Three AI systems got banned last week in the Netherlands. Not suspended, not under review — completely prohibited under the AI Act's early enforcement provisions. The systems in question: predictive policing algorithms that profiled citizens without specific crime indicators.
This isn't theoretical anymore. While most coverage focuses on the AI Act's compliance timelines and risk categories, the legislation's prohibited systems list creates immediate no-go zones that will force enterprises to audit their AI portfolios now, not in 2026.
What makes an AI system prohibited vs high-risk
The AI Act draws a hard line between systems that are banned entirely and those requiring compliance frameworks. Prohibited systems include AI that deploys subliminal techniques to manipulate behaviour, exploits vulnerabilities of specific groups, or enables mass surveillance through biometric identification in public spaces.
Real-time emotion recognition in workplace monitoring falls into this category. So do AI systems that score social behaviour for general-purpose social credit. The list isn't long, but it cuts through common enterprise AI applications faster than most legal teams expect.
High-risk systems get a different treatment — they're allowed but heavily regulated. These include AI in recruitment, credit scoring, and critical infrastructure. The distinction matters because prohibited means prohibited. No amount of governance frameworks or risk mitigation makes these systems compliant.
Where enterprises find prohibited AI hiding
We've worked with clients who discovered prohibited AI embedded in third-party tools they'd been using for months. One manufacturing client found their HR software included real-time emotion analysis during video interviews — a clear violation once the AI Act takes full effect.
Marketing automation platforms present another common violation point. AI systems that create detailed psychological profiles to manipulate purchasing decisions cross the line from personalisation into prohibited manipulation. The boundary isn't always obvious until you map the data flows.
Workplace surveillance tools cause the most compliance headaches. Many employee monitoring systems now include AI components that analyse behaviour patterns, predict performance issues, or flag 'disengagement'. These often qualify as prohibited manipulation or exploit worker vulnerabilities in ways the regulation explicitly bans.
Third-party SaaS creates compliance blind spots
The challenge isn't just internal AI development. Most enterprises use dozens of SaaS tools with AI features they never explicitly requested. Customer service platforms add sentiment analysis. Project management tools introduce predictive scheduling. Video conferencing software starts tracking attention and engagement.
Each addition creates potential compliance exposure. The AI Act doesn't distinguish between AI you build and AI you buy — prohibited systems remain prohibited regardless of who developed them.
Enforcement starts with procurement decisions
Smart enterprises are building AI Act compliance into their procurement processes now, not waiting for full enforcement. This means vendor questionnaires that specifically address prohibited AI features and contract clauses that shift liability for non-compliant AI components.
The procurement approach works because it catches violations before they enter your systems. Once prohibited AI is running in production, the compliance fix often means ripping out entire platforms and finding alternatives.
We're seeing enterprise clients establish AI review boards that evaluate not just new AI projects but existing tool portfolios. The goal isn't perfect compliance by August 2026 — it's identifying and eliminating prohibited systems before they become enforcement targets.
Building compliance into AI architecture
The technical implementation matters as much as the legal interpretation. Prohibited AI often emerges from feature creep rather than intentional development. A customer analytics platform adds emotional inference. A recruitment tool introduces bias-prone personality assessment.
Preventing this requires architectural decisions that separate compliant AI functions from prohibited ones. Data minimisation helps — systems that don't collect psychological profiling data can't accidentally build prohibited manipulation features.
Documentation becomes critical for demonstrating compliance. Enterprises need clear records of what AI systems do, what data they process, and how decisions get made. The AI Act's prohibited systems list includes specific technical requirements that auditors will check against actual implementation.
Container-based AI deployments make compliance easier to verify and modify. When prohibited features get identified, they can be removed without rebuilding entire systems. This architectural approach turns compliance from a legal problem into an engineering solution.
The enterprises that survive AI Act enforcement won't be those with the best lawyers — they'll be the ones who built compliance into their technical architecture before the regulations demanded it. Start with your procurement processes, audit your existing tools, and design new AI systems with prohibited categories in mind. The list isn't changing, but your competitive advantage depends on how quickly you adapt to it.
