Brief IA

AI Act: AI Bans Redefining Innovation

⚖️ Regulation & Ethics·Tom Levy·

AI Act: AI Bans Redefining Innovation

AI Act: AI Bans Redefining Innovation
Key Takeaways
1The AI Act prohibits certain uses of AI to protect fundamental rights, with no possibility of compliance.
2Article 5 of the AI Act bans six categories of AI uses, including cognitive manipulation and social scoring.
3Companies must document abandoned projects to demonstrate their compliance with the regulations of the AI Act.
💡Why it mattersThese prohibitions force companies to rethink their innovation strategies while adhering to strict ethical standards.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

The AI Act and Its Absolute Bans

The AI Act, a crucial piece of European legislation, imposes strict restrictions on certain uses of artificial intelligence (AI) that threaten individuals' fundamental rights. These bans are absolute, meaning that no audit or security measure can make them acceptable. Affected companies must therefore abandon these projects, even if they seem promising. Additionally, they are required to document these renunciations and incorporate these limitations into an AI charter compliant with the General Data Protection Regulation (GDPR).

Article 5 of the AI Act specifically targets uses that infringe upon fundamental rights, thus compelling companies to forgo certain projects. Anne-Angélique de Tourtier, a specialist in privacy protection and AI governance, explains that these prohibitions are immutable and that it is crucial to identify them early in the development phases.

The Six Categories of Banned Uses Under Article 5

The AI Act does not attack the technology itself but rather its potential impacts on humans. Article 5 lists six categories of banned uses whenever they undermine dignity, privacy, equality, or justice.

Cognitive manipulation is one of the primary concerns. For instance, a video game that uses subliminal messages to encourage a child to engage in dangerous behaviors is prohibited under Article 5, paragraph 1.a.

Next, exploiting vulnerabilities is also prohibited. This includes algorithms that detect financial fragility to push an individual into taking out a toxic loan, as stipulated in Article 5, paragraph 1.b.

Social scoring, which involves evaluating citizens based on their behavior, is firmly rejected by Europe. Article 5, paragraph 1.c, bans this model of citizen rating. Furthermore, the use of real-time biometric recognition in public spaces for repressive purposes is prohibited, except in cases of imminent terrorist threats, as specified in Article 5, paragraph 1.h.

Individual predictive policing, which attempts to forecast future offenses based solely on profiling a person, is also banned by Article 5, paragraph 1.e.

Finally, emotional inference, whether in the workplace or educational institutions, is prohibited. Assessing an employee's fatigue or engagement based on their facial expressions violates Article 5, paragraph 1.f.

Anne-Angélique de Tourtier emphasizes that while these categories are clearly defined, the real challenge lies in legal interpretation. Concepts such as "manipulation" can be vague and subject to varied interpretations.

Distinction Between Prohibition and High Risk

High-risk systems, listed in Annex III of the AI Act, are allowed under certain strict conditions. They require rigorous documentation, regular audits, constant oversight, and mandatory human intervention.

"For banned uses, there is no possibility of compliance. It's a categorical refusal," states Anne-Angélique de Tourtier. Many companies have not yet fully integrated this reality and continue to believe they can adjust any project to make it compliant.

The GDPR had already established solid foundations with Article 22 concerning automated decisions; AI is now following a similar trajectory. However, even initially well-intentioned projects can quickly become legally problematic.

Anne-Angélique illustrates this point with the example of an organization wishing to use a voice analysis tool in its customer service to help agents better manage stress. While this seems like an optimization, if this tool infers emotions without a legal basis or is used to evaluate the agent, it could violate the prohibition on emotional inference in the workplace.

She also reminds us that AI is not inherently intelligent; it simply reflects the data it is provided. Thus, using biased or poor-quality data can lead AI to draw incorrect conclusions. This is where the role of the Data Analyst, in collaboration with a Digital Ethic Officer, becomes essential to monitor the data used by AI.

Managing rules and conducting regular audits for biases, in accordance with Article 10, are crucial to ensure that the machine does not introduce indirect discrimination through indirect means.

Shadow AI and Opacity of Cloud Solutions

Some prohibited technologies may be integrated into cloud or data solutions without the buyer's awareness. For example, "smart" video surveillance may analyze the gender or emotions of passersby in the background.

"This is the trap of 'Shadow AI'... The risk is technical, but the responsibility remains legal," explains Anne-Angélique de Tourtier. However, she reassures that this major issue will need to evolve.

Providers will be required to provide mandatory notices by summer 2026. Companies must demand rigorous documentation and contractual transparency.

"A small or medium-sized enterprise will likely not have the means to audit the source code of a cloud giant, and total transparency may be a technical illusion. But mastering it means at least seeking to emerge from opacity: knowing what you are buying, demanding serious documentation, and ensuring contractual transparency."

Documenting the renunciation then becomes a sign of maturity. The AI Act requires tracking abandoned projects for reasons of prohibition.

"Documenting why you decided not to launch a project proves to the regulatory authority that your governance is functioning. Saying, 'We identified this risk and we renounced this use' is a sign of a responsible company," explains Anne-Angélique.

This document also serves as a future reference: it justifies a potential restart under strict conditions or a continued halt.

Building a Sustainable Trust Foundation

The AI Act indirectly imposes close collaboration between innovation, data, and the DPO (Data Protection Officer). The DPO no longer acts at the end of the chain.

"For compliance to no longer be a technical check imposed at the end of a project, it must become an initial collaboration: the DPO is not a censor but a co-pilot who helps Data and Innovation teams build a lasting trust foundation."

The challenge lies in confronting the legislative maze with the reality on the ground. According to this Adequacy expert, it is possible to compete with the giants across the Atlantic while respecting our rules. "It's a bold bet: to prove that we can combine performance, compliance, and ethics."

"But without massive investment from public authorities in our national and European solutions, dominant AI systems will remain an obvious temptation. Compliance is our lifeline: it prevents us from building on unstable foundations and having to unplug everything the day the system becomes uncontrollable," she adds.

Finally, an AI charter must obviously align with GDPR policy. This alignment sets the prohibitions even when the technology allows them.

"This document must become as essential as the internal regulations. It is what transforms a legal constraint into a strong corporate culture," insists Anne-Angélique de Tourtier.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.