Policy Briefing — EU AI Act enforcement begins for prohibited AI practices
From 2 February 2025, EU market surveillance authorities can issue penalties for continued use of AI systems banned under Article 5 of the AI Act, requiring enterprises to maintain evidence of compliance and supervisory engagement plans.
Executive briefing: With Article 5 of the EU AI Act now enforceable, market surveillance authorities can investigate, order cessation, and apply fines for any remaining unacceptable-risk AI systems. Organisations must show documentation of system retirement, access requests, and communication with competent authorities to prove day-one compliance.
Supervisory expectations
- Evidence packs. Regulators may demand logs demonstrating that prohibited systems were disabled before 2 February, including change tickets, model decommissioning records, and third-party attestations.
- Incident response. Operators must notify authorities if prohibited functionality is discovered post-enforcement and describe remediation timelines.
- Cross-border coordination. The European Artificial Intelligence Office and national market surveillance authorities will coordinate enforcement for multinational deployments.
Program actions
- Compliance attestations. Deliver signed statements from accountable executives confirming that Article 5 systems are offline and data retention policies have been executed.
- Vendor assurances. Require contractual attestations from AI suppliers confirming that embedded functionality does not trigger prohibited practices.
- Monitoring controls. Implement continuous monitoring to detect reactivation of prohibited features, feeding alerts into AI governance forums.