By 
Biometric AI is the area where AI law and privacy law overlap most directly, and it has moved fastest in the past two years. A regulatory survey written even a year ago is now materially out of date. The EU AI Act now prohibits whole categories of biometric AI use that were previously addressed only through GDPR principles. Illinois BIPA, the most consequential US biometric statute, has been restructured by amendment and litigation. China has issued AI-specific labelling rules layered on top of PIPL. India's Aadhaar Supreme Court precedent continues to shape the country's biometric law. Each of these matters in different ways for different deployments, and the differences increasingly drive design choices, not just compliance documentation.
This article maps the current legal landscape for biometric AI as of April 2026, the privacy concerns that drive it, and the practical implications for organisations using biometric technologies.
What biometric AI actually means in legal terms
"Biometric data" has specific legal definitions that vary by jurisdiction but generally cover two categories:
- Biometric identifiers: data that uniquely identifies an individual through biological characteristics. Fingerprints, iris and retina patterns, face geometry, voiceprints, palm prints, hand geometry, and DNA are the standard examples.
- Behavioural biometrics: data identifying individuals through patterns of behaviour, such as gait, keystroke dynamics, and signature dynamics.
The EU AI Act adds a further legal distinction relevant to AI: biometric identification (matching a person against a database, with or without their cooperation) versus biometric categorization (assigning attributes such as age, gender, or sensitive characteristics based on biometric features), versus emotion recognition (inferring emotions, intentions, or mental states). These three categories carry different obligations under the Act.
The legally significant feature of biometric data, which drives most of the regulatory framing, is permanence. Compromised passwords can be replaced. Compromised biometric data cannot. This is why most jurisdictions classify biometric data as sensitive personal data with heightened protection.
European Union: GDPR, AI Act, and the layered regime
GDPR
Under GDPR Article 9, biometric data processed for the purpose of uniquely identifying a natural person is "special category data" and prohibited from processing unless one of the Article 9(2) exceptions applies. The most relevant exceptions for AI deployments are explicit consent, employment law obligations, vital interests, substantial public interest, and (rarely for biometric) scientific research subject to safeguards.
The GDPR does not prohibit biometric AI deployments outright. It conditions them on a valid Article 6 lawful basis, an Article 9(2) condition for special category data, a DPIA under Article 35 for high-risk processing (which most biometric AI qualifies as), security under Article 32, and the data subject rights under Articles 12-22 including the right not to be subject to solely automated decisions with legal or similarly significant effects (Article 22).
EU AI Act prohibitions on biometric AI (in force since 2 February 2025)
The EU AI Act Article 5 prohibits four specific biometric AI practices, in force since 2 February 2025:
- Article 5(1)(e): untargeted scraping of facial images from the internet or CCTV footage to create or expand facial recognition databases. This provision is widely understood to target Clearview-style business models.
- Article 5(1)(f): emotion recognition AI in workplaces and educational institutions, with narrow exceptions for medical or safety reasons.
- Article 5(1)(g): biometric categorization systems that infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation from biometric data, with limited exceptions for lawful labelling, filtering, and law enforcement uses.
- Article 5(1)(h): real-time remote biometric identification (RBI) systems in publicly accessible spaces for law enforcement purposes, except in narrowly defined circumstances (targeted search for victims of trafficking or missing persons; prevention of substantial and imminent threats including terrorist attacks; suspects in serious crimes carrying minimum 4-year sentences). Authorisation requires judicial or administrative approval and a fundamental rights impact assessment.
Penalties for breaches of Article 5 reach up to €35 million or 7% of worldwide annual turnover, the highest tier in the AI Act.
EU AI Act high-risk biometric obligations (from 2 August 2026)
Annex III of the EU AI Act classifies the following biometric AI as high-risk, with full obligations applying from 2 August 2026 (subject to potential delay through the Digital Omnibus negotiation):
- Remote biometric identification systems (other than verification systems and the prohibited real-time law enforcement use).
- Biometric categorization systems based on sensitive or protected attributes (other than the prohibited categories).
- Emotion recognition systems (other than the prohibited workplace and education uses).
High-risk biometric AI systems must meet the AI Act's risk management, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy, robustness, and cybersecurity requirements. They must be registered in the EU database, undergo conformity assessment, and carry CE marking. Penalties for high-risk breaches reach up to €15 million or 3% of worldwide turnover.
The GDPR-AI Act overlap
A company using biometric AI in the EU may simultaneously act as a controller under the GDPR and a deployer under the AI Act, with distinct obligations under each regime. Provider obligations under the AI Act add a further layer for those building or making available the AI systems. The two regimes are complementary, not duplicative: GDPR governs the processing of personal data, the AI Act governs the AI system's design, conformity, and lifecycle. Compliance with one does not satisfy the other.
United States: BIPA, state biometric laws, and federal sectoral rules
Illinois BIPA (now amended)
The Illinois Biometric Information Privacy Act (740 ILCS 14, enacted 2008) is the most consequential US biometric statute. It requires private entities collecting biometric identifiers to:
- Inform the subject in writing about the collection
- Inform the subject in writing about the purpose and length of storage
- Receive a written release (now expressly including electronic signature)
- Maintain a written publicly available retention and destruction policy
- Comply with restrictions on disclosure and a private right of action with statutory damages
Statutory damages remain $1,000 per violation, or $5,000 per intentional or reckless violation. The pivotal change came with SB 2979, signed by Governor Pritzker and effective immediately on 2 August 2024. The amendment responded to the Illinois Supreme Court's 2023 ruling in Cothron v. White Castle System, Inc., which had held that each separate scan of biometric data constituted a separate violation, exposing employers to "annihilative liability" running to billions of dollars.
SB 2979 establishes that "a private entity that, in more than one instance, collects, captures, purchases, receives through trade, or otherwise obtains the same biometric identifier or biometric information from the same person using the same method of collection in violation of [BIPA] has committed a single violation, for which the aggrieved person is entitled to, at most, one recovery." The amendment also confirmed that "written release" includes electronic signature.
In April 2026, the US Court of Appeals for the Seventh Circuit ruled in Clay v. Union Pacific that the SB 2979 amendment applies retroactively to cases filed before the August 2024 effective date, sharply reducing exposure in pending BIPA litigation.
Other state biometric laws
- Texas Capture or Use of Biometric Identifier Act (CUBI) requires consent before capturing biometric identifiers but provides for AG enforcement only, with no private right of action. Texas Attorney General settlements with Meta ($1.4 billion in 2024) and Google ($1.375 billion) reflect active state-level enforcement.
- Washington's biometric law (RCW 19.375) requires notice and consent before enrolling biometric identifiers in a database for commercial purposes, with AG enforcement.
- California CCPA/CPRA includes biometric information within the definition of sensitive personal information, granting consumers rights to limit use, plus the recently finalised ADMT regulations covering automated decision-making technology (effective phased starting January 2026).
- Colorado Privacy Act, Virginia CDPA, Connecticut DPA, and similar comprehensive state privacy laws treat biometric data as sensitive data requiring opt-in consent.
Federal sectoral rules
No comprehensive federal biometric law exists. Sector-specific federal rules apply:
- HIPAA: applies to biometric data in healthcare contexts that meets the definition of protected health information.
- FCRA: applies to biometric data used in consumer reporting decisions.
- Title VII / ADA / EEOC guidance: applies to biometric AI in hiring and employment, including facial analysis tools.
- FTC Section 5: addresses unfair or deceptive use of biometric data, with the FTC having issued specific policy statements on biometric information including the May 2023 statement on biometric privacy.
China: PIPL plus AI-specific instruments
China's Personal Information Protection Law (PIPL) (effective 1 November 2021) classifies biometric information as sensitive personal information requiring separate consent and the controller's specific necessity assessment. PIPL is enforced by the Cyberspace Administration of China (CAC) with penalties up to RMB 50 million or 5% of annual turnover.
China has the most active AI-specific biometric and facial recognition rule-making outside the EU:
- Provisions on Security Management of Facial Recognition Technology (effective 1 June 2025): require necessity assessment, alternatives provision, separate consent, security registrations for processors handling 100,000+ individuals' facial information, and prohibition of mandatory facial recognition for service access where alternatives are reasonably available.
- Interim Measures for the Management of Generative AI Services (effective 15 August 2023): apply to generative AI services accessible to the Chinese public, including those generating synthetic biometric content.
- AI Labelling Measures (effective 1 September 2025): require explicit and implicit labelling of AI-generated content, including synthetic faces and voices.
- Provisions on the Administration of Deep Synthesis Internet Information Services (effective 10 January 2023): regulate deepfakes and synthetic media including face-swapping and voice-cloning.
India: PDPA, Aadhaar, and the DPDPA
India's biometric law sits at the intersection of constitutional privacy doctrine, the Aadhaar identity system, and the new DPDPA framework.
Aadhaar and constitutional context
The Aadhaar system, operated by the Unique Identification Authority of India (UIDAI), is one of the world's largest biometric identity programmes, covering more than 1.3 billion enrolled residents using fingerprints, iris scans, and facial photographs. The Supreme Court of India's 2018 Puttaswamy II judgment (Justice K.S. Puttaswamy v. Union of India) upheld the constitutional validity of the Aadhaar Act with key conditions, including limitations on private-sector use and the requirement of proportionality and informational privacy safeguards.
DPDPA and DPDP Rules 2025
The Digital Personal Data Protection Act 2023 (DPDPA) applies to biometric data as personal data. The DPDP Rules 2025, notified by MeitY on 13 November 2025, are commencing in three phases through mid-2027. Where biometric data is processed by AI systems, the DPDPA's consent, purpose limitation, security, and data subject rights apply, alongside the Aadhaar-specific safeguards for any UIDAI-anchored processing.
Other jurisdictions
Brazil's LGPD classifies biometric data as sensitive personal data requiring specific bases for processing. The ANPD has issued guidance on facial recognition in public spaces and has acted in cases including the Hering store facial recognition matter.
UK GDPR mirrors EU GDPR's special category framing for biometric data. The UK ICO has issued specific guidance on facial recognition, and the Bridges v. South Wales Police case (2020) provided judicial guidance on police use of live facial recognition.
Singapore's PDPA treats biometric information as personal data requiring consent, with the PDPC's March 2024 Advisory Guidelines on AI Recommendation and Decision Systems clarifying obligations for AI systems including biometric AI.
Korea's PIPA classifies biometric data used for unique identification as sensitive personal information, with the AI Framework Act (effective 22 January 2026) adding specific obligations for high-impact AI that includes biometric applications in critical sectors.
Australia's Privacy Act 1988 treats biometric information as sensitive information requiring consent. The OAIC has acted against Clearview AI and the Bunnings facial recognition deployment, signalling active enforcement.
Persistent privacy concerns
Mass surveillance and chilling effects
Real-time biometric identification in public spaces raises persistent civil liberties concerns. The EU AI Act's Article 5(1)(h) addresses this directly through prohibition with narrow law enforcement exceptions, and the European Commission's February 2025 Guidelines on Prohibited AI Practices treat non-compliance with this provision as the most severe infringement of the Act.
Algorithmic accuracy and demographic disparities
Facial recognition error rates have been documented as materially higher for women, darker-skinned individuals, and certain age groups, with the NIST Face Recognition Vendor Test results consistently showing demographic differential performance even in current-generation systems. This intersects with anti-discrimination law (Title VII, ADA, ECOA, and equivalents internationally) and increases liability exposure for employment and credit decisions made with biometric AI.
Function creep and secondary use
Biometric data collected for one purpose (security access, payment authentication) can be repurposed for surveillance, marketing, or law enforcement queries unless purpose limitation is enforced. EU GDPR purpose limitation, the EU AI Act's intended-purpose framework, BIPA's retention and destruction policy requirements, and PIPL's necessity principles all address this from different angles.
Database security and irreversibility
Biometric template databases are high-value attack targets. Unlike passwords, compromised biometric data cannot be revoked, which is why most regimes require encryption at rest and in transit, strict access controls, and template protection technologies including cancellable biometrics and homomorphic encryption.
Untargeted scraping and existence of databases
The Clearview AI matter (built by scraping 30+ billion images from the web) attracted enforcement actions in multiple jurisdictions including Italy, France, Greece, the UK, the Netherlands, Australia, and Canada. The EU AI Act Article 5(1)(e) now explicitly prohibits this business model in the EU. Similar enforcement under GDPR principles continues elsewhere.
A practitioner's compliance plan
Step 1: Map biometric AI systems and data flows
Catalogue every biometric AI system in use, including identification, verification, categorization, and emotion recognition. Document the data flow: capture, processing, template storage, matching, and outputs. Map jurisdictions of data subjects and deployment locations. Document whether the system is provider-built or built in-house.
Step 2: Apply jurisdiction-specific prohibitions and high-risk obligations
For EU-touching deployments, screen against the four Article 5 prohibitions and assess high-risk classification under Annex III. For Illinois deployments, ensure BIPA notice, written release (electronic acceptable), retention/destruction policy, and disclosure restrictions. For China-touching deployments, apply PIPL plus the Facial Recognition Provisions, AI Labelling Measures, and Deep Synthesis Provisions as applicable. For India, address DPDPA plus Aadhaar Act safeguards where UIDAI-anchored.
Step 3: Build the biometric data lifecycle controls
Implement template protection (avoid storing raw biometric data; store irreversible templates instead). Use encryption at rest and in transit. Apply strict access controls and logging. Implement retention schedules with documented destruction procedures. Run periodic accuracy and demographic performance evaluations.
Step 4: Address demographic differential performance
Evaluate the AI system's performance across demographic groups using NIST FRVT methodology or equivalent. Document the evaluation. Where material disparities exist, either mitigate (retraining, threshold adjustment) or remove the use case. Adverse impact under Title VII or equivalent rules is a real risk for biometric AI in employment and lending.
Step 5: Plan for transparency and individual rights
Build clear notices for data subjects covering purpose, basis, retention, third-party sharing, and rights. Build technical infrastructure to handle access, correction, deletion, and objection requests for biometric data. Build incident response procedures including breach notification covering biometric template exposure. Anchor the programme on NIST AI RMF and ISO/IEC 42001 for international interoperability.
Compliance FAQ
Is using facial recognition for office access in the EU prohibited?
Not categorically. Office access typically involves biometric verification (one-to-one matching) rather than identification (one-to-many). Verification systems are not within the Article 5 prohibitions or the Annex III high-risk classification (subject to specific conditions). However, GDPR Article 9 still requires a valid Article 9(2) condition (typically explicit consent or employment-law obligation), DPIA under Article 35, and the broader privacy-by-design obligations.
Does Illinois BIPA still create class action risk after SB 2979?
Yes, but at a fundamentally lower exposure level. Under the post-2024 amendment, statutory damages are limited to one recovery per person per type of violation (collection, disclosure), rather than per scan. The April 2026 Seventh Circuit ruling in Clay v. Union Pacific applies the cap retroactively to pending cases. Companies operating in Illinois must still maintain BIPA-compliant notices, written releases, and retention policies, but exposure for past scanning practices is materially lower than under the pre-2024 per-scan model.
What is "real-time" remote biometric identification under the EU AI Act?
Real-time RBI involves capture and identification "without significant delay," typically within seconds or minutes of capture. "Post" RBI, where identification occurs after a significant delay (analysis of stored CCTV footage, for example), is not prohibited but is classified as high-risk under Annex III, with full obligations from 2 August 2026. The Article 5(1)(h) prohibition on real-time RBI applies to law enforcement use in publicly accessible spaces specifically; private-sector use cases face the high-risk regime instead.
Can I use emotion recognition for customer service or marketing?
Outside workplaces and educational institutions (where it is prohibited under Article 5(1)(f)), emotion recognition is currently classified as high-risk under Annex III. Full obligations apply from 2 August 2026. GDPR Article 9 lawful basis is also required if the processing involves biometric data uniquely identifying individuals. Many emotion recognition deployments raise scientific validity concerns, which can independently affect the lawful basis analysis.
How do biometric AI rules apply to a global SaaS deployment?
Each jurisdiction's rules apply to its residents independently. A SaaS biometric tool serving EU, US (Illinois included), Brazil, China, and India users simultaneously must satisfy GDPR plus AI Act, BIPA plus relevant US state laws, LGPD, PIPL plus China's AI-specific measures, and DPDPA plus Aadhaar safeguards. A single internal governance programme aligned with NIST AI RMF or ISO/IEC 42001, with jurisdiction-specific annexes, is the durable approach.
What about biometric AI in immigration and border control?
Most jurisdictions have specific exceptions or alternative regimes for state immigration use cases. The EU AI Act's Annex III classifies several immigration-related biometric uses as high-risk, but with specific carve-outs for systems used by competent authorities under Union or national law. Compliance for private-sector contractors supporting immigration biometric systems requires careful jurisdiction analysis.
The bottom line
Biometric AI is now one of the most heavily regulated areas of AI, and the regulatory direction is converging toward stronger protections rather than relaxation. The EU AI Act's prohibitions are operational, with high-risk obligations imminent. Illinois BIPA has been restructured but remains the leading US biometric statute. China has built an active AI-specific regime. India's DPDPA framework is rolling out. The practical implication for businesses is that biometric AI deployments require deeper compliance work than general AI deployments, and the tooling and documentation burdens are higher. Build governance programmes accordingly, prioritise template protection and demographic performance evaluation, document everything, and treat regulatory change as continuous rather than episodic. The technology is moving fast, but the regulators are no longer a step behind.
Last updated: April 2026. This article is educational content and is not legal advice. Biometric AI regulation continues to evolve rapidly across jurisdictions. Consult qualified counsel before making compliance decisions.