Facial Recognition and the EU AI Act: What GDPR Compliance Requires
Key Takeaways
- The EU AI Act banned two categories of facial recognition outright on February 2, 2025.
- Untargeted internet scraping to build facial recognition databases is prohibited with no exceptions.
- Real-time biometric identification in public spaces is banned for most actors, with narrow law enforcement carve-outs only.
- Post-incident facial recognition is high-risk AI, triggering registration and conformity obligations by August 2, 2026 (deferred to December 2, 2027, under the pending Digital Omnibus).
- GDPR Article 9 adds a second compliance layer: biometric data requires explicit consent or a narrow statutory basis.
Between February 2022 and September 2024, three European data protection authorities fined Clearview AI a combined €70 million for building a facial recognition database from billions of scraped online photos. Italy’s Garante moved first, imposing €20 million in February 2022, France’s CNIL matched that figure in October 2022, and the Dutch Autoriteit Persoonsgegevens added another €30 million in September 2024 for what it called “illegal data collection for facial recognition”. Each decision cited the same legal basis: GDPR violations covering unlawful processing, special category biometric data, and failure to honour data subject rights.
Those three fines set the enforcement tone before the EU AI Act even became effective. Since February 2, 2025, businesses operating in the EU face a stricter regulatory environment, one in which certain uses of facial recognition are outright prohibited, others classified as high-risk, and all of them subject to GDPR’s baseline requirements for biometric data.
This article maps what the EU AI Act Article 5 prohibits, how GDPR Article 9 adds a second compliance layer, and what obligations apply to high-risk facial recognition systems ahead of the August 2, 2026, full enforcement deadline.
Is facial recognition banned in the EU?
Partially, and the distinction matters. The EU AI Act does not ban facial recognition in its entirety. It draws a precise line between three categories, which are practices that are outright prohibited; systems that are classified as high-risk and must meet strict compliance obligations; and applications that fall outside both categories. Where your use case sits determines what you must do.
What does Article 5 of the EU AI Act actually prohibit
Article 5 of the EU AI Act, effective February 2, 2025, establishes two facial recognition prohibitions that apply without exception to most actors.
The first, Article 5(1)(e), bans AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage. This is the provision that retroactively renders Clearview-style operations illegal under EU AI law, not just under GDPR. There is no law enforcement carve-out here. The ban is categorical.
The second, under Article 5(1)(h), prohibits real-time remote biometric identification systems used in publicly accessible spaces for law enforcement purposes. Real-time means the identification happens without a meaningful delay relative to the event. Publicly accessible spaces cover airports, train stations, shopping centres, streets, and any space the public can enter regardless of access conditions.
The narrow exceptions that remain for Law Enforcement
Article 5(1)(h) does permit three exhaustively listed exceptions, all applicable only to law enforcement authorities: searching for missing persons, abduction victims, and victims of human trafficking or sexual exploitation; preventing a substantial and imminent threat to life or a foreseeable terrorist attack; and identifying suspects in serious crimes.
Each use requires prior judicial or administrative authorisation, with a post-hoc authorisation pathway for genuine emergencies. No other actors, including commercial businesses, can claim these exceptions.
What does “untargeted scraping” mean under Article 5(1)(e)?
The distinction between targeted and untargeted scraping is the most consequential definitional line in Article 5(1)(e). The prohibition does not apply to all scraping tools that could build a facial recognition database; it applies only to untargeted scraping, a category with a specific meaning in the European Commission’s February 2025 guidelines on prohibited AI practices.
The four cumulative conditions that trigger the ban
All four of the following conditions must be met simultaneously for Article 5(1)(e) to apply. If any one condition is absent, the provision does not trigger.
First, the activity must constitute placing on the market, putting into service for this specific purpose, or actual use of the AI system. Second, the purpose must be to create or expand a facial recognition database.
Third, the method must be untargeted scraping, defined as the indiscriminate collection of large volumes of facial images without a specific focus on a given individual or group. Fourth, the source must be the internet or CCTV footage specifically.
The Commission guidelines clarify that a “database” in this context includes any temporarily or permanently organised collection of data retrievable by a computer and that it is sufficient for the database to be capable of use for facial recognition. The sole purpose does not need to be recognition.
What falls outside the prohibition?
Three categories fall outside Article 5(1)(e)’s scope. Targeted scraping of specific individuals or pre-defined groups for lawful law enforcement purposes is permitted subject to the Law Enforcement Directive. Untargeted scraping of biometric data other than facial images, such as voice samples, is not covered, and AI systems that harvest facial images to train models generating images of entirely fictitious persons are excluded from the ban.
That last category is the most contested. The European Parliament’s March 2026 political agreement on the AI Act Omnibus proposes adding non-consensual sexual deepfakes to the list of prohibited practices, a signal that regulators recognise the gap.
Even now, scraping facial images to train generative models triggers copyright obligations and GDPR requirements for special category data, even where the AI Act prohibition itself does not apply.
How GDPR Article 9 creates a second compliance layer
Any facial recognition system that processes EU residents’ data must comply with GDPR Article 9, regardless of its classification under the EU AI Act. Article 9 designates biometric data used to uniquely identify a natural person as a special category of personal data, which is prohibited from being processed by default unless one of the ten conditions in Article 9(2) applies. In practice, commercial and employment applications often rely on explicit consent, but the ICO notes that consent is rarely freely given in employment contexts due to power imbalances.
The two most commonly invoked conditions are explicit consent and substantial public interest. Explicit consent requires freely given, specific, informed, and unambiguous agreement covering the biometric processing, which is specifically a high bar in practice. The substantial public interest route requires a Union or member state legal basis with proportionate safeguards.
The European Data Protection Board’s 2023 guidelines on facial recognition in law enforcement confirmed that publishing an image on social media does not constitute consent for its inclusion in a facial recognition database.
The practical result is a double compliance burden. A system that clears the AI Act’s high-risk requirements still needs a valid Article 9(2) basis, a data protection impact assessment, and a lawful retention policy to operate legally under GDPR. The AI Act does not displace GDPR; both apply concurrently, and enforcement by separate authorities can proceed simultaneously.
What compliance obligations apply to high-risk facial recognition systems?
Post-incident facial recognition analysing recorded footage after an event rather than in real time is not prohibited under the EU AI Act. It is classified as a high-risk AI system under Annex III. That classification triggers the most substantial compliance framework in the regulation.
Post-incident facial recognition and the August 2026 deadline
High-risk system obligations become enforceable on August 2, 2026. Providers of post-incident facial recognition systems operating in or targeting the EU must complete conformity assessments, finalise technical documentation, affix CE marking, and register their systems in the EU AI Act database before that date. Systems already on the market before August 2, 2026 have until August 2, 2027 to comply, with certain categories extended to August 2, 2029.
Update: The EU’s Digital Omnibus on AI, which defers Annex III high-risk obligations to 2 December 2027, cleared final Parliament and Council approval in June 2026 and is awaiting publication in the Official Journal. Businesses should treat 2 December 2027 as the operative planning date for post-incident facial recognition while confirming final adoption once published.
Registration, conformity assessment, and human oversight requirements
The high-risk framework requires providers to implement data governance practices covering training, validation, and testing datasets. Technical documentation must demonstrate the system’s intended purpose, risk management process, accuracy metrics, and cybersecurity measures. Deployers of the organisations actually running the system must assign human oversight, maintain logs of system outputs, and report serious incidents to national market surveillance authorities.
For law enforcement deployers specifically, additional conditions apply from August 2026: a binding judicial or administrative authorisation for each use, documentation of every deployment for annual reporting, and a prohibition on drawing adverse legal conclusions solely from the system’s output.

What fines apply for illegal facial recognition in the EU?
The EU AI Act establishes a three-tier penalty structure tied to violation severity. GDPR fines run on a separate track and can apply concurrently, as the Clearview AI enforcement sequence confirmed.
| Violation type | Regulatory basis | Maximum penalty |
| Using a prohibited AI practice (e.g., untargeted scraping, real-time biometric ID without authorisation) | EU AI Act Article 99(3) | €35 million or 7% of global annual turnover, whichever is higher |
| Non-compliance with high-risk AI obligations (e.g., missing conformity assessment, no human oversight) | EU AI Act Article 99(4) | €15 million or 3% of global annual turnover, whichever is higher |
| Providing incorrect or misleading information to authorities | EU AI Act Article 99(5) | €7.5 million or 1% of global annual turnover, whichever is higher |
| Unlawful processing of biometric data | GDPR Article 83(5) | €20 million or 4% of global annual turnover, whichever is higher |
The cumulative exposure is significant. A business running an unlawful facial recognition database scraped from the internet faces potential AI Act fines of up to €35 million and simultaneous GDPR fines of up to €20 million, applied by different authorities on different legal bases. The Clearview AI precedent confirms that data protection authorities will pursue both tracks.
How Shufti fits into EU biometric compliance
The dual compliance burden trips most businesses not at the policy level but at the operational one. Knowing that GDPR Article 9 and the EU AI Act both apply to your face verification flow is different from having a system that satisfies both simultaneously, without requiring two separate integration stacks.
Shufti’s face verification was built to the full biometric compliance standard from the start, not assembled from third-party liveness and document components stitched together. The platform holds GDPR compliance alongside PCI DSS, SOC 2, and ISO 27001:2013, and its liveness engine has achieved iBeta Level 3 conformance under ISO/IEC 30107-3, the highest published independent standard for liveness attack detection. For businesses running customer identity flows in the EU, that translates to a single integration covering the biometric verification and the consent capture layer, with audit records that satisfy both frameworks.
One platform. Fully owned technology. Global coverage with real local depth.
See how Shufti handles EU-compliant face verification on your actual onboarding flow. Book a 20-minute demo.
Frequently Asked Questions
Is facial recognition banned in the EU?
Not entirely. The EU AI Act bans two practices outright: untargeted scraping to build facial recognition databases and real-time biometric identification in public spaces except for narrow law enforcement uses. Post-incident facial recognition is classified as high-risk, not prohibited, and subject to compliance obligations from August 2, 2026.
Does GDPR allow facial recognition?
GDPR classifies biometric data used for unique identification as a special category under Article 9. Processing it is prohibited by default. It becomes lawful only under one of ten Article 9(2) conditions, most commonly explicit consent or a substantial public interest basis backed by national law.
What are the exceptions to the EU's real-time biometric ban?
Article 5(1)(h) lists three exhaustive exceptions: searching for missing persons and trafficking victims; preventing an imminent threat to life or a foreseeable terrorist attack; and identifying suspects in serious crimes. All three apply exclusively to law enforcement authorities and require prior judicial or administrative authorisation. Commercial businesses have no access to these exceptions.
