EU AI Act — one year of Art. 5: what has been withdrawn, what is still sold, where the first sanction is

On 2 February 2026 Art. 5 of Regulation (EU) 2024/1689 turns one year of applicability. We covered the Regulation when it entered into force in August 2024 and, in detail, the day Art. 5 became enforceable. This post looks back twelve months with two concrete questions: which products have been withdrawn from the EU market under threat of the prohibition, and which national authority has started to take pieces.

Short answer: most compliance has been silent and contractual, not by sanction. Vendors have disabled features for EU clients without public statement, others keep selling what the text prohibits, and the first public national fine under Art. 5 has yet to land. The law has entered application; the enforcement practice is only just being built.

Reading: state-of-play analysis at end of January 2026, drawing on material from AESIA, CNIL, Garante, BfDI and legal commentators. For binding decisions one must go to the text of the Regulation and the guidance of the competent authority.

The date and why retrospection matters

Reminder of the Art. 113 calendar:

Two important nuances for the retrospective:

• Art. 5 applicability landed on 2 February 2025, but the Art. 99 sanctions regime and the designation of national authorities with inspection power only came into effect on 2 August 2025. Between February and August 2025 there were six months of substantive prohibition without administrative muscle. That explains much of the lag in sanctions.
• As of end of January 2026, no national authority has published a public sanctioning decision specifically under Art. 5. What there is: jurisdictional announcements, public consultations, local guidelines and sotto voce withdrawals of features.

The market picture at 12 months — what happened with each category

Sweep through the eight prohibitions of Art. 5(1). For each: what products clearly landed inside, what has been withdrawn or reconfigured, what is still offered.

5(1)(a) — Subliminal techniques / purposeful manipulation

Category with a high probative bar (the four cumulative tests). In 2025 there was no public withdrawal case under (a) — enforcement has stayed in traditional dark patterns territory under DSA and national UCP practices. The Commission’s Guidelines of 4 February 2025 remain the interpretive reference; no market surveillance authority has publicly declared “this falls under 5(1)(a)“.

Worth keeping the context: the boundary between (a) and the unfair commercial practices regime under Directive 2005/29 is blurred. In Q3 2025 some consumer protection authorities (UK CMA, Ireland’s CPC) opened proceedings against companionship chatbots with emotional escalation, but the proceedings are under UCP, not Art. 5. That coordination will have to be clarified in 2026.

5(1)(b) — Exploitation of vulnerabilities

Equally quiet on sanctions. The UK Gambling Commission was already running its enforcement line; Art. 5(1)(b) reinforces but adds no new withdrawn product. What has changed: compliance teams at online gambling operators licensed in Malta or Gibraltar have disabled segmentation by problem-gambling behavioural markers for EU users. The action is not public because it is not an administrative decision; it is contractual with the targeting-engine vendor.

5(1)(c) — Social scoring

The most politically visible prohibition, the rarest in product. No documented case in 2025 of a cross-context trust score aggregation platform having to withdraw. US tenant screening platforms (RentGrow, RealPage) still do not formally operate in the EU market, which takes them out of the analysis. Gig worker rating platforms (Uber, Glovo, Deliveroo) have scoring systems bounded to the platform context, which dodges the Art. 5(1)(c) scope — the scoring isn’t sold to external sectors.

5(1)(d) — Predictive policing by profiling

The boundary between prohibition (d) and high-risk Annex III point 6 remains the operational friction. What has shaken out in 2025:

• Geographic predictive policing (PredPol-style hot-spot analysis) does not fall under (d) — the system predicts locations, not individuals. Confirmed in the Guidelines of 4 February 2025 and in subsequent academic doctrine. Dozens of municipal deployments in France, Italy and the Netherlands remain operational. By 2 August 2026 they enter as Annex III point 6.
• Pure individual risk scoring (based on profile only) has disappeared from the public catalogue of providers operating in the EU. The Dutch SKL and similar tools shifted to decision support mode with mandatory factual basis from Q1 2025.
• Fair Trials publishes in March 2025 an analysis criticising the prohibition as a paper tiger in practice — the solely in the text is read restrictively, leaving outside the prohibition systems that, in practice, decisively influence the human agent’s output.

5(1)(e) — Indiscriminate facial scraping

Here is where there has been real movement and a live edge case. Clearview AI still does not operate in the EU market but has also not paid the GDPR fines of 2022-2024 totalling over €110 million. In October 2025, NOYB files a criminal complaint against Clearview AI in Austria for ignoring administrative data protection decisions in the EU. The complaint relies on Art. 5(1)(e) AI Act as an aggravating factor.

What this lays bare: Art. 5(1)(e) is a prohibition norm without effective enforcement instrument when the subject has no establishment in the EU. Clearview AI has spent a year and a half saying “we don’t operate in the EU”. As long as no Member State opens criminal proceedings or executes asset seizure, the prohibition remains declarative law.

PimEyes moves the opposite way: in Q2 2025 it announces a reinforced opt-out policy and minor-search filters, explicitly withdrawing access for EU users without additional verification. Not a full withdrawal but visible self-restraint to avoid proceedings.

5(1)(f) — Emotion inference at work and in education

The prohibition with most visible compliance pathology. The category is clear: emotion inferred on a person in the workplace or educational institution. The Guidelines of 4 February 2025 extend “workplace” to selection processes (video-based candidate analysis interviews).

What has moved during 2025:

• HireVue officially removed its emotion-based assessments from its commercial product back in 2021 (public statement by Lindsey Zuloaga, Chief Data Scientist at HireVue, January 2021). Its product from 2022 onwards uses competency-based and code-based assessments. The AI Act, in this case, validates a market decision already taken.
• Cognisess, Cogito, Emotiv and similar keep offering emotion analytics to contact centres and enterprise. UC Today sector analysis in Q3-Q4 2025 concludes that many vendors continue selling and demonstrating the feature at EU trade shows — without any documented public withdrawal case under Art. 5(1)(f). Some vendors have “hidden” the feature in European builds without public communication; others keep it explicit.
• In Spain, the Italian Garante, French CNIL and AEPD/AESIA have not published warnings or specific proceedings against contact-centre emotion analytics vendors during 2025.

What remains for 2026: CNIL has explicitly taken jurisdiction over workplace emotion recognition within the French AI Act enforcement regime, and is expected to be the first EU national authority to publish a sanctioning decision against a category vendor — announcement or proceeding expected in H1 2026 according to legal commentators on Lexology and Bird & Bird.

5(1)(g) — Biometric categorisation by sensitive categories

Category with fewer public cases. Systems inferring sensitive attributes (sexual orientation, religion, political opinion) from biometrics aren’t a major commercial category in the EU market — the Stanford “gaydar” paper of 2017 remained an academic example, not a product. What did happen in 2025: retail analytics vendors removed ethnicity inference for shopper segmentation from European products, while keeping “age” and “perceived gender” under the — still debated — reading that they are not sensitive categories under Art. 9 GDPR. Ethnicity inference disappears from the active catalogue of Cognitec, Sightcorp and similar for EU customers.

5(1)(h) — Real-time remote biometric identification in publicly accessible spaces for law enforcement

The category with most media coverage and slowest practical enforcement. What has moved in Spain, France, Italy and Germany:

• Spain — as of end of January 2026, the Draft Law for the good use and governance of Artificial Intelligence remains in parliamentary procedure after Council of Ministers approval (March 2025). Without national law regulating the Art. 5(5) exceptions, Spanish police forces cannot deploy real-time remote biometric identification under any of the three grounds permitted by the Regulation.
• France — the experimental vidéosurveillance algorithmique device deployed for the Paris 2024 Olympics expired under its specific legal regime in March 2025. The discussion of extending the regime to a permanent framework under the AI Act is politically complicated; as of end of 2025 there is no French national law enabling the Art. 5(1)(h) exceptions beyond the ordinary judicial investigation regime.
• Italy — Law No. 132/2025 (in force since 10 October 2025) regulates the AI Act at national level. The Art. 5(1)(h) exception regime is incorporated into the text but operations require case-by-case judicial authorisation under the Italian procedural regime. Live FR deployments by Italian municipal police remain suspended.
• Germany — transposition through the federal draft law designates Bundesnetzagentur (not the BfDI) as the main market surveillance authority. The BfDI retains specific jurisdiction over personal data processing under GDPR. The friction between the two authorities in live FR cases is under consultation.

National authorities — the real map as of February 2026

The enforcement friction of year one lies in the extreme decentralisation of the enforcement authority. Each Member State designates its own market surveillance authority, its own procedural sanctions regime, and keeps separate sectoral authorities (DPA, consumer authorities, police authorities).

Spain — AESIA

AESIA closes 2025 with no public Art. 5 sanction and no individualised public inspection. What it does publish:

• Regulatory sandbox. In April 2025, AESIA selects 12 high-risk systems (essential services, biometrics, employment, critical infrastructure, machinery, healthcare) for 12 months of sandboxing. Results feed the guidelines published in December.
• 16 practical guides. On 16 December 2025 AESIA publishes 16 guidelines on risk management, data governance, transparency, cybersecurity, human oversight and conformity. Orientational material, not sanctioning decisions.
• No public Art. 5 sanction. As of end of January 2026, no individual sanctioning resolution has been published by AESIA against any system under Art. 5.

The national sanctions regime is still pending the draft law in procedure. Until it enters into force, the procedural sanctions regime is the directly applicable Regulation plus the general administrative regime — a poorly operational situation for active inspection.

France — CNIL

CNIL takes a more visible stance. From February 2025 it publishes a series of Q&As and guidelines on the AI Act. Jurisdictional split: the French regime designates CNIL as the principal authority for personal-data processing under the AI Act that overlaps with GDPR, and specifically for emotion recognition at work and in education under Art. 5(1)(f).

In Q4 2025, CNIL opens a public consultation on legitimate interest as a legal basis for AI system development, without a specific Art. 5 sanction published. Legal commentators place CNIL as the authority most likely to produce the first public Art. 5 decision during H1 2026, especially in emotion recognition.

Italy — Garante

Garante remains active outside strict Art. 5. The sanction against Replika (Luka Inc.) for GDPR non-compliance with a chatbot directed at minors, reaffirmed in 2025, is the most visible case. The reasoning collaterally touches Art. 5(1)(b) AI Act — exploitation of vulnerability by age — although the formal legal basis is GDPR.

The Italian Law No. 132/2025 adds an obligation to notify the Garante 30 days before operating certain AI systems; if the Garante does not block, the system can operate. An activatable regime for systems in the grey zone of Art. 5.

Germany — Bundesnetzagentur + BfDI

Bundesnetzagentur assumes the role of principal market surveillance authority under the federal implementation draft. BfDI retains jurisdiction over personal data processing by federal institutions and designated sectors. The German split competence is the most complex of the four big ones; no public Art. 5 sanction in 2025. A sanctioning decision on the level of the German GDPR regime (Bundeskartellamt fines, state Datenschutzbehörden decisions) on pure AI Act: pending.

Table — year one on one page

Reading: silent compliance via feature withdrawal, minimal public enforcement, interpretive friction pending between the AI Act and the rest of the stack (GDPR, DSA, national laws).

What year one teaches operationally

For a compliance team (CISO, DPO, AI governance lead), six readings from year one:

1. The Art. 5 regime prohibits, it doesn’t require notification. There is no duty to declare to an authority that a feature has been withdrawn under (f) or (g). Compliance is self-declared and internal audit trail. When inspection arrives, the internal documentation of the withdrawal decision (with date, scope, legal justification) is the main defence.
2. Vendor due diligence is the real frontier. Most withdrawals have been executed through contractual pressure customer → vendor, not by sanction. AI Act compliance clauses in enterprise contracts with SaaS vendors must be explicit about Art. 5: vendor declares not to operate prohibited practices, pays remediation if it does, indemnifies for derived sanctions.
3. National authorities are still forming. Year one has been capacity building, not enforcement. AESIA with 16 guidelines, CNIL with Q&As, Garante with the Italian regime — orientational material. Anyone waiting “to see what the regulator does” is still waiting.
4. Coordination with GDPR is still the shortest path. Where Art. 5 AI Act overlaps with GDPR (sensitive categories, biometrics, automated decision-making Art. 22), national authorities prefer to act under GDPR — consolidated regime, case law, proven sanctions. Clearview AI is the exemplary case: GDPR fines > €110 million, no AI Act sanction yet.
5. CNIL is the actor to watch in H1 2026. The first public Art. 5 sanctioning decision will most likely come from CNIL, most likely under (f) — emotion recognition in selection processes or call centres with candidate/employee on French territory. To anticipate the sanctioning pattern, follow CNIL’s notes.
6. 2 August 2026 is still the next real milestone. The Annex III high-risk obligations apply in six months. Year one of Art. 5 taught us that enforcement lags; year two will put more market pressure on Annex III than regulator pressure. Annex III providers are preparing technical documentation, FRIA, declarations of conformity and EU registration during H1 2026.

What stays open in 2026

• First public Art. 5 sanction — expected from CNIL in H1 2026.
• Spanish AI governance law — parliamentary procedure, no closed date. Until it is published in the BOE, AESIA operates without its own national sanctions regime.
• Annex III applicability on 2 August 2026 — documentary preparation, FRIA for deployers of essential services (5.b) and credit (5.c).
• AI Act ↔ DSA ↔ GDPR coordination — interpretive friction in dark patterns and automated decision-making. First combined decisions expected throughout 2026.
• GPAI Code of Practice implementation — signatories (OpenAI, Anthropic, Google) report to the AI Office under the Code signed in July-December 2025. GPAI regime effectiveness will be measured in H1 2026.
• Effective withdrawal of emotion analytics in contact centres — pending; if it isn’t sanctioned, the quiet compliance pattern consolidates and vendors keep the product.

References

• Official Regulation (EU) 2024/1689 text: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
• European Commission, Guidelines on prohibited AI practices (4 Feb 2025): https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act
• AESIA — 16 guidelines to support AI Act compliance (16 Dec 2025): https://aesia.digital.gob.es/en/present/20251216-guidelines-published-to-support-compliance-with-the-ai-act
• AESIA — Regulatory sandbox: https://regulations.ai/regulations/spain-2025-4-sandbox-ia
• CNIL — Entry into force of the European AI Regulation: first Q&As: https://www.cnil.fr/en/entry-force-european-ai-regulation-first-questions-and-answers-cnil
• Italy, Legge n. 132/2025 on Artificial Intelligence: https://www.nortonrosefulbright.com/en/knowledge/publications/9bfedfea/italy-enacts-law-no-132-2025-on-artificial-intelligence-sector-rules-and-next-steps
• Fair Trials, Partial ban on predictive policing in the AI Act: https://www.fairtrials.org/articles/news/partial-ban-on-predictive-policing-included-in-final-eu-ai-act/
• AlgorithmWatch, As of February 2025: Harmful AI applications prohibited in the EU: https://algorithmwatch.org/en/ai-act-prohibitions-february-2025/
• NOYB, criminal complaint against Clearview AI (Oct 2025): https://noyb.eu/en/criminal-complaint-against-facial-recognition-company-clearview-ai
• IAPP, AESIA’s AI Guidelines: Spain steps into the AI spotlight: https://iapp.org/news/a/aesia-s-ai-guidelines-spain-steps-into-the-ai-spotlight
• Bird & Bird, AI & the Workplace: Navigating Prohibited AI Practices in the EU: https://www.twobirds.com/en/insights/2025/global/ai-and-the-workplace-navigating-prohibited-ai-practices-in-the-eu
• Previous IRONHACKERS posts:
  • EU AI Act: the 9 December political agreement (Dec 2023)
  • EU AI Act in force: Regulation (EU) 2024/1689 and the operational calendar (Aug 2024)
  • EU AI Act — Art. 5 enters application (Feb 2025)
  • EU AI Act: GPAI obligations (Aug 2025)