AI Social Scoring Is Prohibited Under the EU AI Act — Not High-Risk
AI social scoring is banned under Article 5(1)(c) since 2 Feb 2025 — not high-risk. Fines reach €35M or 7%. Learn what crosses the line and what does not.
The EU AI Act does not regulate social scoring as a high-risk practice you can comply your way through. It bans it. Article 5(1)(c) of Regulation (EU) 2024/1689 places AI-enabled social scoring in the unacceptable-risk tier — alongside subliminal manipulation and real-time remote biometric identification in public spaces. The prohibition has been in force since 2 February 2025. There is no conformity assessment, no technical documentation pack, no transition window. A system that meets the definition must be decommissioned or redesigned.
That distinction matters because the original Annex III framing — treat it like recruitment or credit scoring, gather your documentation, deploy — was wrong. The compliance question here is binary: does your system cross the Article 5(1)(c) line, or not? Everything else flows from that.
What Article 5(1)(c) Actually Prohibits
The statutory text bans AI systems that evaluate or classify natural persons or groups of persons over a period of time based on their social behaviour or known, inferred, or predicted personal or personality characteristics, where the social score leads to detrimental or unfavourable treatment of those persons in social contexts that are either:
(i) unrelated to the context in which the data was originally generated or collected, or
(ii) unjustified or disproportionate to the social behaviour or its gravity.
This requires three elements to be present simultaneously:
1. Evaluation or classification over time. A one-off eligibility check is not automatically social scoring. The prohibition targets systems that build or update a profile of a person across repeated interactions — accumulating a score, rating, or rank that follows them.
2. Based on social behaviour or inferred characteristics. The inputs can be explicit (known conduct) or probabilistic (predicted personality traits). This is deliberately broad. A system trained on payment history, mobility data, social-media activity, energy consumption, civic participation, or consumer behaviour can all qualify, depending on how the score is used.
3. Producing detrimental treatment that is cross-context or disproportionate. This is the operative harm condition. If a low score generated from a person's behaviour in one domain — say, tax compliance or transport punctuality — is then used to restrict their access to housing, healthcare, insurance, or public services in a wholly unrelated domain, the prohibition fires. The same applies where the treatment is disproportionate to what the underlying behaviour actually warranted.
All three elements must be present. Remove any one and the system may fall outside Article 5(1)(c) — though it may still land in the high-risk tier.
Applies to Both Public and Private Actors
A widespread misconception — partly inherited from early drafts of the Act — is that the social scoring prohibition applies only to public authorities, modelled on China's state-run "social credit" system. The final text of Article 5(1)(c) does not restrict it to public bodies. Private companies operating at scale can deploy systems that meet the definition just as easily as a government ministry.
Consider a large retail loyalty-card operator that segments customers into tiers based on years of purchase history, social-media sentiment, and predictive personality scores — then uses those tiers to determine which customers receive mortgage pre-approval referrals or are flagged as ineligible for premium financial products. If the behavioural data was collected in a retail context and is now driving consequential decisions in credit or insurance contexts, Article 5(1)(c) is engaged regardless of whether the operator is a state body or a private group.
The prohibition is sector-neutral and entity-neutral. What matters is the architecture of the system, not the legal form of who runs it.
What Does Not Cross the Line
Understanding the prohibition requires equal precision about what it does not cover. Three important carve-outs and boundary cases:
Creditworthiness and credit scoring are not prohibited social scoring. This is the most practically significant distinction. Assessing whether a person is likely to repay a loan — using financial history, income data, existing debt, and payment behaviour — is a contextually constrained, purpose-limited evaluation. The data is collected for credit purposes and used for credit purposes. That is Annex III, point 5(b): a high-risk use case subject to the full obligation stack (Articles 9–15, 16, 26, 43, 47, 49), but lawful and operable if you meet those requirements. Creditworthiness assessment does not become social scoring simply because it produces a score.
Fraud detection is expressly carved out. Article 5(1)(c) does not apply to AI systems used to detect, prevent, or investigate fraud. A bank's transaction-monitoring system that flags anomalous behaviour in real time is not building a social profile used to restrict access in unrelated domains — it is assessing whether a specific transaction is likely fraudulent. That carve-out is explicit in the Act's structure.
In-context, targeted evaluation within a single service may be permissible. An e-commerce platform that adjusts product recommendations based on a user's browsing and purchase history within that same platform is not cross-context social scoring — the data and the effect stay in the same domain. Whether any specific system qualifies depends on the architecture; the key question is always whether the score or classification escapes the context in which the underlying data arose.
The line is not always obvious in practice, which is why the first compliance task is classification, not documentation.
What Crosses the Line: Illustrative Cases
Cross-domain loyalty scoring. A supermarket chain builds a long-running behavioural profile on each customer and sells tiered access to that profile to insurers, who use it to load premiums. The data was generated in a retail context; the detrimental consequence — higher insurance cost — occurs in a completely different domain. Article 5(1)(c) is engaged on both the chain and the insurer deploying the score.
Civic-behaviour scoring by a local authority. A city installs an AI system that tracks residents' compliance with recycling rules, noise complaints filed against them, and participation in local consultations, generating a "civic responsibility index." Residents with low scores face longer processing times for planning permits or reduced priority for social housing. The data spans multiple civic domains; the consequences apply across services. This is textbook social scoring, and the prohibition applies.
Employer sentiment scoring across job markets. A recruitment intermediary maintains a persistent "reliability score" on individual workers based on feedback from previous employers, social-media tone, and contract-completion patterns. Employers in entirely unrelated sectors query this score when making hiring decisions. The score follows the person, crosses industry contexts, and produces employment consequences disproportionate to any single incident. Article 5(1)(c) applies.
What would not qualify: a single employer running a time-limited probationary review of an employee's performance within that employment relationship. There is no cross-context application, no persistent score that follows the person into unrelated spheres.
The Penalty for Getting This Wrong
Breach of Article 5(1)(c) triggers the top tier of Article 99(3): fines of up to €35,000,000 or 7% of total worldwide annual turnover, whichever is higher. That ceiling applies from 2 August 2025, when penalties under Article 99 became operable.
For companies with hundreds of millions in revenue, the 7% figure is the operative number. For smaller operators, €35 million likely exceeds annual turnover, making it the binding cap — though for SMEs and start-ups, Article 99(6) caps the fine at the lower of the fixed amount or the percentage, a proportionality protection worth understanding but not a reason to treat the prohibition as optional.
Market-surveillance authorities can also order immediate system shutdown and remediation of persons harmed. National data-protection authorities retain their GDPR enforcement powers alongside these AI Act penalties — social scoring almost invariably involves processing on a scale that also engages GDPR Article 22 (solely automated decision-making) and potentially Article 35 (Data Protection Impact Assessment). The exposure stacks.
Why Annex III Point 5(b) Matters Here
Annex III, point 5(b) lists as high-risk: AI systems used to evaluate the creditworthiness of natural persons or establish their credit score, excluding those used solely for fraud detection. This is not a loophole from Article 5(1)(c) — it is a genuinely different regime for a genuinely different activity.
A credit-scoring system built under the point 5(b) framework must:
- Complete a risk management system under Article 9.
- Meet data and data-governance requirements under Article 10.
- Produce Article 11 / Annex IV technical documentation before going to market.
- Enable transparency and meaningful information to deployers under Article 13.
- Maintain human oversight under Article 14.
- Achieve appropriate accuracy, robustness, and cybersecurity under Article 15.
- Pass conformity assessment under Article 43 (internal self-assessment for most Annex III point 5 systems) and register in the EU database under Article 49.
- If the deployer is a public body or a private entity operating a creditworthiness or insurance service, the deployer must also run a Fundamental Rights Impact Assessment under Article 27.
The compliance deadline for these stand-alone high-risk Annex III systems — under the Digital Omnibus agreed in May 2026 — is 2 December 2027. That deferral does not extend to Article 5 prohibited practices: those have been banned since 2 February 2025.
The practical takeaway: if you are building or deploying anything that touches behavioural scoring at scale, the first gate is Article 5(1)(c). Only systems that clear that gate — because they are purpose-limited to creditworthiness or fraud detection, or because they stay strictly in-context — should then proceed to the Annex III high-risk compliance track.
How Confir Helps
Confir's intake process runs the Article 5 prohibited-practice checklist before any high-risk assessment begins. The rule-based engine asks whether the system evaluates natural persons over time, what data sources feed the score, and whether the output is used outside the context of origin. If any combination of answers maps to Article 5(1)(c), the system is gated as unacceptable risk — a finding that is deterministic, reproducible, and documentable.
Systems that clear the Article 5 gate and land in Annex III point 5(b) (credit scoring) proceed through Confir's full AIRC, AITR, AITO, and AIGM assessment tracks, generating the Article 11 / Annex IV technical documentation pack, the Article 47 Declaration of Conformity, and — where the deployer is a public body or operates in the credit or insurance space — the Article 27 FRIA.
The logic is not advisory. It encodes the Act's own structure: prohibited first, high-risk second.
Frequently Asked Questions
Does the Article 5(1)(c) prohibition apply to private companies, or only governments?
Both. The final text of Article 5(1)(c) in Regulation (EU) 2024/1689 does not restrict the prohibition to public authorities. Any actor — private or public — that deploys an AI system meeting the three statutory criteria (evaluates natural persons over time, based on social behaviour or inferred characteristics, producing cross-context or disproportionate detrimental treatment) is in breach. The "social credit" framing is often associated with state systems, but the prohibition is entity-neutral.
Is credit scoring the same thing as social scoring?
No, and conflating them is one of the costliest classification errors. Credit scoring is a purpose-limited assessment of repayment likelihood using financial data collected and applied in a credit context. That is Annex III, point 5(b) — high-risk, fully compliant if the obligation stack is met. Social scoring under Article 5(1)(c) requires that a behavioural evaluation from one domain drive consequences in an unrelated domain, or that treatment be disproportionate to the underlying behaviour. A lender using credit history to price a loan is not doing either of those things.
What is the "unrelated context" threshold in practice?
The Act does not define a precise test, but the regulatory intent is clear: data generated in a retail, civic, or employment context should not be repurposed to determine access to housing, healthcare, insurance, or financial products without the person's awareness or genuine connection to the new decision. When the link between the context that generated the data and the context where it produces consequences is tenuous or absent, Article 5(1)(c) is likely engaged. Proximity within a single service or relationship is the safe harbour; cross-sector export of a persistent behavioural profile is the danger zone.
When did the Article 5(1)(c) ban take effect?
2 February 2025. Article 5 prohibited practices, along with Article 4 AI literacy requirements, were the first obligations to become applicable under the phased timeline of Regulation (EU) 2024/1689. Any system meeting the social scoring definition that was still operating after that date was in breach. There is no transition period for prohibited practices.
What is the maximum fine for social scoring violations?
Under Article 99(3), breach of an Article 5 prohibition carries a maximum of €35,000,000 or 7% of total worldwide annual turnover for the preceding financial year, whichever is higher. For SMEs and start-ups, Article 99(6) caps the fine at the lower of the two figures. Penalties under Article 99 became operable from 2 August 2025. Authorities can also order immediate shutdown and require remediation of affected individuals.
What about employee monitoring that produces a performance score?
Employment monitoring is a live area of Article 5 analysis. If a system monitors workers' output, punctuality, communication patterns, or sentiment over time and produces a persistent score that feeds into pay, contract renewal, or redeployment decisions — within the same employment relationship — it may or may not cross the Article 5(1)(c) line depending on whether the scoring is disproportionate. Separately, workplace emotion recognition is prohibited outright under Article 5(1)(f), regardless of how the output is used. These are different prohibitions with different scopes; both need to be checked.
Can a social scoring system ever be made compliant by adding safeguards?
No. Article 5(1)(c) is a categorical prohibition, not a high-risk classification with a compliance pathway. A system that meets the definition cannot be deployed by adding human oversight, technical documentation, or a conformity assessment. The only paths are to decommission the system or to redesign it so it no longer meets the prohibited criteria — for example, by limiting data use strictly to the originating context and removing the cross-domain scoring mechanism. Safeguards are for the high-risk tier; the unacceptable-risk tier offers no mitigation option.
Related guides
- Article 5 biometric prohibition requirements
- unacceptable risk classification
- Article 6 high-risk AI systems
- EU AI Act risk assessment methodology
- Article 5 prohibited practices
- Article 9 risk management requirements
- compliance deadlines and phased enforcement
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →