a hand presenting the new EU AI Act with a lock and a circle of stars representing the EU

EU Strengthens AI Regulations and Targets Deepfakes Amid Rising Concerns

How does BioID comply with AI Regulations?

Nuremberg, Germany – June 03rd, 2024Taking a proactive stance, the EU has implemented stringent measures aimed at regulating artificial intelligence (AI) systems, including the realm of deepfakes, through its recent enactment of the AI Act.

Amid rising concerns surrounding the rise of deepfake technology and its potential implications for democratic processes and public trust, the European Union (EU) has escalated its efforts to tackle this emerging threat head-on – achieving a significant milestone in AI regulation.

BioID’s systems are deeply rooted in artificial intelligence, making the AI Act highly relevant to our operations. We employ sophisticated AI algorithms to provide reliable biometric authentication and prevent identity fraud. The EU AI Act aligns perfectly with our mission to prevent the abuse of deepfake technology. Given the Act’s emphasis on transparency and accountability, we need to highlight how we manage our data.

But first let us dive into the main aspects of the EU AI Act:

The EU AI Act is a comprehensive legislative framework proposed by the European Union aimed at regulating artificial intelligence technologies. It seeks to ensure that AI systems used in the EU are safe, transparent, and respect fundamental rights. The Act classifies AI systems into different categories based on their risk levels and imposes corresponding requirements.

Here are the main Aspects of the EU AI Act:

  1. Risk-Based Classification of AI Systems:
    • Unacceptable Risk: AI systems that threaten safety, livelihoods, and rights are banned. Examples include social scoring by governments and certain types of open biometric surveillance such as in mass reading of facial images.
    • High Risk: AI systems used in critical sectors such as healthcare, transportation, law enforcement, and employment.
    • Limited Risk: AI systems with specific transparency obligations, such as chatbots and biometric categorization systems.
    • Minimal Risk: Most AI systems are subject to minimal requirements.
  2. Governance and Oversight:
    • Establishment of national competent authorities and creation of an EU-wide AI Board to oversee compliance with the AI Act.
  3. Transparency and Accountability:
    • Requirements for transparency in AI system operations, ensuring users are aware they are interacting with AI.
    • Documentation and record-keeping obligations for high-risk AI systems to enable compliance checks.
  4. Data Quality and Management:
    • Ensuring the quality and integrity of datasets (fair & minimum bias) used for training high-risk AI systems.
  5. Human Oversight:
    • Mandatory human oversight mechanisms for high-risk AI systems to ensure that critical decisions are not solely made by AI.

The AI Act therefore aims to ban certain applications such as surveillance, scoring and reward systems, which we know from some parts of the world. In other words, it is not about stigmatizing a single technology, but rather certain applications incompatible with our western image of humanity in a liberal society.

Aspects of the EU AI Act Regarding Deepfakes

Deepfakes, which are AI-generated synthetic media that can convincingly alter or fabricate content, are addressed specifically under the EU AI Act due to their potential risks. The main provisions regarding deepfakes include:

  1. Transparency Obligations:
    • Developers and users of deepfake technologies are required to clearly disclose that the content is AI-generated. This is aimed at preventing misinformation and ensuring that audiences are aware of the artificial nature of the content they are viewing.
    • Labelling of AI content is mandatory/suggested by classification and watermarking of deepfakes.
  2. High-Risk Classification:
    • Deepfakes used in contexts that can significantly impact individuals’ rights or society (e.g., political manipulation, defamation) may be classified as high-risk and thus subject to stricter regulatory requirements.
  3. Accountability and Traceability:
    • Traceability and accountability in the creation and dissemination of deepfakes is to be ensured. This involves maintaining records of the processes and data used to generate deepfakes, enabling authorities to track their origins if necessary
  4. Prohibited Uses:
    • Certain malicious uses of deepfakes, such as those intended for social scoring or illegal surveillance, are prohibited under the Act’s unacceptable risk category.

Deepfakes pose a serious threat to the integrity of digital identities, and BioID’s advanced mechanisms are designed to detect and recognize these malicious manipulations. This aligns with the goals of the EU AI Act, which seeks to regulate AI systems and protect against harmful uses of technology like deepfakes.

Overall, the EU AI Act aims to create a balanced regulatory environment that fosters innovation while protecting societal interests. It places particular emphasis on high-risk AI applications, including deepfakes, to prevent misuse and ensure ethical AI development and deployment.

The EU’s approach to deepfake regulation under the AI Act is characterized by a focus on transparency, accountability, and adherence to legal frameworks, ensuring AI systems are used responsibly and ethically. Unlike imposing blanket bans, the Act adopts a nuanced approach.

Transparency – a key principle of the AI Act – requires creators of deepfakes to clearly state that their content is artificial and explain how it was made. This rule is intended to help people recognize when they are seeing AI-generated content, reducing the risk of manipulation and disinformation. However, there are still concerns about whether these disclosure requirements will be enough to stop the harmful use of deepfakes.


Here are BioID’s Key efforts in Line with the Goals of the EU AI Act:

  1. AI-Based Deepfake Detection:
    • BioID employs sophisticated AI technologies to identify and flag deepfakes. This proactive approach helps in mitigating the risks associated with manipulated content, ensuring that users are protected from misinformation and fraudulent activities.
  2. Data Handling & Privacy:
    • BioID places a strong emphasis on data privacy and security. All data processed by BioID systems are subject to randomized manual review, ensuring accuracy and compliance with data protection standards. Additionally, any decisions made by the AI systems can be manually checked to maintain a high level of reliability and trustworthiness.
  3. Explainability & Transparency:
    • In BioID’s FAKE-ID research project, enhancing the explainability of deepfake detection systems is a central task. This means that users can understand how and why a particular piece of content was flagged as a (deep-)fake, fostering greater transparency and confidence in the technology.
  1. Relevance to AI Regulation:
    • BioID’s efforts are directly relevant to the EU AI Act’s objectives. By implementing robust AI-based detection methods and ensuring data integrity and explainability, BioID contributes to the broader goal of responsible and ethical AI usage. This not only helps in combating deepfakes but also supports the development of trustworthy AI systems.

Making Deepfakes Illegal: A Debate-worthy Proposal

The idea of making deepfakes illegal for users has gained attention, with supporters saying criminal penalties can prevent fraud and harmful content. However, this raises issues about protecting free speech, privacy, and encouraging innovation.

To tackle deepfake challenges, policymakers need strong enforcement and global cooperation. Additionally, improving public digital literacy and critical thinking is crucial for helping people recognize fake content.

BioID – Using AI Responsibly

In alignment with the EU Act, BioID proactively distinguishes itself from extensive surveillance practices. We are committed to utilizing facial recognition technology for ethical and beneficial purposes exclusively, adhering to strict privacy standards and regulatory frameworks set forth by the EU. Our approach prioritizes transparency, accountability, and the protection of individual rights, ensuring that our solutions are deployed responsibly and with respect for privacy. By emphasizing the lawful and ethical use of facial recognition and deepfake detection technology, we aim to foster trust and confidence among our users while contributing to the advancement of innovative yet responsible biometric solutions.

Data Privacy and GDPR Compliance at BioID

Additionally, BioID remains compliant with the German and European Union (EU) data protection act, particularly the General Data Protection Regulation (GDPR).

Article 5 of GDPR covers principles for processing personal data. Clause (e) limits data storage, while clause (f) relates to integrity and confidentiality. Article 25 addresses “data protection by design and default,” and article 32 deals with security of processing. The BioID Web Service (BWS) – is an established infrastructure for the security, privacy, and integrity of online data. By combining various components of data safety, like legally compliant and customer-specific data centers, private clouds, anonymous authentication processes, and our world-class patented liveness detection, BioID enables entrusted personal privacy protection for online service providers using biometrics.

To safeguard our customers’ data, we employ a zero-footprint biometric operation or on-demand approach that complies with GDPR guidelines.

To Sum Up

BioID’s innovative solutions are crucial in the fight against deepfake abuse. By leveraging AI technology, ensuring rigorous data handling, and enhancing system explainability, BioID aligns with and supports the EU AI Act’s mission to safeguard digital environments from the risks posed by advanced AI technologies.

BioID is offering a free deepfake detection test tool via its Playground: Playground Overview

For more information about BioID Deepfake Detection and how it can help protect your organization against the threat of digitally manipulated media, visit our Deepfake Detection Software – New in 2024 ✔️ BioID

Learn more about Biometrics and Privacy here: Data Privacy

For more information about the EU AI Act visit the official site here: The Act Texts | EU Artificial Intelligence Act