Biometric Data: Definition and Role in the EU AI Act

Definition3 June 2026· 11 min read· 2,294 words

Biometric data under Regulation (EU) 2024/1689: Article 3 definition, Annex III high-risk AI uses, Article 5 prohibitions in force since Feb 2025, and GDPR.

Biometric data is personal data derived from specific technical processing of a natural person's physical, physiological, or behavioural characteristics — facial images and fingerprints being the clearest examples. Under Regulation (EU) 2024/1689 (the EU AI Act), this category of data connects directly to some of the Act's most consequential provisions: three of the eight Annex III high-risk areas, several of the Article 5 absolute prohibitions, and a parallel set of obligations under GDPR that run alongside the Act, not instead of it.

Understanding where biometric data sits in the EU AI Act framework matters because the same underlying data — a face scan, a gait pattern, a fingerprint — can land a system in different risk categories depending on what the system does with it. The data type alone does not determine your obligations. What the system infers, decides, or enables does.

The EU AI Act definition

Article 3 of the EU AI Act, which sets out the Act's definitions, defines biometric data at point 34 as:

"personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data"

The Act cross-references the GDPR definition here — consistent with Article 3's general approach of pulling GDPR terminology into the AI Act rather than creating parallel definitions. The key elements are:

Specific technical processing — biometric data is not simply a photograph; it requires processing that extracts characteristic patterns from it. A stored facial image is not automatically biometric data; a facial embedding generated by running that image through recognition software is.
Physical, physiological, or behavioural — the three branches cover morphological features (fingerprints, iris patterns, facial geometry), physiological measurements (vein patterns, DNA), and behavioural patterns (gait, voice, typing rhythm).
Unique identification — the definition in Article 3, point 34 is oriented towards data that can identify a person. This is the definition relevant to biometric identification systems. Separately, Article 3 defines biometric categorisation and emotion recognition, which operate on biometric data but for different purposes.

Why biometric data is high-stakes under the Act

Annex III area 1: the biometrics cluster

The first area of Annex III — the list of high-risk AI systems under the Act — covers three categories of AI that process biometric data:

Remote biometric identification systems — systems that identify natural persons at a distance, across a space or in a crowd, by comparing biometric data against a reference database. This is the highest-scrutiny category: it includes real-time systems (camera feeds) and post-event systems (footage analysis).
Biometric categorisation systems — systems that assign natural persons to categories based on their biometric data. Categories are defined broadly: sex, age, hair colour, eye colour, tattoos, and behavioural or emotional state. Note the qualification — categorisation systems in Annex III area 1 are high-risk "to the extent not prohibited." Some categorisation uses are outright banned under Article 5 (see below).
Emotion recognition systems — systems that infer or predict emotional states from biometric signals. These sit in Annex III area 1 as high-risk, but only for contexts not already captured by the Article 5 prohibition on emotion recognition in workplaces and educational institutions. For those two contexts, the system is banned, not merely regulated.

Systems in Annex III area 1 that meet the Article 6 classification criteria inherit the full high-risk obligation stack: a risk management system under Article 9, data governance requirements under Article 10, technical documentation under Article 11, logging under Article 12, transparency obligations to deployers under Article 13, human oversight under Article 14, and accuracy and cybersecurity requirements under Article 15. Providers must also complete the conformity assessment procedure — for Annex III area 1 (biometrics), that is the Annex VII notified-body route where harmonised standards are not applied, rather than the Annex VI internal self-assessment route available to most other Annex III categories.

The high-risk obligations for these systems apply from 2 December 2027 for stand-alone systems, under the Digital Omnibus political agreement reached in May 2026 (originally the deadline was 2 August 2026).

Article 5 prohibitions involving biometrics

Article 5 — in force since 2 February 2025 — lists the AI practices the EU considers unacceptably risky and bans outright. Several turn directly on biometric data or biometric processing:

Article 5(1)(e) prohibits the creation or expansion of facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage. This covers practices of collecting large volumes of facial images without consent or purpose limitation, typically to build commercial recognition databases.

Article 5(1)(f) prohibits AI systems that infer the emotions of natural persons in the workplace or in educational institutions — except where this is done for safety reasons or medical purposes. The prohibition applies regardless of whether the emotion recognition system would otherwise qualify as high-risk under Annex III. Deploying emotion-recognition AI for workplace monitoring or in classrooms is banned, not merely regulated. The fine ceiling for an Article 5 breach is €35,000,000 or 7% of total worldwide annual turnover, whichever is higher (Article 99(3)).

Article 5(1)(g) prohibits biometric categorisation systems that infer or deduce a natural person's race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation from biometric data. The prohibition targets systems that use biometrics as a route to sensitive attribute inference — a pattern that had emerged in commercially deployed tools.

Article 5(1)(h) prohibits real-time remote biometric identification in publicly accessible spaces for the purposes of law enforcement, outside a narrow set of exceptions. The exceptions are exhaustive: targeted searches for missing persons; the prevention of specific, substantial, and imminent terrorist threats; the identification of persons suspected of specified serious crimes. Each use requires prior authorisation from a judicial or administrative authority (with narrow exceptions for urgency), and is geographically and temporally limited.

The prohibited/high-risk boundary matters here. A post-event (non-real-time) remote biometric identification system used by law enforcement falls in Annex III area 1 and is high-risk, not prohibited. Real-time use by law enforcement in public spaces, outside the exceptions, is prohibited. 1:1 biometric verification — a phone unlock, a passport gate — is neither prohibited nor high-risk; it sits in the minimal-risk tier because it confirms rather than identifies.

The GDPR overlap

Biometric data used to uniquely identify a natural person is a special category of personal data under GDPR Article 9. That article restricts the processing of such data to specific legal bases: explicit consent, vital interests, legitimate activities of associations, data made public by the data subject, legal claims, substantial public interests, preventive or occupational medicine, public health, and archiving/research purposes. Processing without a valid Article 9 basis is unlawful.

The AI Act does not displace GDPR. Both regimes apply simultaneously when an AI system processes biometric data. In practice, this means:

A high-risk biometric identification system must satisfy both the AI Act's Article 9–15 obligation stack and the GDPR Article 9 special-category basis requirement before deployment.
The prohibition in Article 5(1)(g) of the AI Act on sensitive-attribute categorisation supplements GDPR Article 9, not replaces it: the AI Act bans the use case altogether; GDPR would in any case restrict the underlying processing.
A Data Protection Impact Assessment (DPIA) under GDPR Article 35 is typically required for large-scale biometric processing. Where the deployer of a high-risk AI system must also complete a Fundamental Rights Impact Assessment under AI Act Article 27 (applicable to certain public-body and private deployers of high-risk systems covered by Annex III points 5(b) and 5(c)), Article 27(4) allows the FRIA to build on an existing DPIA rather than starting from scratch.

The regulator handling biometric data complaints may be a data protection authority (DPA) for the GDPR dimension and a national market-surveillance authority for the AI Act dimension. They are different bodies with different remedies. A system can be compliant under one regime and non-compliant under the other.

Related biometric concepts

Three terms in the Act are easy to conflate but carry distinct meanings:

Biometric data (Article 3, point 34) is the input — the raw or processed data derived from a person's physical, physiological, or behavioural characteristics. It is a data category, defined in a way consistent with GDPR.

Biometric categorisation is a process — assigning natural persons to categories on the basis of their biometric data (Article 3, point 40). The categories can include demographic characteristics or sensitive attributes. High-risk under Annex III area 1 where lawful; prohibited under Article 5(1)(g) where used to infer sensitive attributes.

Remote biometric identification is also a process — identifying natural persons at a distance by comparing biometric data against a reference database (Article 3, point 41). It is the process underlying both the Annex III biometric identification high-risk category and the Article 5(1)(h) prohibition on real-time law-enforcement use. See the dedicated page for the real-time/post-event distinction and the law-enforcement exceptions.

Emotion recognition is a distinct category (Article 3, point 39) — AI systems that identify or infer the emotional or psychological states of natural persons from their biometric or other data. Prohibited in workplaces and educational institutions; high-risk in other contexts where it falls under Annex III area 1.

The Act's definitions section (Article 3) contains all four terms. When assessing a biometric AI system, the question is not only what data it processes but which definitional box it falls into — because the obligations and prohibitions attach to the process, not just the data type.

Frequently Asked Questions

Is a photo of someone biometric data under the EU AI Act?

A photograph is not automatically biometric data under the Act. The definition in Article 3, point 34 requires "specific technical processing" to extract characteristic patterns from physical or behavioural features. A static photo stored in an HR file is personal data but not biometric data. The same image, once run through facial recognition software to generate a facial template or embedding, becomes biometric data — because technical processing has extracted characteristic features that allow unique identification.

Does the EU AI Act only apply to biometric AI in law enforcement?

No. The Act applies across sectors. Annex III area 1 covers biometric identification, categorisation, and emotion recognition wherever they occur — in employment, retail, banking, building access, education, and elsewhere — to the extent they are not covered by the Article 5 prohibitions. Law enforcement gets special treatment because real-time remote biometric identification in public spaces is prohibited for law enforcement use specifically, outside the narrow Article 5(1)(h) exceptions.

What is the difference between biometric identification and biometric categorisation?

Biometric identification (Article 3, point 41) is a 1:N process: a system takes a biometric sample and compares it against a database to find a match — the question is "who is this person?" Biometric categorisation (Article 3, point 40) is a different process: it assigns a person to a category based on biometric features — the question is "what group does this person belong to?" A face-recognition door-access system performs identification; a system that estimates age or infers emotional state from a face performs categorisation. Both are subject to Annex III area 1; some categorisation uses are prohibited under Article 5(1)(g).

Can a company use biometric recognition for employee time and attendance?

An employee time-and-attendance system using fingerprint or facial recognition for 1:1 verification (confirming the person is who they claim to be, not identifying them from a crowd) is typically minimal-risk under the EU AI Act — verification is outside the scope of remote biometric identification. It remains subject to GDPR Article 9 for the underlying processing of special-category data, and most EU member states require explicit employee consent or a collective agreement for biometric attendance data. The AI Act risk tier and the GDPR lawfulness basis are separate questions.

When do the biometrics high-risk obligations actually apply?

Under the Digital Omnibus political agreement reached in May 2026, the high-risk obligations for stand-alone Annex III systems — including the biometrics cluster — apply from 2 December 2027. The original date was 2 August 2026; that date has been deferred. The Article 5 prohibitions, including the bans on facial scraping, sensitive-attribute categorisation, and real-time RBI by law enforcement, have been in force since 2 February 2025.

Does GDPR compliance cover the AI Act obligations for biometric systems?

No. GDPR Article 9 governs the lawful basis for processing special-category biometric data; the AI Act governs the design, documentation, conformity assessment, and governance requirements for AI systems that process such data. A system can have a valid GDPR Article 9 basis and still fail to meet the AI Act's Article 9 risk management or Article 11 technical documentation requirements. The two regimes stack; satisfying one does not satisfy the other.

Related terms

Biometric Categorisation — how the Act defines and regulates AI systems that sort people by biometric features, including the Article 5(1)(g) prohibition on sensitive-attribute inference
Remote Biometric Identification — the 1:N identification process at the heart of both Annex III area 1 and the Article 5(1)(h) law-enforcement prohibition
Emotion Recognition System — the third biometric use case in Annex III area 1, and prohibited outright in workplaces and educational institutions
Annex III: High-Risk AI Systems — the full list of eight high-risk areas, with biometrics as area 1
Annex III Area 1: Biometric Identification — the conformity-assessment route (Annex VII notified body) and operator obligations specific to this category
Article 5: Prohibited AI Practices — the full list of banned uses, including the four biometric prohibitions in force since February 2025

Manage your EU AI Act compliance in one place

Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.

Start free trial →