Quick answer

The EU AI Act classifies biometric AI systems as high-risk under Annex III category 1. This covers remote biometric identification, biometric categorisation, and emotion recognition systems. Real-time remote biometric identification in publicly accessible spaces is prohibited with narrow law enforcement exceptions under Art.5(2).

Updated June 2026 · MmowW AI Compliance

EU AI Act High-Risk AI in Biometrics: Classification and Rules

Biometrics as a High-Risk Category Under Annex III

Annex III of the EU AI Act (Regulation (EU) 2024/1689) designates biometric systems as the first category of high-risk AI. This placement reflects the significant fundamental rights implications of using AI to identify, categorise, or assess the emotional states of natural persons based on their biometric data.

Category 1 of Annex III covers three distinct types of biometric AI systems. The first is AI systems intended to be used for remote biometric identification of natural persons, excluding verification systems that merely confirm that a person is who they claim to be. The second is AI systems intended to be used for biometric categorisation based on sensitive or protected attributes or characteristics. The third is AI systems intended to be used for emotion recognition.

The classification as high-risk triggers the full set of requirements in Chapter III, Section 2 of the Regulation. These include obligations related to risk management systems, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy, robustness, and cybersecurity. For providers of biometric AI systems, compliance requires systematic attention to each of these requirements before the system can be placed on the EU market.

Remote Biometric Identification: Real-Time and Post Restrictions

The AI Act draws a critical distinction between real-time and post (ex-post) remote biometric identification. Real-time remote biometric identification in publicly accessible spaces is addressed under the prohibited practices provisions in Article 5, while post remote biometric identification falls under the high-risk regime.

Article 5(1)(h) prohibits the use of real-time remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement, except in narrowly defined circumstances. These exceptions, set out in Article 5(2), require that the use be strictly necessary for one of the following objectives: the targeted search for specific victims of abduction, trafficking in human beings, or sexual exploitation; the prevention of a specific, substantial, and imminent threat to the life or physical safety of natural persons, or a genuine and present or foreseeable threat of a terrorist attack; and the localisation or identification of a person suspected of having committed a specific criminal offence.

Even where an exception applies, the use of real-time remote biometric identification requires prior authorisation by a judicial authority or an independent administrative authority. In duly justified cases of urgency, use may begin without prior authorisation, but authorisation must be sought without undue delay and at the latest within 24 hours. If authorisation is not granted, use must cease immediately and all data obtained must be deleted.

Post remote biometric identification, where footage is analysed after the event rather than in real time, is classified as high-risk rather than prohibited. However, it is still subject to the full high-risk requirements and, for law enforcement use, requires prior authorisation from a judicial authority or independent administrative authority.

Biometric Categorisation and Emotion Recognition

Biometric categorisation systems that use AI to assign natural persons to specific categories based on their biometric data are classified as high-risk under Annex III. This includes systems that categorise individuals based on sensitive attributes such as race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation.

Article 5(1)(g) prohibits certain biometric categorisation systems entirely. Specifically, it prohibits AI systems that categorise natural persons individually based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation. This prohibition does not apply to labelling or filtering of lawfully acquired biometric datasets, such as images, based on biometric data, or to categorisation of biometric data in the area of law enforcement.

Emotion recognition systems, which attempt to identify or infer the emotions or intentions of natural persons on the basis of their biometric data, are classified as high-risk when used in the workplace or in educational institutions. Article 5(1)(f) further prohibits emotion recognition in the workplace and in educational institutions, except where the system is intended to be placed on the market or put into service for medical or safety reasons. This means a fatigue detection system for drivers may be permissible, while a system monitoring employee emotional engagement during meetings would not be.

Conformity Assessment for Biometric AI Systems

Biometric identification systems classified as high-risk under Annex III, point 1(a) are subject to third-party conformity assessment. This is a significant distinction from many other high-risk AI systems, which may use internal conformity assessment procedures based on quality management systems and technical documentation review.

The third-party conformity assessment must be carried out by a notified body designated in accordance with Article 28 of the Regulation. The notified body assesses the AI system against the requirements set out in Chapter III, Section 2, and issues a certificate if the system conforms. This certificate must be maintained through ongoing surveillance, and the notified body may conduct unannounced audits.

For providers that also need to comply with other Union harmonisation legislation, such as the Medical Device Regulation (MDR) or the General Data Protection Regulation (GDPR), the conformity assessment under the AI Act is in addition to any assessments required under those instruments. However, Article 43(3) allows for a single conformity assessment process where practical, provided all requirements are addressed.

Practical Compliance Steps for Biometric System Providers

Providers of biometric AI systems should begin compliance preparation by classifying each system against Annex III categories and the prohibited practices in Article 5. This classification determines which obligations apply and whether the system can be placed on the market at all.

For systems that fall within the high-risk category, providers must establish a risk management system in accordance with Article 9. This system must identify and analyse known and reasonably foreseeable risks, estimate and evaluate risks that may emerge from the intended use and reasonably foreseeable misuse, and adopt appropriate and targeted risk management measures.

Data governance is particularly critical for biometric systems. Article 10 requires that training, validation, and testing datasets be relevant, sufficiently representative, and to the best extent possible free of errors and complete. For biometric systems, this means addressing representation across different demographic groups to mitigate bias in identification accuracy.

Technical documentation requirements under Article 11 and Annex IV mandate detailed descriptions of the system's intended purpose, performance metrics, and known limitations. For biometric systems, this includes accuracy rates broken down by relevant demographic categories, false acceptance and false rejection rates, and the conditions under which performance may degrade.

Transparency obligations under Article 13 require that deployers be provided with sufficient information to interpret the system's outputs and use it appropriately. For biometric identification systems, this includes clear information about the system's accuracy, the conditions under which it has been tested, and its known limitations in different environmental conditions such as lighting, distance, and angle.

Timeline and Enforcement Considerations

The prohibited practices provisions of Article 5, including the prohibition on certain real-time remote biometric identification uses, apply from 2 February 2025. The full high-risk requirements for biometric AI systems apply from 2 August 2026.

Penalties for non-compliance with the prohibited practices provisions are the most severe under the AI Act: administrative fines of up to 35 million EUR or 7 percent of total worldwide annual turnover, whichever is higher. Non-compliance with the high-risk requirements may result in fines of up to 15 million EUR or 3 percent of total worldwide annual turnover.

Member States are responsible for designating market surveillance authorities and notified bodies. Providers should monitor national implementation measures to understand the specific procedures and timelines for conformity assessment in each Member State where they intend to make their biometric AI systems available.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.