Biometric AI Under the EU AI Act: What's Banned, What's High-Risk, and What's Allowed
The EU AI Act draws its sharpest lines around biometric AI — banning real-time facial recognition in public spaces, placing remote biometric identification squarely in high-risk Annex III, and imposing strict obligations on any system that categorises people by physical traits. This guide unpacks every rule.
Biometric AI Under the EU AI Act: What's Banned, What's High-Risk, and What's Allowed
Last updated: June 2026 · Reading time: 9 minutes
Of all the technologies the EU AI Act regulates, biometric AI attracts the most unambiguous prohibitions. The regulation bans some biometric applications outright — no exceptions, no workarounds. Others sit in a high-risk category demanding conformity assessments, technical documentation, and registration in the EU database. Understanding precisely where each type of biometric system falls is essential for any organisation operating in the European Union.
This article works through Article 5's prohibitions, Annex III's high-risk designations for biometric systems, and the conditions that determine whether a given deployment is lawful.
Why Biometric AI Raises the Highest Concerns
Biometric data is among the most sensitive categories of personal information. Unlike a password, you cannot change your face, iris pattern, or gait. When AI systems process these traits to identify, classify, or track individuals — particularly in public or employment contexts — the potential for mass surveillance, discrimination, and irreversible harm is acute.
The EU legislature took that risk seriously. The AI Act does not merely regulate biometric AI — it prohibits specific categories of it entirely, making biometric systems the only domain where the regulation creates absolute bans with no business justification capable of overriding them.
Prohibited Biometric AI: Article 5 Absolute Bans
Article 5 of Regulation (EU) 2024/1689 lists AI practices that are entirely forbidden in the EU. Three of those prohibitions relate directly to biometric systems.
Real-Time Remote Biometric Identification in Publicly Accessible Spaces
Article 5(1)(h) prohibits the use of real-time remote biometric identification (RBI) systems in publicly accessible spaces for law enforcement purposes — with three narrow exceptions:
- Targeted searches for specific victims of crime, including missing persons.
- Prevention of a specific, imminent, substantial terrorist threat.
- Identification of persons suspected of committing certain serious criminal offences listed in Annex II (e.g. terrorism, trafficking, murder, sexual exploitation of children, cybercrime carrying a minimum three-year sentence).
What "real-time" means: The system analyses biometric data and matches identities without meaningful delay — the kind of continuous facial recognition scanning a crowd would constitute.
What "remote" means: The identification occurs without the subject's knowledge or active participation — distinguishing it from, say, an airport border check where a traveller actively looks at a camera.
Who the ban applies to: This prohibition covers law enforcement authorities. Private operators are not explicitly covered by Article 5(1)(h), but deploying such systems would still require compliance with GDPR's Article 9 on special category data and the Law Enforcement Directive — a parallel set of restrictions that is, in practice, equally prohibitive.
Consequence of a violation: Fines of up to €35 million or 7% of global annual turnover, whichever is higher (Article 99(3)).
Biometric Categorisation Systems That Infer Sensitive Attributes
Article 5(1)(g) prohibits AI systems that categorise individuals based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation.
This is a broad and important ban. It covers systems that, for example, analyse facial features to infer ethnic background, or use walking patterns to categorise gender identity. The prohibition applies regardless of who deploys the system — law enforcement, private employers, or retail operators.
Note that this is distinct from biometric identification (matching a person to a known identity). This ban targets categorisation — using biometric data to assign individuals to sensitive demographic or ideological groups.
Retrospective Emotion Recognition Inference
Article 5(1)(f) prohibits AI systems that infer the emotions of natural persons in the workplace and educational institutions. While not exclusive to biometric systems, this provision frequently applies to facial expression analysis tools that read emotional states from physical appearance — a biometric input. Deploying such a system to monitor employee engagement or student attentiveness is prohibited.
High-Risk Biometric AI: Annex III, Entry 1
Not all biometric AI is banned. Systems that identify or categorise individuals using biometric data — but do not fall within the Article 5 prohibitions — may still be subject to the high-risk classification in Annex III.
Annex III, Point 1 designates as high-risk:
- Remote biometric identification systems (other than those prohibited by Article 5)
- Biometric categorisation systems (other than those prohibited by Article 5)
- Emotion recognition systems (other than those prohibited by Article 5)
What High-Risk Classification Means in Practice
Providers of high-risk biometric AI systems must comply with Articles 9 through 15, which require:
| Obligation | Relevant Article |
|---|---|
| Risk management system | Article 9 |
| Data governance and training data quality | Article 10 |
| Technical documentation (Annex IV) | Article 11 |
| Automatic logging / record-keeping | Article 12 |
| Transparency to deployers | Article 13 |
| Human oversight measures | Article 14 |
| Accuracy, robustness, and cybersecurity | Article 15 |
Additionally, providers must complete a conformity assessment before placing the system on the market (Article 43), affix CE marking, and register the system in the EU database (Article 71).
Deployers of high-risk biometric systems have their own obligations under Article 26: conducting a fundamental rights impact assessment before deployment, ensuring human oversight is maintained, and notifying natural persons where required by applicable law.
Practical Example: An Airport Security System
An airport using AI-powered biometric gates that match travellers' faces against passport photos is operating a remote biometric identification system. That system falls within Annex III and is high-risk. The provider (the technology vendor) must deliver technical documentation and a conformity assessment. The deployer (the airport authority) must run a fundamental rights impact assessment and ensure the system is not used beyond its intended purpose.
Limited-Risk Biometric AI: Article 50 Transparency Obligations
Some biometric AI falls outside both the prohibited and high-risk categories — but still carries transparency obligations under Article 50. Systems that generate synthetic images of people, deepfakes, or AI-generated audio of real individuals must disclose the artificial origin of the content. Emotion recognition systems used outside the workplace and education sectors (e.g. in entertainment applications) must also inform users that their emotions are being inferred.
What Is Not Covered: Biometric Security Features
Standard device-level biometrics — fingerprint sensors that unlock a smartphone, Face ID on a laptop — do not fall within the AI Act's scope as currently drafted, because they are not "placed on the market" as standalone AI systems and do not meet the definition of an AI system under Article 3(1) combined with Annex I in the way that identification-at-scale systems do. These remain regulated primarily by GDPR and the eIDAS framework.
Common Misconceptions
"The ban on real-time RBI applies to everyone." The Article 5(1)(h) prohibition is specifically scoped to law enforcement use in publicly accessible spaces. Private sector deployments are not addressed by Article 5(1)(h) — though they face GDPR Article 9 barriers that are equally restrictive in most circumstances.
"If we get consent, biometric categorisation is fine." Consent does not override an Article 5 prohibition. The bans in Article 5 are absolute — no legal basis, including consent, can authorise a prohibited practice.
"Post-market biometric identification is unrestricted." Retrospective (non-real-time) remote biometric identification for law enforcement still requires prior judicial or equivalent authorisation under Article 5(1)(h) and remains within the high-risk category under Annex III.
What Providers and Deployers Should Do Now
If you build or deploy any system that processes biometric data to identify, categorise, or infer emotional states, your immediate priorities are:
- Map your system against Article 5 to confirm it is not prohibited outright.
- Check Annex III, Point 1 to determine high-risk classification.
- If high-risk: initiate your risk management system, technical documentation, and conformity assessment.
- If you are a deployer: plan your fundamental rights impact assessment.
- Ensure data governance meets Article 10 standards for training data — including demographic balance checks that prevent discriminatory performance disparities.
DILAIG's 50-question audit generates all four mandatory compliance documents — including technical documentation, conformity assessment basis, and risk management records — for high-risk AI providers and deployers. Start your audit or contact our team to discuss biometric AI compliance.
FAQ: Biometric AI and the EU AI Act
Does the EU AI Act ban all facial recognition? No. It bans real-time remote facial recognition in publicly accessible spaces for law enforcement purposes (with three narrow exceptions). Facial recognition in controlled access management contexts, for example, is subject to high-risk obligations rather than an outright ban.
Can a private employer use emotion recognition AI? No. Article 5(1)(f) prohibits AI systems that infer emotions in the workplace, regardless of whether the deployer is a public authority or a private company.
Is gait analysis covered? Yes. Gait analysis is a form of biometric identification and falls within the scope of Annex III, Point 1 as a remote biometric identification or categorisation system, depending on how it is used.
When did biometric prohibitions take effect? Article 5 prohibitions, including those on biometric AI, applied from 2 February 2025 — six months after the AI Act entered into force on 2 August 2024.
Does the AI Act apply to biometric systems trained outside the EU but used inside it? Yes. The AI Act has extraterritorial scope under Article 2(1)(c): it applies to providers established outside the EU whose systems are used in the EU, and to deployers established in the EU regardless of where the provider is located.
Key Takeaways
- Article 5 imposes absolute prohibitions on three categories of biometric AI: real-time remote identification for law enforcement (with limited exceptions), biometric categorisation to infer sensitive attributes, and emotion recognition in workplaces and educational institutions.
- Annex III, Point 1 classifies remaining remote biometric identification, biometric categorisation, and emotion recognition systems as high-risk — triggering a full conformity assessment and documentation regime.
- Consent does not override Article 5 prohibitions.
- Biometric prohibitions have been enforceable since 2 February 2025.
- Deployers of high-risk biometric AI must conduct a fundamental rights impact assessment before deployment.
- DILAIG automates the four mandatory compliance documents for high-risk biometric AI providers.
Sources
Take action
Is your AI system compliant?
Free audit in 20 minutes. Detailed report, no commitment.
Start the audit →Keep reading
Practical guides, regulatory analysis, DILAIG news.