What is biometric data and how is it regulated in AI?
Privacy, security and identity
Biometric data is personal data about a person's physical, physiological or behavioural characteristics, such as a face, fingerprint, voice or gait, processed by technical means to identify them. Because it is hard to change and easy to abuse, it carries a special legal status. Under data protection law it is sensitive data when used to identify someone, and under the EU AI Act some biometric uses are banned outright while others are tightly controlled as high risk.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Biometric data is information about the body or behaviour that can single out one person from everyone else. The law's definition has three parts: the data relates to physical, physiological or behavioural characteristics; it has been put through specific technical processing; and the result can identify or confirm the identity of a person. A photograph or a voice recording on its own is not biometric data. It becomes biometric data when software measures it to produce a template that can match a person.
A key distinction runs through the whole field. Identification asks "who is this?" by comparing one sample against many stored records (one-to-many). Verification or authentication asks "are you who you claim to be?" by comparing one sample against one stored record (one-to-one), such as unlocking a phone. Remote identification goes further: it picks people out at a distance, often in public, without their active involvement. The more remote and the more one-to-many the use, the heavier the legal treatment.
Behavioural traits count too. Voice patterns, the way someone types (keystroke dynamics), how they walk (gait) and signature dynamics can all be biometric data when processed to identify a person. The legal trigger is purpose, not the body part involved.
Why it matters
Biometric data is treated as exceptionally sensitive for three connected reasons. First, it is permanent. You can change a password or a card if it leaks, but you cannot change your face or your fingerprints, so a breach creates a lasting risk of identity fraud. Second, it enables surveillance. Faces and gait can be captured at a distance, in bulk, without anyone noticing, which makes mass monitoring of public spaces technically possible in a way that older identifiers never allowed. Third, it can leak more than identity. A face or a voice can be analysed to infer ethnicity, health, emotional state or other sensitive traits, opening the door to discrimination.
These risks explain why both data protection law and AI-specific law single biometric data out for stronger rules than ordinary personal data, and why regulators treat remote identification in public as a red line.
How it works
The legal definition and the "unique identification" trigger
Under the UK and EU GDPR, biometric data is defined as personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a person, which allow or confirm their unique identification, such as facial images or fingerprint data. The crucial point is that biometric data only becomes special category data, the most protected tier, when it is processed for the purpose of uniquely identifying a person. The ICO uses the term "special category biometric data" for this. Not all biometric processing crosses that line: a system that estimates age or counts faces without identifying anyone may not be special category data, though it can still be high risk and may still reveal other sensitive information.
Identification versus verification, and remote versus one-to-one
The EU AI Act defines these concepts precisely. Biometric identification is the automated recognition of human features to establish identity by comparing a sample against a database. Biometric verification is automated one-to-one matching that confirms a person is who they claim to be. A remote biometric identification system identifies people without their active involvement, typically at a distance, by comparing them against a reference database. The EDPB has been clear that both identification and authentication involve special category biometric data, even though the risk profiles differ.
Special category status and conditions for processing
GDPR Article 9 prohibits processing special category data by default. To process biometric data for identification lawfully, an organisation needs both a lawful basis under Article 6 and a separate condition under Article 9, such as explicit consent or substantial public interest laid down in law. The two layers are cumulative. In practice, the ICO's biometric recognition guidance states that "under most circumstances, explicit consent will be the only valid Article 9 condition applicable for processing special category biometric data", and consent is frequently not valid where there is a power imbalance, for example between an employer and staff or a public authority and the public. The EDPB takes the position that consent in an employment relationship is generally presumed not to be freely given because of that imbalance.
The AI Act: prohibited biometric practices
Since 2 February 2025, the EU AI Act bans several biometric practices outright. These include real-time remote biometric identification in publicly accessible spaces for law enforcement, subject to narrow and exhaustively listed exceptions; building or expanding facial recognition databases through untargeted scraping of images from the internet or CCTV; inferring emotions in the workplace and in education, except for medical or safety reasons; and biometric categorisation that infers sensitive attributes such as race, political opinions, trade union membership, religion, sex life or sexual orientation.
The AI Act: high-risk biometric systems
Biometric uses that are not banned are mostly classified as high risk under Annex III. This covers remote biometric identification (excluding pure verification that only confirms a person is who they claim to be), biometric categorisation by sensitive or protected attributes, and emotion recognition, so far as their use is permitted by law. High-risk systems are not prohibited but face strict obligations on risk management, data governance, human oversight, transparency and conformity assessment. Most of these obligations apply from 2 August 2026.
Examples
Fingerprint time and attendance at work
An employer introduces fingerprint scanning to control building access or clock workers in. The ICO's guidance treats this as processing special category biometric data, which is high risk and requires a DPIA before it starts. Because consent must be freely given, the employer should offer an equally usable alternative, such as a swipe card, so staff can refuse without detriment. As the ICO puts it, "you must offer a suitable alternative, regardless of whether a power imbalance exists, if you are relying on consent", and notes this is "particularly an issue for public authorities and employers". Without such an alternative, consent is unlikely to be valid given the imbalance of power.
Facial recognition for building entry
The EDPB's video devices guidance gives the example of a controller using facial recognition for entry. To stay lawful, the system should be triggered by the individual, for instance by pressing a button, so that people who have not consented are not captured, and an alternative route must always be offered. A camera that scans everyone passing by, including non-consenting bystanders, processes their biometric data too.
Scraping faces from the internet
Clearview AI built a facial recognition database by scraping images from the web. Several European regulators found this unlawful under GDPR, including for processing special category biometric data without a valid basis. France's CNIL (decision of 17 October 2022), Italy's Garante (10 February 2022) and Greece's Hellenic DPA (13 July 2022) each imposed the maximum 20 million euro fine, and the Dutch Autoriteit Persoonsgegevens fined Clearview 30.5 million euros on 16 May 2024, the largest of the set, citing breach of Article 9(1) for processing biometric data of people in the Netherlands. The UK ICO's penalty of 7,552,800 pounds (issued 18 May 2022) was quashed by the First-tier Tribunal on jurisdictional grounds in October 2023, but the Upper Tribunal ruled in October 2025 that Clearview's processing does fall within the scope of UK GDPR and remitted the case; Clearview was later granted permission to appeal to the Court of Appeal, so the UK position is not finally settled. This kind of untargeted scraping is now also a prohibited practice under the EU AI Act. A recurring caveat is that these fines remain largely uncollected because Clearview has no EU or UK establishment or assets.
Common misunderstandings
"Any photo or voice recording is biometric data." No. A photograph or recording is ordinary personal data until it is processed by specific technical means to identify a person. GDPR Recital 51 confirms photographs are not automatically special category data.
"All face processing is identification." No. Counting faces, estimating age or detecting that a face is present is not the same as singling out a named individual. The legal trigger for special category status is processing for the purpose of unique identification.
"Consent always works as a legal basis." No. Explicit consent is often the only available condition, but it must be freely given. In employment and public-authority settings, the power imbalance frequently makes consent invalid, and an alternative must be offered.
"Biometrics only means fingerprints and faces." No. Behavioural traits such as voice, gait and keystroke dynamics are biometric data when processed to identify someone.
"Verification and identification are the same thing." No. Verification is one-to-one matching against your own claimed identity; identification is one-to-many matching against a database. The AI Act and data protection regulators treat them differently, with remote one-to-many identification facing the heaviest controls.
Risks and boundaries
The central risks are permanence, surveillance and inference. Because biometric identifiers cannot be reset, security failures are serious and breach risk must be managed by design. Remote identification raises the prospect of mass surveillance and chilling effects on free assembly, which is why the AI Act and the EDPB treat real-time remote identification in public as a near-total red line. Inference risk means even non-identifying biometric processing can produce sensitive conclusions about health, ethnicity or beliefs.
The boundary of the law is set by purpose and context. Data protection law applies wherever biometric data is processed and bites hardest when the purpose is unique identification. The AI Act adds a second layer focused on the system and its use: some uses are banned, many are high risk, and a few, such as pure one-to-one verification, sit outside the high-risk category. The two regimes apply at the same time; the AI Act does not replace data protection law. This page covers biometric data and identification, not the separate questions of synthetic media generation.
What to do next
Start by mapping where your organisation captures or processes physical, physiological or behavioural characteristics, and ask whether the purpose is unique identification. If it is, you are likely processing special category data and an AI-regulated system. Run a DPIA before deployment; the ICO advises that the use of biometric recognition systems will, under almost all circumstances, require a mandatory DPIA, because such processing involves both special category data and, often, large-scale systematic monitoring. Identify both your Article 6 lawful basis and your Article 9 condition, and do not assume consent is valid, especially for staff or the public. Offer a genuine, equally usable alternative wherever you rely on consent. Apply data minimisation and strong security to templates, and delete them when the purpose ends.
For AI-specific exposure, check whether any use could be a prohibited practice (for example emotion recognition at work, untargeted scraping, or sensitive-attribute categorisation), and stop it if so. For non-banned biometric identification or categorisation, prepare for high-risk obligations. Benchmarks that should change your plan: if a regulator or court rules that your specific use is disproportionate, or if you cannot offer a real alternative to consent, or if enforcement guidance tightens, pause and re-scope to a less intrusive method. Treat fast-moving prohibitions and enforcement as current and verify the latest position before launch.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Is a photo of my face biometric data?
Not by itself. A photograph becomes biometric data only when it is processed by specific technical means, such as facial recognition software that creates a template capable of identifying you. GDPR Recital 51 says photographs are not automatically special category data.
What is the difference between identification and verification?
Identification compares your biometric sample against many records to work out who you are (one-to-many). Verification compares it against a single record to confirm you are who you claim to be (one-to-one), like unlocking a phone. Remote one-to-many identification faces the strictest rules.
Does behavioural data like typing or walking count as biometric data?
Yes, if it is processed to identify a person. Voice, gait, keystroke dynamics and signature dynamics are behavioural biometrics and can be special category data when used for unique identification.
When is biometric data "special category" data?
Only when it is processed for the purpose of uniquely identifying a natural person. Biometric processing that does not identify anyone, such as simple face counting, may fall outside special category status, although it may still be high risk or reveal other sensitive data.
Can I just rely on consent to process biometric data?
Often you need explicit consent, but it must be freely given. The ICO says explicit consent will usually be the only valid Article 9 condition, yet in workplaces and public services the power imbalance frequently makes consent invalid, so you must offer an equally usable alternative.
What does the EU AI Act ban?
Among biometric practices, it bans real-time remote biometric identification in public for law enforcement (with narrow exceptions), untargeted scraping of facial images to build databases, emotion recognition at work and in education (except medical or safety uses), and biometric categorisation that infers sensitive attributes. These bans apply from 2 February 2025.
Is facial recognition for unlocking my phone high risk under the AI Act?
Generally no. Pure one-to-one verification that only confirms you are who you claim to be is excluded from the high-risk biometric identification category. One-to-many identification and categorisation systems are the ones treated as high risk.
Do data protection law and the AI Act both apply?
Yes. They run in parallel. The AI Act regulates the system and its use, while data protection law governs the processing of personal data. Meeting one does not discharge the other.