A Fortune 500 HR Buyer Just Asked Whether Your AI Recruitment Tool Uses Any Practice Banned by the EU AI Act: Answering the Article 5 Prohibited AI Questions

The legal review arrived three weeks before the contract renewal. A Fortune 500 company's procurement and legal team had added a new section to their vendor questionnaire:

"Please confirm whether any component of your AI hiring or recruitment product uses practices that would be prohibited under EU AI Act Article 5. Specifically: does your system use subliminal manipulation, exploit psychological vulnerabilities, perform social scoring, or use real-time biometric identification in publicly accessible spaces? Provide documentation of your system architecture and confirm compliance."

Your sales team forwarded it to your engineering lead. Engineering forwarded it to you.

Article 5 is the part of the EU AI Act that draws the hardest lines. It defines practices that are prohibited outright — not regulated, not subject to conformity assessment, but banned. For an HR tech CTO, understanding what Article 5 actually says — and being able to answer clearly — is the difference between a clean vendor response and a deal that stalls in legal review.

Here is what Article 5 prohibits and how to answer each category.

What Article 5 Actually Prohibits

Article 5 of the EU AI Act lists AI practices that are forbidden in the EU market. There are several categories. The ones most relevant to HR tech are:

Subliminal manipulation (Article 5(1)(a)): AI systems that deploy subliminal techniques beyond a person's consciousness in a way that materially distorts their behaviour and causes or is likely to cause harm. The key elements are: subliminal (beyond conscious awareness), distorts behaviour, and causes harm. A job description generator that optimises language for clarity does not qualify. An AI that embeds covert influence patterns to make candidates agree to worse contract terms would.

Exploitation of vulnerabilities (Article 5(1)(b)): AI systems that exploit vulnerabilities of specific groups — due to age, disability, or social or economic situation — in a way that distorts their behaviour and causes or is likely to cause harm. A tool designed to present job offers differently to candidates from economically precarious backgrounds in ways that harm them would fall here.

Social scoring (Article 5(1)(c) and (d)): General-purpose social scoring by public authorities is prohibited. Private-sector employee or candidate scoring systems are a separate question — they are not prohibited under Article 5 per se, but they may be regulated as high-risk AI under Annex III, and they are subject to other protections including Article 86 individual transparency rights.

Real-time remote biometric identification in publicly accessible spaces (Article 5(1)(h)): Broadly prohibited for law enforcement purposes. Not directly relevant to standard HR software, but worth confirming if your product includes any live facial recognition or biometric verification features used during in-person hiring events.

The Four Questions in the Procurement Section — and How to Answer Them

"Does your system use subliminal manipulation?"

If your product uses any form of personalised messaging, psychometric modelling, or nudge-based communication, the question is whether it operates below conscious awareness in ways that harm candidates. Standard features like interview coaching tips, candidate experience scoring, or AI-suggested job matches based on stated preferences do not meet this bar. The honest answer, for most HR tech products, is: no — and here is why.

A clean response states: "Our system does not deploy subliminal techniques as defined in Article 5(1)(a). All AI-generated content presented to candidates — job recommendations, interview guidance, assessment feedback — is presented transparently and is perceivable to the candidate. We do not embed covert influence mechanisms."

"Does your system exploit psychological vulnerabilities?"

Article 5(1)(b) targets deliberate exploitation of vulnerabilities that causes harm. If your product includes any adaptive communication features — for example, personalising outreach based on candidate profiles — explain what signals it uses and whether harm mitigation was assessed. A well-structured answer references your data use documentation and your bias testing results.

A clean response states: "Our system does not exploit vulnerabilities as defined in Article 5(1)(b). Candidate-facing communications are designed to be informative and neutral. Our training and validation process includes adversarial testing for outputs that could cause harm to vulnerable groups."

"Does your system perform social scoring?"

This question is often the most fraught, because "scoring" is a broad term. Article 5's social scoring prohibition targets AI that evaluates natural persons based on social behaviour or personal characteristics in a general-purpose way that leads to detrimental or unfavourable treatment in unrelated contexts. A candidate fit score for a specific job role is not the same as general-purpose social scoring.

A clean response states: "Our system generates candidate-relevance scores for specific job requisitions only. Scores are not aggregated across unrelated roles or used to create general-purpose profiles of individuals' social behaviour. We are not a social scoring system within the meaning of Article 5(1)(c)."

If your product does generate general candidate quality or 'talent tier' scores that persist across roles and employers — that is a design choice worth reviewing before the next procurement cycle.

"Does your system use real-time biometric identification?"

Standard ATS, skills assessment, and applicant tracking products do not. If your product includes any video interview feature with live emotion detection or identity verification, confirm whether it is used in real time and whether the use is technically covered by Article 5(1)(h) or falls under a permitted exception.

What the Buyer Actually Wants from Your Response

The Fortune 500 legal team is not expecting to find prohibited AI in your product. They are doing what good procurement teams now do: creating a paper trail that confirms their AI Act due diligence. They need a vendor who can respond precisely.

Your goal is a written attestation that maps each Article 5 category to a clear factual statement about your architecture. No vague reassurances. No "we comply with all applicable regulations." A clean structured response that shows you understand what Article 5 says and have assessed your product against it.

That is what Complizo's questionnaire answer engine produces — precise, referenced responses tied to the actual regulation, in the format your procurement counterpart needs to close their checklist.

Try Complizo free at complizo.com

A Fortune 500 HR Buyer Just Asked Whether Your AI Recruitment Tool Uses Any Practice Banned by the EU AI Act: Answering the Article 5 Prohibited AI Questions

What Article 5 Actually Prohibits

The Four Questions in the Procurement Section — and How to Answer Them

What the Buyer Actually Wants from Your Response

Comments

More from this blog

A BigLaw Firm Just Asked What Proprietary Information Your AI Contract Analysis Tool Must Disclose If a Market Surveillance Authority Requests It Under Article 78: Here's How to Answer

A European Challenger Bank Just Asked Whether Redistributing a Third-Party AI Fraud Model Makes You a Distributor Under Article 32 of the EU AI Act: Here's How to Answer

A German Manufacturer Just Asked Whether Your US-Built AI Talent Screening Tool Has an EU Importer Under Article 31 of the EU AI Act: Here's How to Answer

Test Title

A Magic Circle Firm Just Asked Which Parts of Your AI Contract Review Tool's Technical File You Can Keep Confidential During a Market Surveillance Audit: Answering the Article 78 Questions

Command Palette

What Article 5 Actually Prohibits

The Four Questions in the Procurement Section — and How to Answer Them

What the Buyer Actually Wants from Your Response

Comments

More from this blog