Impact of the Artificial Intelligence AI Act on biometric recognition

Few topics have sparked as much interest and debate over the past year as artificial intelligence (AI), especially with the rise of Large Language Models and generative AI. AI’s vast potential to transform industries has been met with equal parts wonder and caution. In this vein, the European Union’s provisional agreement on the world’s first AI Act, expected to be ratified by Member States by late 2026, represents a crucial milestone, not just in tech regulation but also in how we perceive and utilise AI.

This pioneering legislation is more than a legal document. It signifies the growing importance of AI in our lives and the need for a framework guiding its responsible development and application. The law seeks to balance AI’s benefits with the ethical and privacy challenges it poses, heralding an era of conscious, regulated innovation.

European AI Act Legislation

The AI law focuses on key areas. Firstly, it prioritises consumer and user protection. As a potent technology, AI has the potential for misuse or unintended effects. AI legislation aims to minimise these risks by setting strict standards for the development and implementation of AI systems.

Secondly, the law promotes responsible innovation. Recognising AI as a driver for the economic and technological future, it seeks to create an environment where innovators and developers can safely and ethically explore AI’s potential.

Lastly, ethics form a core pillar of this future legislation. AI raises unique questions about privacy, autonomy, and data usage. The law addresses these issues, ensuring AI develops and applies in a way that respects human rights and dignity.

Our products, including deep-learning-based solutions like MobbScan and MobbID, already reflect a commitment to security, privacy, and usability. The new law presents an opportunity to elevate these solutions, aligning them with the highest ethical and security norms and reaffirming our commitment to data protection and user privacy.

AI Law development

The EU’s first global AI law arose in response to AI’s growing ubiquity in all modern life aspects. This legislation isn’t just a set of restrictions; it’s a guide towards responsible AI adoption. Therefore, its goal is to foster trust in technology-based solutions, setting clear limits and responsibilities for AI system developers and users.

Key points of the EU’s AI Law

1. Risk categorisation (risk-based approach): The law categorises AI systems into different risk levels, from low to high, defining specific rules and protocols for each category. This ensures that high-risk applications, like public facial recognition, are subject to stricter controls. There are other classifications, such as prohibited and low-risk.
2. Transparency and accountability: The law mandates that AI systems be transparent and explainable. Users must be aware when interacting with AI and understand how decisions are made.
3. Data protection and privacy: A fundamental pillar of the law is privacy and personal data protection. AI must be developed and used in a way that safeguards personal information and complies with existing regulations like GDPR.
4. Supervision and compliance: The law establishes a framework for AI systems’ continuous oversight, including regular audits and adherence to ethical and legal standards.

For certain AI uses, the risk is deemed unacceptable, leading to their EU-wide ban. The provisional agreement prohibits, for example, cognitive behavioural manipulation, indiscriminate scrapping of facial images from the internet or CCTV footage, emotion recognition in workplaces and educational institutions, social scoring, biometric categorisation inferring sensitive data like sexual orientation or religious beliefs, and certain predictive policing cases.

Implications for Biometric Recognition

Biometric recognition, especially facial recognition in public spaces, is significantly impacted by this law. Given its unique ability to identify and verify individuals, facial recognition is a powerful identification tool, but it brings considerable privacy and misuse concerns.

The AI law imposes strict restrictions on where and how facial recognition can be used, especially in public spaces, demanding that any use of this technology be justified and proportional in line with various privacy regulations.

The imposed regulations significantly impact how biometric recognition technologies must develop, presenting unique challenges but also opening new opportunities.

Potential fines and sanctions under the EU AI Act

The new law not only sets guidelines and restrictions for AI use but also defines a rigorous framework of sanctions to ensure compliance.

Fines for breaches of the AI Law are set as a percentage of the offending company’s global annual turnover in the last fiscal year or a predetermined amount, whichever is higher. This would be 35 million euros or 7% for violations of prohibited AI applications, 15 million euros or 3% for breaches of AI law obligations, and 7.5 million euros or 1.5% for providing incorrect information.

However, the provisional agreement sets more proportionate limits on administrative fines for SMEs and startups in case of breaches of the AI Law provisions.

What will be the impact of the new AI Act Law on the industry and market?

Uncertainty, much noise, and lack of knowledge. All these ingredients have led many individuals and companies to fear the uncontrolled evolution of these technologies. In the collective imagination, movies like The Matrix or Terminator appear, where humanity is surpassed and attacked by a general artificial intelligence capable of subjugating the entire species.

As we have mentioned, one of the main objectives of the law is to provide confidence to consumers and expand the acceptance of the use of these solutions in the market. Regulatory compliance and a more ethical approach can undoubtedly increase consumer trust and acceptance, a crucial aspect for sustainable long-term growth in the digital identity industry.

Investment in Research and Development versus legislative braking

The approach to AI development among different countries highlights variations in investment strategies, research and development focus, and government policies. Trends suggest that the USA and China are leading in terms of investment and development, while the EU, despite its efforts, remains a smaller yet significant player in the global AI landscape.

In this sense, there are many critical voices inside and outside the European Union highlighting that while countries like the USA or China invest and promote AI through technology development plans, Europe lags not only in terms of investment but also in hindering innovation through regulation of future technological advances in AI.

Possibly, virtue lies in balance, and that is precisely the goal of the new AI Act: to allow the development of technology that respects and protects our rights and privacy. Only time will tell if it achieves its objective.

Meanwhile, our commitment is to embrace this change to continue being leaders in the development of digital identity solutions. For this, we continue to bet on innovation as the axis of our vision, but with an approach of conscious innovation, where each new development is in line with ethical principles and privacy.

Additionally, our agility and flexibility allow us to adapt to each regulatory change, enabling us to be a benchmark in regulatory compliance and, through it, establish Mobbeel as a trusted and credible brand in the digital identity industry.

Next up: A model for other no European countries

Ready for more? Follow the rest of this article on Mobbeel's blog>.