On 2 February 2025, Chapters I and II of the European Artificial Intelligence Act (AI Act) will come into effect, marking the first enforcement stage since the Act’s entry into force on 1 August 2024. While the initial date introduced the framework without immediate obligations, February 2025 brings binding measures, including the prohibitions outlined in Chapter II.
Chapter II of the EU AI Act targets AI applications that pose “unacceptable risks” to individuals and society. Key prohibited practices include:
- Social Scoring Systems: Prohibited are AI systems that evaluate or score individuals based on their social behavior, personal characteristics, or predicted outcomes, mainly when such systems result in unfair or disproportionate treatment.
- Subconscious Manipulation: AI systems designed to exploit vulnerabilities in individuals’ cognition, such as through subliminal techniques, to distort their behavior in ways that cause harm materially are strictly banned.
- Real-Time Remote Biometric Identification in Public Spaces: The use of AI for real-time remote biometric identification (e.g., facial recognition) for the purposes of law enforcement in publicly accessible spaces is prohibited, except in narrowly defined cases related to serious crimes or national security.
- Risk Assessments of a Person for Predicting Criminal Behavior: AI systems used to assess or predict an individual’s risk of committing a crime based solely on profiling or personality traits are prohibited.
- Biometric Categorization: AI systems that categorize individuals based on their biometric data to infer sensitive attributes, such as race, political opinions, religious beliefs, or sexual orientation, are prohibited. This prohibition does not cover labeling or filtering of lawfully acquired biometric datasets or categorizing biometric data in law enforcement.
Non-compliance with the prohibitions outlined in Chapter II, which addresses harmful AI practices, carries significant financial penalties. Offenders may face administrative fines of up to €35,000,000 or 7% of their total worldwide annual turnover for the preceding financial year, whichever is higher. Small and medium-sized enterprises benefit from certain concessions, with fines capped at lower amounts or percentages to account for their economic capacity.
With Chapter II now enforceable, national authorities across the EU must ensure robust compliance mechanisms. The Act’s extraterritorial scope means that businesses operating in the EU, as well as those placing AI systems on the EU market or affecting EU users, must align with its requirements to avoid legal and financial repercussions.
Conclusion
Don’t wait until the last minute (especially since it is just a few days away) – ensure that your organization complies with the law now. Mapping your AI systems and assessing their compliance, as well as verifying that your business activities do not fall under the prohibited categories, are crucial steps in mitigating regulatory risks and avoiding substantial fines. If you are unsure whether your activities are subject to these prohibitions, you’re welcome to consult Shibolet’s AI Practice.
Please be advised that this document is intended solely to provide a general overview of selected aspects of the law and is not comprehensive in nature. It is not intended to cover all provisions, nuances, and exceptions of the law, and should not be used as a substitute for thorough legal analysis or advice, to also be based on the specifics of the matter. The contents of this document are for informational purposes only and do not constitute legal advice. The information provided in this document should not be used as a basis for making any legal, business, or other decisions, and reliance upon it is at the reader’s own risk.
