Newsletter
Exclusive expert tips, customer stories and more.
New EU guidelines on prohibited AI practices under the EU AI Act
Since 2 February 2025, the bans on certain AI practices under the European AI Regulation (EU AI Act) have finally come into force. In particular, applications deemed unacceptable due to their potential risks to European values and fundamental rights are affected. In order to provide greater legal clarity, the EU Commission has now published guidelines to clarify the interpretation of these prohibitions. Our article provides an overview of the new guidelines – with a particular focus on CCTV, video security technology and biometric facial recognition.
Key points at a glance:
- EU Commission publishes guidelines on prohibited artificial intelligence (AI) practices under the AI Act
- Official EU Commission announcement
- See 140 page PDF
- Thanks to Dallmeier research and pre-selection, see only chapters related to CCTV, video security technology, biometric facial recognition
Background information:
- The AI Act follows a risk-based approach and classifies AI systems into four different risk categories, one of which consists of AI practices that pose unacceptable risks to fundamental rights and values of the Union and are prohibited under Article 5 of the AI Act.
- The draft guidelines aim to provide greater legal clarity and insight into the Commission's interpretation of the prohibitions in Article 5 of the AI Act, in order to ensure their harmonised application.
- Such clarity is essential for providers and operators of AI systems, as the prohibitions will apply directly from 2 February 2025.
Chapter on CCTV, video security technology, biometric facial recognition:
- Prohibitions under the AI Act / AI Regulation (original text):
Article 5(1)(e)
the placing on the market, the putting into service for this specific purpose, or the use of AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage;
Article 5(1)(h)
the use of “real-time” remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement, unless and in so far as such use is strictly necessary for one of the following objectives:
(i) the targeted search for specific victims of abduction, trafficking in human beings or sexual exploitation of human beings, as well as the search for missing persons;
(ii) the prevention of a specific, substantial and imminent threat to the life or physical safety of natural persons or a genuine and present or genuine and foreseeable threat of a terrorist attack;
(iii) the localisation or identification of a person suspected of having committed a criminal offence…
- Explanations in the draft guidelines:
Chapter 6, page 77:
6. Article 5(1)(e) AI Act – untargeted scraping of facial images
Facial recognition databases
Through untargeted scraping of facial images
From the Internet and CCTV footage
Chapter 9, page 95:
Article 5(1)(h) AI Act – Real-time Remote Biometric Identification (RBI) Systems for Law Enforcement Purposes
Further information:
- You can find more information on this in our previous blog article: Video security technology and biometric facial recognition under new EU AI Act (“AI Regulation”)
- Info and download of “CRITIS Practical Guide to Video Technology”
