Biometric Categorisation System: EU AI Act Definition and Compliance
Article 3(40) defines biometric categorisation systems. What Article 5(1)(g) prohibits, when Annex III applies, and the Article 50(3) disclosure duty.
A biometric categorisation system is an AI system that assigns natural persons to specific categories based on their biometric data. Under Regulation (EU) 2024/1689, systems of this type sit at the intersection of privacy and fundamental rights — and the law draws a sharp line between categorisation that is merely regulated and categorisation that is outright banned.
The EU AI Act definition
Article 3, point 40 of Regulation (EU) 2024/1689 defines a "biometric categorisation system" as an AI system for the purpose of assigning natural persons to specific categories on the basis of their biometric data — unless the system is ancillary to another commercial service and strictly necessary for objective technical reasons.
"Biometric data" in this context means personal data resulting from specific technical processing relating to physical, physiological, or behavioural characteristics — face geometry, fingerprint patterns, gait, voice patterns, and so on.
The ancillary carve-out
The definition excludes systems where biometric sorting is an incidental, technically unavoidable step inside a different commercial service. The clearest example: an image-management tool that automatically sorts photos by background colour may, as a side effect, process facial geometry to identify where a face ends and the background begins. That is not a biometric categorisation system under Article 3 — the categorisation is not the purpose; it is a byproduct of a technical process needed for something else entirely.
The carve-out is narrow. Both conditions must hold simultaneously: the system must be genuinely ancillary (not a core function), and the biometric processing must be strictly necessary for objective technical reasons (not merely convenient). A tool that is technically capable of doing other tasks but is configured specifically to categorise people by physical traits does not qualify.
The Article 5(1)(g) prohibition
The most consequential provision for biometric categorisation is Article 5(1)(g), which has applied since 2 February 2025. It prohibits the placing on the market, putting into service, or use of AI systems that categorise natural persons individually on the basis of biometric data to deduce or infer sensitive attributes, specifically:
- race or ethnic origin
- political opinions
- trade union membership
- religious or philosophical beliefs
- sex life or sexual orientation
This prohibition is not limited to high-accuracy systems. The Act does not require that the inference be correct — the act of attempting to deduce sensitive attributes from biometrics is itself prohibited.
The two narrow exceptions
Article 5(1)(g) provides two situations where such categorisation does not fall under the prohibition:
1. Lawful labelling or filtering of datasets. If the categorisation is strictly necessary for labelling or filtering of biometric datasets already lawfully acquired — for instance, a research institute that holds a legitimately collected dataset and needs to tag demographic metadata within it for a scientific study — the prohibition does not apply. The dataset must have been acquired lawfully in the first place; this exception cannot be used to launder unlawfully gathered data.
2. Law-enforcement use. Categorisation for law enforcement purposes, subject to the additional safeguards that the Act and national law impose on law-enforcement AI, falls outside the prohibition. This is a narrow channel: it applies to competent authorities for the prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties, not to private actors conducting their own security work.
Both exceptions should be read strictly. The prohibition targets the deliberate inference of sensitive attributes from biometrics; the exceptions do not create space for general categorisation programs with a thin law-enforcement or research label attached.
Penalties for breaching Article 5 prohibitions are set at the top tier under Article 99(3): €35,000,000 or 7% of total worldwide annual turnover, whichever is higher. For small companies the fine is capped at the lower of the two figures (Article 99(6)).
When it is high-risk instead
Biometric categorisation that is not caught by the Article 5(1)(g) prohibition can still land in the high-risk tier. Annex III, area 1 covers biometric systems — including biometric categorisation systems — deployed in areas that pose a significant risk of harm to health, safety, or fundamental rights.
Concretely: a system that categorises individuals by age bracket, or groups people by apparent skin tone for market-segmentation research, or classifies patients by biometric indicators for a clinical pathway — none of these deduce the prohibited sensitive attributes, so Article 5(1)(g) does not apply. But all of them could fall within Annex III area 1 if they have a consequential use.
The Article 6(3) filter then applies. A biometric categorisation system is not high-risk if it does not present a significant risk of harm — for example, if it performs a narrow procedural function, improves the output of a previously completed human process, or does preparatory work without influencing an assessment of a natural person. However, any system that profiles natural persons is always treated as high-risk regardless of the Article 6(3) criteria; the profiling carve-out does not apply.
For high-risk biometric categorisation systems, the conformity-assessment route is the Annex VII notified-body procedure where a harmonised standard has not been applied — not the Annex VI internal self-assessment route used for most other Annex III categories (Article 43).
The high-risk deadline for stand-alone Annex III systems is 2 December 2027 under the Digital Omnibus (political agreement of May 2026, deferring the original August 2026 date).
The Article 50 transparency duty
Article 50(3) of Regulation (EU) 2024/1689 imposes a specific transparency obligation on deployers of biometric categorisation systems. Where a biometric categorisation system is used, deployers must inform the natural persons who are exposed to it.
This duty applies independently of whether the system is high-risk. It reflects the legislature's judgment that people have a fundamental interest in knowing when a machine is assigning them to categories based on their physical or behavioural characteristics, even in low-stakes contexts.
Article 50 transparency obligations apply from 2 August 2026. A deployer who runs a categorisation system in a retail environment, a public space, or a digital service from that date must have a disclosure mechanism in place. The disclosure must be made in a clear and accessible form to the persons concerned. Article 50(5) addresses the timing and accessibility of that disclosure; Article 50(6) preserves other applicable obligations (such as under the GDPR).
Breaches of Article 50 obligations are subject to fines of up to €15,000,000 or 3% of total worldwide annual turnover under Article 99(4).
How Confir helps
Determining whether a system constitutes a biometric categorisation system — and where it sits on the prohibited/high-risk/limited-risk spectrum — requires working through multiple Article 3, Article 5, Article 6, and Annex III questions in the right sequence.
Confir's rule-based classification engine encodes that logic explicitly. You answer plain-English questions about what your system processes and what output it produces; the deterministic rules derive your risk tier, your role (Provider under Article 16 or Deployer under Article 26), and the obligation set that follows. The same inputs always produce the same finding — reproducible, explainable, and auditable. If a system you register triggers the Article 50(3) transparency requirement, Confir flags the disclosure duty and links it to the relevant documentation tasks. Pricing starts at €600 per year; no consultants, no lengthy implementation. Details at confir.eu.
Frequently Asked Questions
Is every system that uses facial recognition a biometric categorisation system?
Not automatically. Facial recognition covers a range of functions. One-to-one verification — confirming that a face matches a stored template for a single individual (phone unlock, border e-gate) — is not categorisation; it is identification. Biometric categorisation specifically means assigning persons to categories: by age, gender, emotion, ethnicity, and so on. The two overlap in some architectures but are legally distinct under Article 3.
Does the Article 5(1)(g) prohibition apply only to purpose-built categorisation systems, or also to systems where sensitive-attribute inference is a side effect?
The prohibition targets systems used "for the purpose of" inferring sensitive attributes. Courts and regulators will look at the design intent, configuration, and actual use — not just the stated purpose. A general-purpose analytics tool that is demonstrably deployed to infer trade union membership from biometric patterns will not escape Article 5(1)(g) by virtue of its generic architecture.
What counts as "biometric data" for these purposes?
Under Article 3 of Regulation (EU) 2024/1689 (and consistently with GDPR Article 9), biometric data means personal data resulting from specific technical processing relating to physical, physiological, or behavioural characteristics that allows or confirms the unique identification or categorisation of a natural person. Examples include facial images processed through a recognition algorithm, fingerprint maps, iris scans, voice prints, and gait patterns. Raw photographs that are not processed by a biometric algorithm do not themselves constitute biometric data.
Can a system be both prohibited under Article 5(1)(g) and high-risk under Annex III?
No — the prohibition is the higher category. If a system is caught by Article 5(1)(g), it is banned and cannot legally be placed on the market or used in the EU. It does not become compliant by also satisfying high-risk requirements. The prohibited tier is absolute; there is no conformity assessment that unlocks a prohibited use.
Does the Article 50(3) disclosure duty require informing every person before the categorisation occurs?
The obligation is to "inform" the persons exposed to the system, but Article 50 does not prescribe a specific pre-categorisation consent procedure. The disclosure must be made in a clear and accessible form. In practice, for deployed systems in physical or digital environments, this typically means signage, a privacy notice, or an on-screen disclosure that is visible at the point of interaction — not a click-through for each individual scan.
We are a software provider, not the company deploying the system. Does Article 50(3) apply to us?
Article 50(3) targets "deployers" — the organisations that put a system into use in a professional context (Article 26). If you develop and supply the software but do not deploy it, the primary Article 50(3) obligation rests on your customer. However, under Article 13, you as the provider must furnish information to deployers that enables them to understand and fulfil their obligations — including their Article 50 disclosure duties.
Related terms
- Biometric data — definition and scope
- Article 5: prohibited AI practices
- Emotion recognition system — definition and obligations
- Annex III, area 1: biometric identification and categorisation
- Article 50: transparency for limited-risk AI systems
- Annex III: high-risk AI systems — full list
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →