Search AI That Educates, Not Exploits: The EU AI Act Line

Search AI that educates is built to expand what a person understands. Search AI that exploits is built to keep them clicking. The difference isn't philosophical anymore. Since 2 February 2025, AI that uses manipulative or deceptive techniques to distort how people decide is banned outright in the EU, with fines up to 35 million euros or 7% of global turnover. If your AI search or AI visibility strategy nudges users toward confirmation and away from informed choice, it's now a legal risk, not just an ethical one.
Most search and answer-engine systems are tuned for one number: engagement. That's the root of the problem. When the goal is time-on-site or click-through, the system learns to confirm what users already believe, surface the answer that ends inquiry fastest, and bury anything that complicates the picture. The result reads like learning. It usually isn't.
This matters for two audiences at once. Boards now own AI governance risk. Marketing and product leaders own the AI visibility tactics that increasingly trip the same wires. Both need to know where the line sits.
What does exploitative search AI actually do?
It optimises against the user's interest while looking like it serves them. The common patterns:
- Confirmation by default. Systems tuned for satisfaction surface what agrees with you. Comfortable, and it quietly narrows what you see.
- Inquiry-ending answers. Ranking the quickest answer above the most complete one discourages the follow-up questions that build real understanding.
- Engagement-first interfaces. Layouts built to maximise sessions fragment attention rather than support sustained reading.
- Commercial tilt. Results skewed by ad revenue point people toward monetisable content over genuinely useful sources.
Each of these is defensible in isolation. Stacked together and tuned hard, they shade into manipulation. That's where regulation now bites.
Where does the EU AI Act draw the line?
Article 5 of the EU AI Act prohibits two things that map directly onto exploitative search design.
First, AI that uses "subliminal techniques beyond a person's consciousness or purposefully manipulative or deceptive techniques" to materially distort behaviour and impair informed decision-making. Second, AI that exploits vulnerabilities tied to age, disability, or a person's social or economic situation.
Both carry a harm threshold. The system has to cause, or be reasonably likely to cause, significant harm. So a recommendation engine isn't illegal because it ranks things. It crosses the line when it's designed to override a person's ability to choose freely and that does real damage.
The dates matter for any board reviewing exposure. The bans took effect on 2 February 2025, and enforcement powers and penalties followed on 2 August 2025. The ceiling is the higher of 35 million euros or 7% of worldwide annual turnover. That's a board-level number.
| Exploitative design choice | What it optimises | Article 5 risk |
|---|---|---|
| Confirmation-biased ranking | Engagement, session length | Distorting informed decisions |
| Inquiry-ending quick answers | Speed, satisfaction score | Impairing free choice |
| Targeting users in vulnerable states | Conversion at any cost | Exploiting vulnerability |
| Hidden commercial tilt | Ad revenue | Deceptive technique |
What does educational search AI look like instead?
It changes the target. Optimise for whether the person understood more after the search than before, and the design choices follow.
- Show the spread of views. On contested topics, surface credible competing positions rather than reinforcing the popular one.
- Prompt evaluation, don't replace it. Help users weigh sources and spot weak claims instead of handing over a single answer to accept on trust.
- Reward depth and credibility. Rank for source quality and how well something explains an idea, not just how fast it satisfies.
- Keep curiosity open. Design the experience to invite the next question, not close the loop and end the session.
None of this is anti-commercial. A user who genuinely learns something tends to come back. The business case and the responsible case point the same way here, which is rarer than the industry admits.
How does this connect to honest GEO and AEO?
Generative engine optimisation, getting your content cited by ChatGPT, Perplexity, and Google's AI answers, is where this gets practical for marketing and product teams. The temptation is to game it. Don't.
The foundational GEO research paper (Aggarwal et al., accepted to KDD 2024) tested which content changes raise visibility in AI answers. The methods that worked were the honest ones: adding citations, quoting credible sources, including relevant statistics. They boosted visibility by up to 40%. The lift came from making content genuinely more useful and verifiable, not from tricking the model.
That finding is the whole argument for AEO without dark patterns. The tactics that earn AI citations are mostly the same tactics that serve a reader well. You don't need manipulation to win here. You need to be the most credible, clearly-sourced answer.
The penalties for the other path are already live. Google's March 2024 spam policies named the exploitative versions directly. Scaled content abuse is "many pages generated for the primary purpose of manipulating Search rankings and not helping users." Site reputation abuse is publishing third-party pages "to manipulate Search rankings by taking advantage of the first-party site's ranking signals." Both are now demotable offences. The dark-pattern shortcut to AI visibility is a path that's actively being closed.
This is also why manipulative engagement design and manipulative search optimisation are the same problem wearing two hats. We've written before about how social media algorithms tip into cognitive manipulation, and the mechanism is identical: optimise for engagement, lose the user's interest. For the practical mechanics of doing GEO the honest way, our guide to generative engine optimisation walks through it.
What should a board actually check?
Three questions cut to the exposure.
First, what does each AI system optimise for? If the answer is engagement, time-on-site, or click-through with no countervailing measure of user benefit, that's the risk surface. Article 5 doesn't care about intent alone. It cares about effect on informed choice.
Second, who's vulnerable on the receiving end? Systems touching health information, financial decisions, or minors carry far more exposure, because exploiting vulnerability is its own prohibited category.
Third, can you evidence the design intent? Regulators and litigants will ask why the system behaves as it does. Documented optimisation targets and review decisions are the defence. Undocumented engagement-maximisation is the liability.
Frequently asked questions
Is engagement optimisation banned under the EU AI Act?
No. Optimising for engagement is legal. What's banned is using manipulative or deceptive techniques that distort a person's ability to make an informed decision and cause significant harm. Engagement design crosses the line when it overrides free choice rather than supporting it. The harm threshold is what separates an aggressive feed from a prohibited one.
Does the EU AI Act apply to companies outside the EU?
Yes, where the AI system's output is used in the EU or affects people there. A search or recommendation system serving EU users falls in scope regardless of where the company sits. Boards with any EU user base should treat Article 5 as live exposure, not a European-only concern.
Can you do GEO without manipulation?
Yes, and the evidence says it works better. The GEO research found honest tactics, citations, credible sources, relevant statistics, raised AI-answer visibility by up to 40%. Google's spam policies penalise the manipulative shortcuts. The responsible path and the effective path are the same path here.
What's the penalty for breaching Article 5?
Up to 35 million euros or 7% of total worldwide annual turnover, whichever is higher. Enforcement powers took effect on 2 August 2025. For most organisations that figure makes Article 5 a board-level governance item rather than a compliance footnote.
The bottom line
Here's the opinion that runs through all of it: the split between responsible search AI and exploitative search AI isn't a values debate anymore, it's a design decision with a price tag attached. Optimise for what a person understands and you build something defensible, durable, and now legally safer. Optimise purely for engagement and you're building toward a 35-million-euro ceiling and a Google demotion at the same time.
We sit on the responsible side of that line by design. When we engineer AI visibility, we do it the way the GEO research and the spam policies both reward: credible sources, honest framing, genuine usefulness. No dark patterns, because the dark patterns are now the slow road to a penalty.
The choice in front of every board and every product team is simple. Build search and AI experiences that make people more informed, or build ones that make them more predictable. One of those is getting regulated out of existence. Pick accordingly.
Part of VerityAI's AI that educates rather than exploits.
If you want support with this, VerityAI offers AI transformation advisory.

Sotiris Spyrou
Sotiris Spyrou is the founder of VerityAI, a Responsible AI advisory for boards and AI-deploying businesses. With 27 years across agencies, global in-house roles, and the C-suite, he advises leaders on AI governance and risk, and on answer-engine visibility engineered without the dark patterns the rest of the industry is getting penalised for. He is the author of TRANSFORM, AI Moats, and Ethical AI.
Founder at VerityAI