Impact of the Artificial Intelligence AI Act on biometric recognition

Few topics have sparked as much interest and debate over the past year as artificial intelligence (AI), especially with the rise of Large Language Models and generative AI. AI’s vast potential to transform industries has been met with equal parts wonder and caution. In this vein, the European Union’s provisional agreement on the world’s first AI Act, expected to be ratified by Member States by late 2026, represents a crucial milestone, not just in tech regulation but also in how we perceive and utilise AI.

This pioneering legislation is more than a legal document. It signifies the growing importance of AI in our lives and the need for a framework guiding its responsible development and application. The law seeks to balance AI’s benefits with the ethical and privacy challenges it poses, heralding an era of conscious, regulated innovation.

European AI Act Legislation

The AI law focuses on key areas. Firstly, it prioritises consumer and user protection. As a potent technology, AI has the potential for misuse or unintended effects. The AI legislation aims to minimise these risks by setting strict standards for AI systems’ development and implementation.

Secondly, the law promotes responsible innovation. Recognising AI as a driver for economic and technological future, it seeks to create an environment where innovators and developers can safely and ethically explore AI’s potential.

Lastly, ethics form a core pillar of this future legislation. AI raises unique questions about privacy, autonomy, and data usage. The law addresses these issues, ensuring AI develops and applies in a way that respects human rights and dignity.

Our products, including deep-learning-based solutions like MobbScan and MobbID, already reflect a commitment to security, privacy, and usability. The new law presents an opportunity to elevate these solutions, aligning them with the highest ethical and security norms and reaffirming our commitment to data protection and user privacy.

AI Law development

The EU’s first global AI law arises in response to AI’s growing ubiquity in all modern life aspects. This legislation isn’t just a set of restrictions; it’s a guide towards responsible AI adoption. Therefore, its goal is to foster trust in technology-based solutions, setting clear limits and responsibilities for AI system developers and users.

Key points of the EU’s AI Law

1. Risk categorisation (risk-based approach): The law categorises AI systems into different risk levels, from low to high, defining specific rules and protocols for each category. This ensures that high-risk applications, like public facial recognition, are subject to stricter controls. There are other classifications, such as prohibited and low-risk.
2. Transparency and accountability: The law mandates that AI systems be transparent and explainable. Users must be aware when interacting with AI and understand how decisions are made.
3. Data protection and privacy: A fundamental pillar of the law is privacy and personal data protection. AI must develop and use in a way that safeguards personal information and complies with existing regulations like GDPR.
4. Supervision and compliance: The law establishes a framework for AI systems’ continuous oversight, including regular audits and adherence to ethical and legal standards.

For certain AI uses, risk is deemed unacceptable, leading to their EU-wide ban. The provisional agreement prohibits, for example, cognitive behavioural manipulation, indiscriminate scrapping of facial images from the internet or CCTV footage, emotion recognition in workplaces and educational institutions, social scoring, biometric categorisation inferring sensitive data like sexual orientation or religious beliefs, and certain predictive policing cases.

Implications for Biometric Recognition

Biometric recognition, especially facial recognition in public spaces, is significantly impacted by this law. Given its unique ability to identify and verify individuals, facial recognition is a powerful identification tool, but it brings considerable privacy and misuse concerns.

The AI law imposes strict restrictions on where and how facial recognition can be used, especially in public spaces, demanding that any use of this technology be justified and proportional in line with various privacy regulations.

The imposed regulations significantly impact how biometric recognition technologies must develop, presenting unique challenges but also opening new opportunities.

Challenges for biometric recognition

• Facial recognition constraints: Legislation imposes restrictions on the use of facial recognition in public spaces, presenting challenges for applications reliant on this technology. Both private companies and public bodies must reassess how and where these systems are implemented to comply with regulations.
• Privacy compliance: Upholding individual privacy and protecting personal data are paramount. Biometric solutions must ensure that the collection and processing of biometric data are conducted securely.
• Transparency and consent: The law demands greater transparency in AI systems. This means users must be fully informed and give their consent before their biometric data is used.

Opportunities for innovation

• Development of ethical technologies: The legislation encourages the development of biometric technologies that respect ethical and privacy principles. This opens avenues for innovations that consider ethical considerations from their inception and design.
• Creation of tailored solutions: The diversity of compliance needs drives the creation of customized biometric solutions, adapted to different contexts and legal requirements.
• User trust and acceptance: By adhering to strict regulations, companies can foster greater trust and acceptance among users, crucial for the broader expansion and adoption of biometric technologies.

At Mobbeel, we understand that complying with these new regulations is not just a legal obligation but also an opportunity to reaffirm our commitment to responsible innovation. Our biometric recognition solutions are already conceived and designed with a strong focus on security and privacy, and the AI legislation challenges us to continue improving our technologies, ensuring they are not only advanced but also ethically robust and socially responsible.

Potential fines and sanctions under the EU AI Act

The new law not only sets guidelines and restrictions for AI use but also defines a rigorous framework of sanctions to ensure compliance.

Fines for breaches of the AI Law are set as a percentage of the offending company’s global annual turnover in the last fiscal year or a predetermined amount, whichever is higher. This would be 35 million euros or 7% for violations of prohibited AI applications, 15 million euros or 3% for breaches of AI law obligations, and 7.5 million euros or 1.5% for providing incorrect information.

However, the provisional agreement sets more proportionate limits on administrative fines for SMEs and startups in case of breaches of the AI Law provisions.

What will be the impact on the industry and market of the new AI Act Law?

Uncertainty, much noise, and lack of knowledge. All these ingredients have led many individuals and companies to fear the uncontrolled evolution of these technologies. In the collective imagination, movies like The Matrix or Terminator appear, where humanity is surpassed and attacked by a general artificial intelligence capable of subjugating the entire species.

As we have mentioned, one of the main objectives of the law is to provide confidence to consumers and expand the acceptance of the use of these solutions in the market. Regulatory compliance and a more ethical approach can undoubtedly increase consumer trust and acceptance, a crucial aspect for sustainable long-term growth in the digital identity industry.

Investment in Research and Development versus legislative braking

The approach to AI development among different countries highlights variations in investment strategies, research and development focuses, and government policies. Trends suggest that the USA and China are leading in terms of investment and development, while the EU, despite its efforts, remains a smaller yet significant player in the global AI landscape.

In this sense, there are many critical voices inside and outside the European Union highlighting that while countries like the USA or China invest and promote AI through technology development plans, Europe lags not only in terms of investment but also in hindering innovation through regulation of future technological advances in AI.

Meanwhile, our commitment is to embrace this change to continue being leaders in the development of digital identity solutions. For this, we continue to bet on innovation as the axis of our vision, but with an approach of conscious innovation, where each new development is in line with ethical principles and privacy.

Additionally, our agility and flexibility allow us to adapt to each regulatory change, enabling us to be a benchmark in regulatory compliance and through it, establish Mobbeel as a trusted and credible brand in the digital identity industry.

A model for other no European countries 

The global discussion on AI regulation extends far beyond the borders of Europe. Countries worldwide are recognising the imperative to establish regulatory frameworks governing the use of this technology. The EU’s AI Act stands as a potential blueprint for many nations striving to strike a balance between innovation and ethical concerns. The EU is setting a precedent that others are poised to imitate.

For instance, Australia is creating AI laws, too, so the European AI Act can act as a reference for them.

The EU’s vision and approach possess the potential to inspire other nations to tread a similar path, customising and adopting similar measures.

Conclusions: navigating in the era of regulated artificial intelligence

The world’s first Artificial Intelligence law marks a turning point in how technology, especially that related to biometric recognition through video cameras (surveillance) in public spaces, is perceived and regulated globally. This pioneering legislation not only sets limits and standards but also opens a path towards a more ethical era of AI innovation, establishing a framework for the sustainable growth of digital identity technologies.

Contact us if you would like to incorporate a state-of-the-art identity verification system capable of detecting identity fraud.