, excluding lawful law enforcement labeling/filtering. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
provider, deployer
Action required
prohibit
Deadline
Penalty
Exemptions
Labelling or filtering of lawfully acquired biometric datasets in the area of law enforcement
Obligation 8
Prohibit the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement, unless strictly necessary for specific objectives like searching for victims, preventing imminent threats, or locating suspects of serious crimes. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
prohibit
Deadline
Penalty
Exemptions
Strictly necessary for targeted search for victims/missing persons, prevention of imminent threats/terrorist attacks, or localization of suspects of serious crimes
Obligation 9
Ensure that the use of real-time remote biometric identification systems for law enforcement is deployed only to confirm the identity of specifically targeted individuals and takes into account the nature of the situation and consequences for rights and freedoms. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
ensure
Deadline
Penalty
Obligation 10
Comply with necessary and proportionate safeguards and conditions in national law regarding temporal, geographic, and personal limitations when using real-time remote biometric identification systems for law enforcement. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
comply
Deadline
Penalty
Obligation 11
Complete a fundamental rights impact assessment as provided for in Article 27 before authorizing the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
assess
Deadline
prior to use
Penalty
Obligation 12
Register the real-time remote biometric identification system in the EU database according to Article 49 before use, unless in a duly justified case of urgency where registration must be completed without undue delay. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
register
Deadline
prior to use, or without undue delay in cases of urgency
Penalty
Exemptions
Duly justified cases of urgency
Obligation 13
Obtain prior authorization from a judicial or independent administrative authority for each use of real-time remote biometric identification systems for law enforcement, issued upon a reasoned request. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
obtain authorization
Deadline
prior to use
Penalty
Exemptions
Duly justified situations of urgency
Obligation 14
Request authorization without undue delay, at the latest within 24 hours, if the use of real-time remote biometric identification systems is commenced in a duly justified situation of urgency without prior authorization. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
request
Deadline
within 24 hours
Penalty
Obligation 15
Stop the use of the system with immediate effect and immediately discard and delete all data, results, and outputs if the authorization for real-time remote biometric identification is rejected. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
law enforcement authority
Sector scope
law enforcement
Action required
stop, delete
Deadline
immediate effect
Penalty
Obligation 16
Grant authorization for real-time remote biometric identification only if satisfied that the use is necessary and proportionate to achieving specified objectives, limited to what is strictly necessary regarding time, geography, and personal scope. Regulation (EU) 2024/1689, Article 5, Article 5
Obligated entity
judicial authority, independent administrative authority
Sector scope
law enforcement
Action required
grant
Deadline
Penalty
§ Deadlines

EU AI Act compliance deadlines

§ Frequently asked

Questions about Article 5

Who must comply with Article 5 of the AI Act? +
deployer, independent administrative authority, judicial authority, law enforcement authority, provider.
What does Article 5 of the AI Act require? +
prohibit ensure comply
What is the compliance deadline for AI Act Article 5? +
immediate effect; prior to use; prior to use, or without undue delay in cases of urgency; within 24 hours
Need a cross-border briefing on AI Act Article 5?
Search Fontvera ↵
All EU obligation pages  ·  All EU AI Act articles  ·  AI Act Article 5 deep analysis