AI Acts’ ripple effect on biometric data: harmonising or fragmenting the regulation of biometric data

The integration of biometric technologies into a myriad of sectors, from electronic authentication systems like FaceID to border control mechanisms, signifies a leap towards enhancing security and convenience. However, their integration poses a host of legal and ethical risks. The EU has introduced multiple regulations to address the widespread use of biometrics in both public and private domains. To begin with, the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED) introduced provisions targeting biometric data processing, while their definition of biometric data remains ambiguous. The Schengen Information System (SIS), the European Digital Identity (eIDAS) and the Payment Services Directive (PSDII) use other terminology to refer to biometric data. The latest development in biometric regulation is the introduction of the Artificial Intelligence Act (AIA), which establishes new definitions and requirements for processing biometric data. This contribution discusses the potential impact of the AIA on the regulation of biometric data, which is currently regulated by a scattered regulatory framework, causing diverging interpretations and legal uncertainty. Our study initially explains the current legal landscape that governs biometric data. Following this, we delve into the new definitions introduced during the negotiations in the adoption process of the AIA proposal. We eventually discuss the potential of the AIA to overcome the challenges posed by this emerging complex biometric law.