Facial Recognition in Public Spaces: Prohibited Uses, High-Risk Rules, and Who Can Do What
Real-time law enforcement facial ID is banned under Art 5(1)(h) since Feb 2025. Post-event biometric ID is Annex III high-risk — deadline 2 Dec 2027.
The first thing to understand about facial recognition under Regulation (EU) 2024/1689 is that the law draws two distinct lines — not one. Some uses are flatly prohibited. Others are classified as high-risk, meaning they are legally permissible in principle but carry a heavy obligation stack. And one common use (verifying a claimed identity) sits largely outside both categories. Getting the map wrong is not a minor technicality: the prohibited category has been in force since 2 February 2025, and violations carry fines up to €35 million or 7% of worldwide annual turnover under Article 99(3).
This article works through that map — prohibited uses, high-risk uses, what is neither — and sets out the compliance obligations that apply to high-risk systems.
The Three Prohibited Uses That Are Already in Force
Article 5 of the EU AI Act lists the practices that EU law bans outright. Three are directly relevant to facial recognition in public spaces, and all three have applied since 2 February 2025.
Real-time remote biometric identification in public spaces for law enforcement (Article 5(1)(h))
This is the most discussed prohibition. Law enforcement authorities may not run real-time facial recognition systems — systems that match faces against a database as people move through publicly accessible spaces — unless one of three narrow exceptions applies:
- Targeted search for a specific victim of a serious crime (trafficking, sexual exploitation, kidnapping), missing person, or person who has gone missing in circumstances indicating serious risk to life.
- Prevention of a specific, substantial, and imminent threat of a terrorist attack.
- Detection, identification, or prosecution of a suspected perpetrator of a criminal offence punishable in the member state concerned by a custodial sentence of at least four years, provided the use is authorised by a judicial or independent administrative authority in advance (or, in exceptional urgency, retrospectively within 24 hours).
Each exception requires prior authorisation from a court or independent body, registration in the EU database, and a Fundamental Rights Impact Assessment under Article 27. These are not defaults — they are safety valves that require affirmative procedural steps before the system is switched on.
The word "real-time" matters. A system that processes facial data from a live feed — even with a short delay for processing — falls within this prohibition. A system that analyses recorded footage after the fact is not caught here; it falls into the high-risk category instead (see below).
Untargeted scraping to build facial recognition databases (Article 5(1)(e))
The Act prohibits creating or expanding facial recognition databases by scraping facial images from the internet or from CCTV footage at scale, without targeting a specific individual. This is a direct response to the business models of companies like Clearview AI. The scraping is prohibited regardless of who does it — law enforcement, private intelligence firms, or anyone else. The prohibition covers both the scraping and the resulting database.
Biometric categorisation inferring sensitive attributes (Article 5(1)(g))
Systems that use facial or other biometric data to sort people into categories based on sensitive attributes — race, ethnicity, political opinion, trade union membership, religious or philosophical beliefs, sexual orientation — are prohibited. This catches any system that goes beyond identifying who someone is and tries to infer what they are.
What Is High-Risk: The Annex III Point 1 Category
Annex III of the EU AI Act lists the eight areas where AI systems are presumptively high-risk. Point 1 covers biometrics, and it captures:
- Post-event (non-real-time) remote biometric identification systems — for example, reviewing CCTV footage after an incident to identify a person. This is the "offline forensic" use that is not caught by Article 5(1)(h)'s real-time prohibition but is nonetheless high-risk.
- Biometric categorisation systems — those assigning individuals to categories based on biometric data, provided they are not caught by the Article 5(1)(g) prohibition (which covers sensitive-attribute inference). Categorising by other attributes (gait, approximate age, hair colour) using biometric input is high-risk, not prohibited.
- Emotion recognition systems — using facial analysis to infer emotional states. Note: emotion recognition used in workplaces or educational institutions is additionally prohibited under Article 5(1)(f); in other contexts it is high-risk.
The conformity assessment route for Annex III point 1 systems is generally the Annex VII notified-body route under Article 43 — not the internal self-assessment available to most other Annex III categories. That means an independent conformity assessment body must review the technical documentation before the system goes to market.
The deadline for high-risk Annex III stand-alone systems is 2 December 2027, under the Digital Omnibus agreed in May 2026 (which deferred the original 2 August 2026 date). That is a deferral, not a suspension: systems reaching the market now will need compliant documentation, and the assessment process takes time to complete.
Non-compliance with the high-risk obligations carries fines up to €15 million or 3% of worldwide annual turnover under Article 99(4).
What Is Neither Prohibited Nor High-Risk: Biometric Verification
Biometric verification — a one-to-one check confirming that you are the person you claim to be — is generally not caught by either the Article 5 prohibitions or the Annex III high-risk classification. The paradigmatic cases are: using Face ID to access your phone, confirming your identity at a border e-gate where you have already presented a document, or authenticating into a banking app.
The key distinction is between identification (who is this person, from among a population?) and verification (is this person the one they claim to be?). Verification operates with explicit consent and a pre-established reference template from the same person. It does not build population-scale databases or sort people without their knowledge.
That said, the line can blur. A system described as "verification" that in practice builds templates from public footage, or that stores biometric data beyond the immediate transaction, risks being reclassified. The framing of how the system works matters less than what it actually does.
Who Can Do What: The Practical Map
| Use case | Legal status | Who can do it |
|---|---|---|
| Real-time facial ID in public spaces, law enforcement purpose | Prohibited (Art 5(1)(h)) — with three narrow exceptions requiring prior authorisation | Only law enforcement authorities, only under the three exceptions, only with judicial/independent authorisation |
| Real-time facial ID in public spaces, private-sector purpose (retailers, event venues, transport operators) | Prohibited — Art 5(1)(h) applies to law enforcement specifically, but private-sector real-time remote biometric ID in public spaces is prohibited via GDPR Art 9 (biometric data = special category, no valid lawful basis for identification of strangers) and the Art 5(1)(g) prohibition if sensitive attributes are involved | Effectively no private actor can lawfully run real-time facial ID of the public for identification |
| Scraping faces from the internet or CCTV to build databases | Prohibited (Art 5(1)(e)) | Nobody |
| Biometric categorisation inferring race, religion, political opinion, sexual orientation | Prohibited (Art 5(1)(g)) | Nobody |
| Post-event (offline) facial matching of recorded footage | High-risk (Annex III point 1) — requires full obligation stack, Annex VII notified-body conformity assessment | Law enforcement with appropriate legal basis; private actors with lawful basis (generally rare) |
| Emotion recognition (outside workplace/education) | High-risk (Annex III point 1) | Providers and deployers with full high-risk compliance |
| Biometric verification (one-to-one, with consent) | Generally minimal risk | Any organisation with appropriate GDPR lawful basis |
One detail deserves emphasis: the Article 5(1)(h) prohibition by its terms applies to "the use of real-time remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement." Private retailers, airports, and event organisers are not law enforcement authorities. Does that mean they can freely run live facial recognition? No — GDPR Article 9 independently prohibits processing biometric data for identification purposes without an explicit lawful basis, and none of the Article 9(2) exceptions readily applies to a retailer scanning every customer's face. The EU AI Act prohibition and GDPR operate in parallel. Both must be satisfied.
The High-Risk Obligation Stack
A post-event biometric identification system or another Annex III point 1 system that clears the Article 5 prohibitions must satisfy the following requirements before it reaches the market. These apply from 2 December 2027 for stand-alone systems.
Risk management system (Article 9). A documented, continuously updated process identifying foreseeable risks — false positives causing wrongful investigation, bias against demographic groups, function creep, database breach — and implementing proportionate mitigations across the system's lifecycle.
Data and data governance (Article 10). Training and validation datasets must be representative across age, gender, ethnicity, and skin tone. Providers must document data sources and run disaggregated accuracy tests. A system that works well on one demographic group and poorly on another fails this requirement regardless of its overall accuracy.
Technical documentation (Article 11 / Annex IV). A full technical package including architecture, training-data composition, model performance metrics disaggregated by demographic group, testing protocols, known limitations, and update procedures. This documentation sits at the centre of the Annex VII conformity assessment.
Transparency to deployers (Article 13). Providers must supply instructions for use in accessible language — system capabilities, failure modes, required oversight procedures, and what deployers must do to maintain compliance.
Human oversight (Article 14). Operators must have the ability to review outputs and override system recommendations before any consequential decision is taken. Fully automated identification without human review is non-compliant.
Accuracy, robustness, and cybersecurity (Article 15). Performance must be documented with quantified metrics. Cybersecurity measures must protect biometric templates from unauthorised access.
Quality management system (Article 17). Providers must operate a documented QMS covering their entire high-risk AI product lifecycle.
Conformity assessment (Article 43 / Annex VII). For Annex III point 1 biometric systems, the assessment must be conducted by an accredited notified body — not internal self-assessment. The provider cannot simply declare conformity.
EU declaration of conformity (Article 47) and CE marking (Article 48). Once the notified body issues its certificate, the provider issues the declaration and affixes CE marking.
EU database registration (Article 49). High-risk systems must be registered in the EU database (established under Article 71) before market placement.
Deployer Obligations: What Changes When You Put a System Into Operation
If you are deploying a high-risk biometric identification system — say, a police forensics unit using a provider's post-event facial matching software — your obligations under Article 26 include:
- Following the provider's instructions for use.
- Ensuring that human oversight is in place: every match that leads to a consequential decision must be reviewed by a trained operator.
- Keeping logs of system use for at least six months (Article 26).
- Monitoring for incidents and informing the provider and relevant authority of serious problems (Article 73 governs the provider's own reporting duty; you as deployer inform upwards).
- Running a Fundamental Rights Impact Assessment under Article 27, which for law enforcement biometric deployments is not optional.
The FRIA (Article 27) requires you to assess impacts on privacy, freedom of movement, non-discrimination, and data protection; justify the necessity and proportionality of the deployment; consider less invasive alternatives; and document your findings. It must be kept current as the deployment evolves.
The GDPR Dimension
The EU AI Act does not displace GDPR. Facial biometric data is special-category personal data under GDPR Article 9. Processing it requires one of the Article 9(2) lawful bases — for private companies, these are narrow (explicit consent, vital interests, and a few others). Law enforcement processing of biometric data is governed additionally by Directive 2016/680. Satisfying the EU AI Act's high-risk technical requirements does not by itself provide a GDPR lawful basis. Both layers must be satisfied independently.
In practice: a private retailer scanning customers' faces for identification purposes has no valid GDPR Article 9(2) basis and cannot justify the processing even if it wanted to build a fully compliant high-risk AI system. GDPR blocks the use before the EU AI Act analysis even begins.
How Confir Helps
Confir's rule-based classification engine applies the Article 5 and Article 6 logic deterministically: the same intake produces the same finding, the rule that fired is human-readable, and the output is audit-defensible. For any biometric system, it works through whether the use is prohibited (Article 5(1)(e), (g), (h)), whether it is high-risk under Annex III point 1, and — if high-risk — which obligations apply to which role. The result is a documented classification with the Article references attached, ready for the conformity assessment process.
Frequently Asked Questions
Is all facial recognition in public spaces prohibited under the EU AI Act?
No — but the distinction is precise. Real-time facial identification for law enforcement purposes is prohibited under Article 5(1)(h), subject to three narrow exceptions requiring judicial pre-authorisation. Non-real-time (post-event) facial identification falls under Annex III point 1 as high-risk, not prohibited. Biometric verification — confirming a claimed identity one-to-one with consent — is generally minimal-risk. The prohibited/high-risk boundary matters, and it turns on the real-time/post-event distinction and on whether the purpose is law enforcement identification.
Can a private company (retailer, venue, airport) run real-time facial recognition?
Effectively no. Article 5(1)(h) targets law enforcement authorities, not private actors, but GDPR Article 9 independently prohibits processing biometric data for identification purposes without an explicit lawful basis — and none of the Article 9(2) exceptions comfortably applies to a retailer scanning strangers. The two regimes operate in parallel. A private actor can satisfy EU AI Act technical requirements and still have no valid legal basis to process the data at all.
What is the compliance deadline for high-risk biometric AI systems?
Under the Digital Omnibus agreed in May 2026, the application deadline for stand-alone high-risk AI systems (the Annex III list, including biometrics) is 2 December 2027, deferred from the original 2 August 2026 date. The Article 5 prohibitions, however, have applied since 2 February 2025 — they are already in force and were not deferred.
What conformity assessment route applies to facial recognition systems?
Annex III point 1 biometric systems generally require the Annex VII notified-body conformity assessment route under Article 43 — not the internal self-assessment (Annex VI) available to most other Annex III categories. A provider cannot self-certify. An accredited third-party body must review the technical documentation, which in turn must include disaggregated accuracy data and the full Annex IV technical package.
What are the penalties for breaching the Article 5 prohibitions?
Running a prohibited facial recognition practice — real-time law enforcement ID without authorisation, scraping databases, or sensitive biometric categorisation — carries fines up to €35 million or 7% of worldwide annual turnover under Article 99(3), whichever is higher. For SMEs and start-ups, fines are capped at the lower of the percentage or the fixed sum under Article 99(6). For high-risk obligation breaches, the ceiling is €15 million or 3% under Article 99(4).
What is a Fundamental Rights Impact Assessment and when is it required?
The FRIA under Article 27 is a documented assessment of a deployment's impact on fundamental rights: privacy, freedom of movement, non-discrimination, freedom of expression, and data protection. It must assess necessity and proportionality, consider less invasive alternatives, and be kept current. For biometric systems deployed by public bodies or in contexts like law enforcement, the FRIA is mandatory before deployment begins. It is not a one-time document — it must be updated as the deployment evolves.
Does EU AI Act compliance replace GDPR compliance for facial recognition?
No. Facial biometric data is special-category personal data under GDPR Article 9. Satisfying the EU AI Act's technical requirements (risk management, human oversight, technical documentation) does not provide a GDPR lawful basis for processing. Both sets of obligations apply in parallel. A system can be fully EU AI Act-compliant technically and still be unlawful under GDPR if no Article 9(2) basis exists for the processing.
Related guides
- EU AI Act Article 6 high-risk classification
- Annex III high-risk classification
- EU AI Act risk classification framework
- EU AI Act's high-risk classification framework
- EU AI Act definitions
- SaaS compliance requirements
- Article 43 conformity assessment requirements
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →