Biometric systems in the EU AI Act - definition
In the context of Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024, the EU AI Act, biometric systems are AI systems that process biometric data to identify, verify, or categorize natural persons, or to infer their emotions. The Act refers here to the concept of biometric data already known from the GDPR, namely Regulation (EU) 2016/679, Article 4(14). In practice, for photos and video recordings this mainly includes analysis of a face, body shape, gait, iris, fingerprint, or other patterns that make it possible to distinguish one person from another.
For photo and video anonymization, the key distinction is between a system used for biometric recognition and a system used for privacy protection. A tool that detects a face in order to blur it does not have to identify the person. It may operate solely at the stage of detecting an object such as a “face” or a “license plate.” This is an important technical and legal boundary. Simply detecting a face in the frame is not the same as establishing a person’s identity.
The EU AI Act introduces three main regimes for biometric systems: prohibitions for certain uses, a high-risk category for selected deployments, and a set of obligations for providers and deployers of the system. In practice, the most important categories are remote biometric identification systems, biometric categorization systems, and emotion recognition systems. For a data protection officer, this means distinguishing tools used to anonymize visual material from tools that profile, classify, or identify individuals based on images.
How the EU AI Act classifies biometric systems
The AI Act does not treat all uses of biometrics equally. What matters is the purpose of processing, the environment in which the system is used, and whether the system operates ex post or on live footage. This has direct implications for workflows involving video and image processing before publication, archiving, or disclosure to third parties.
The most important groups of biometric systems can be structured as follows:
System type | Function description | Status under the EU AI Act | Relevance for photo and video anonymization
|
|---|---|---|---|
Remote biometric identification | Comparison of a biometric template against an identity database to determine who the person is | As a rule, a high-risk AI system; real-time use in publicly accessible spaces for law enforcement purposes is generally prohibited, subject to statutory exceptions | Not needed for face blurring |
Biometric verification | Confirmation of a claimed identity on a 1:1 basis | May be a high-risk AI system depending on the use case | Not needed for visual data anonymization |
Biometric categorization | Assigning a person to a category based on biometric characteristics | Some uses are prohibited; others may be subject to AI Act requirements and other legal restrictions | Should not be part of a privacy protection system |
Emotion recognition | Inferring an emotional state from biometric data | Prohibited in workplaces and educational institutions, with limited exceptions | Not necessary for face blurring |
Face detection | Detecting the presence of a face without determining identity | Generally outside the scope of biometric recognition as identification, but still requires GDPR compliance assessment | This is a typical feature used for photo and video anonymization |
From a technical perspective, this is the difference between a detection task and an identification or verification task. In the first case, the model locates an object in the image. In the second, it builds or compares a representation of a person’s features, usually as a feature vector called an embedding.
Why this matters for photo and video anonymization
In privacy protection systems, the goal should be to detect the element that must be blurred, not to recognize a specific person. In practice, this means using computer vision models to locate faces and license plates, then permanently transforming the image through blur, pixelation, or masking.
Such a system is typically built using deep learning. The model is trained on labeled datasets so that it learns to find faces or license plates under different conditions:
- in changing lighting conditions,
- with partial occlusions,
- from different camera angles,
- in both still images and video sequences.
After training, the inference model can be used to automatically detect objects that require anonymization. For regulatory compliance, it is important that such a pipeline does not create an identification function unless this is strictly justified and lawful. In practice, a face-blurring system does not need to compare faces against a reference database or assign a unique identity identifier to a person.
In an environment such as Gallio PRO, this means using AI to automatically detect faces and license plates in photo and video materials and then blur them. It does not include automatic detection of logos, tattoos, name badges, documents, or content displayed on monitors. Those elements may require manual redaction in the editor. This division reduces the scope of data processing and limits the risk of implementing biometric functions that go beyond the purpose of anonymization.
Prohibited uses and high-risk AI systems under the EU AI Act
The strictest restrictions apply to uses that the EU legislator considers unacceptable or particularly intrusive. For compliance practice, it is important to understand that not every use of a face in an AI system is prohibited, but certain purposes and contexts of use are.
Particularly sensitive areas include:
- real-time remote biometric identification in publicly accessible spaces for law enforcement purposes - generally prohibited, subject to statutory exceptions,
- certain forms of biometric categorization involving sensitive data,
- emotion recognition in workplace and education settings - generally prohibited, with limited exceptions,
- high-risk AI systems used in areas such as employment, access to services, migration, or the administration of justice.
For organizations involved in visual data anonymization, the practical conclusion is simple: the face-blurring function should be kept separate from identification functions. The narrower the data scope and the fewer operations performed on biometric features, the easier it is to demonstrate purpose limitation, data minimization, and proportionality.
Obligations of providers and users of biometric systems
If a given AI system qualifies as a high-risk AI system, the AI Act imposes a set of obligations on both the provider and the deployer. These obligations complement, rather than replace, GDPR requirements. In the image and video domain, this means carrying out both a technical assessment and a data protection assessment in parallel.
The main obligations include:
- implementing a risk management system,
- ensuring appropriate quality of training, validation, and test data,
- maintaining technical documentation,
- logging events to the extent required by the AI Act while respecting data minimization principles,
- ensuring human oversight,
- meeting requirements for accuracy, cybersecurity, and robustness,
- conducting the conformity assessment procedure before placing the system on the market or putting it into service.
For a user of a visual data anonymization system, the key point is to document that the tool operates solely for privacy redaction and does not expand the scope of processing to biometric identification. In practice, useful safeguards include technical policies, architecture descriptions, detection quality tests, and retention rules for source and output files.
Key parameters and metrics for biometric systems and anonymization systems
When assessing an AI system used for images and video, a functional description alone is not enough. Measurable parameters are needed. Which parameters matter depends on whether the system is intended to identify people or only to detect objects that must be blurred.
For detection systems, the most common metrics are:
- precision - the proportion of correct detections among all detections,
- recall - the proportion of detected objects among all objects present in the material,
- mAP - mean Average Precision across IoU thresholds, a standard object detection metric,
- IoU - a measure of overlap between the predicted region and the reference region,
- latency per frame - the processing time for a frame or image.
For biometric identification systems, the analysis more often focuses on:
- FAR - False Accept Rate,
- FRR - False Reject Rate,
- EER - Equal Error Rate,
- ROC and AUC,
- rank-1 accuracy or recall@k for gallery search.
In a photo and video anonymization system, high detection recall is more important than identity ranking. The reason is practical. An undetected face or an undetected license plate creates a risk of disclosing personal data. That is why compliance processes often adopt conservative detection thresholds and then apply operator review for borderline cases.
Normative references and compliance practice
The assessment of biometric systems used in image and video processing should be based on primary sources. The most important legal acts and documents are:
- Regulation (EU) 2024/1689 - the AI Act, published on 12 July 2024,
- Regulation (EU) 2016/679 - the GDPR, in particular Articles 4, 9, 25, and 35,
- European Data Protection Board Guidelines 3/2019 on processing personal data through video devices, adopted on 29 January 2020,
- ISO/IEC 23894:2023 - guidance on AI risk management,
- ISO/IEC 22989:2022 - AI concepts and terminology.
In compliance practice for a tool that blurs faces and license plates, this translates into several principles. First, the purpose of processing should be limited to the anonymization or pseudonymization of visual material. Second, it must be demonstrated that the AI function is not used for biometric identification. Third, operator control should be maintained over difficult material, such as frames with small faces, motion, reflections, or partially obscured objects.
In this model, AI serves as a support function for data protection rather than a tool for identifying people. This distinction is fundamental both for risk classification under the EU AI Act and for assessing the lawfulness of processing under the GDPR.