Responsible AI Platform
Annex III point 1High-risk domain

Biometrics under Annex III point 1

For organisations that need to classify biometric AI without mixing up prohibited practices, high-risk rules and privacy risk.

The Commission guidelines treat biometrics as a separate high-risk area with three routes: remote biometric identification, biometric categorisation and emotion recognition. The first question is whether Article 5 prohibits the system, and only then whether Annex III point 1 makes it high-risk.

Scope according to the guidelines

The 19 May 2026 draft guidelines cover point 1(a), 1(b) and 1(c), with strong attention to context, purpose, consent, real-time use and exceptions.

Classification question

Can this biometric system be used at all, or does Article 5 need to be checked first?

Read Article 6 classification rulesOpen Annex III legal textUse the Annex III classifier

Use case guidance

Point 1(a)

Remote biometric identification

AI systems that identify natural persons remotely based on biometric data.

Point 1(b)

Biometric categorisation

Systems that categorise persons using biometric data, with a strict boundary against prohibited practices.

Point 1(c)

Emotion recognition

AI systems that infer emotions or intentions, with special attention to work and education where prohibitions may apply.

What to document

Intended purpose and context of use.
Why Article 6(2) and Annex III do or do not apply.
Whether the Article 6(3) filter may apply, and whether profiling blocks it.
Which provider and deployer obligations are triggered.

Biometrics classification check

Have a biometric AI use case reviewed against Article 5, Annex III point 1, GDPR and required safeguards.

Schedule intakeExpert page