Hungary’s Biometric Surveillance Laws and the AI Act
In recent developments, Hungary has enacted new biometric surveillance laws that significantly expand the use of facial recognition technology (FRT). These changes have raised serious concerns regarding their compliance with the EU Artificial Intelligence Act (AI Act) and the protection of fundamental rights.
Dramatic Expansion of Facial Recognition Technology
In March 2025, the Hungarian Parliament rushed through three amendments aimed at criminalizing LGBTQAI+ demonstrations while simultaneously enhancing biometric surveillance capabilities. These amendments, which came into effect on April 15, have broadened the application of FRT in Hungary to include minor infractions and peaceful assemblies, such as Budapest Pride.
The Civil Liberties Union for Europe, along with other organizations, argue that this expanded use of FRT to track individuals attending banned events and to monitor minor infractions violates both the AI Act and the Charter of Fundamental Rights of the EU.
What Has Changed in Hungary?
The recent amendments allow the Hungarian police to employ FRT across all types of infractions, not just serious offenses. Previously, FRT was permissible only in cases punishable by custodial sentences, which were primarily serious crimes. Now, the police can utilize FRT to identify individuals at peaceful protests or even for minor violations, such as jaywalking.
This expanded surveillance framework heavily relies on video footage, often captured during public demonstrations, thereby raising significant human rights concerns.
Understanding Real-Time Biometric Identification
The EU AI Act, adopted in 2024, places strict limitations on the use of real-time remote biometric identification (RBI) in public spaces by law enforcement agencies. RBI involves the identification of individuals as they navigate public areas, often without their awareness or consent.
This form of surveillance is deemed deeply intrusive, instilling a sense of constant monitoring that can deter individuals from exercising their rights, including participation in protests or public demonstrations.
According to Article 5(1)(h) of the AI Act, real-time biometric surveillance is prohibited except in narrowly defined circumstances, such as locating victims of serious crimes or averting imminent threats, all of which require strict procedural adherence.
Violation of the AI Act
Despite employing still images from CCTV, Hungary’s system allows for automatic comparisons with government databases to identify individuals in real-time during infraction proceedings. This capability affords the Hungarian police direct access to systems designed for rapid identification, particularly during protests.
As per the AI Act, any system that generates identification quickly enough to influence behavior during public events is considered “real-time.” The Hungarian system clearly fits this definition, as it facilitates the identification of individuals during protests, thus violating the prohibitions established by the AI Act.
While retrospective facial recognition is classified as a high-risk use case, it is the real-time aspect of this surveillance that poses significant legal and ethical challenges.
Impact on Rights and Freedoms
The implementation of FRT in Hungary poses a considerable risk to fundamental rights, particularly freedom of assembly and freedom of expression. The knowledge that individuals might be scanned, identified, and penalized for participating in peaceful protests could lead many to abstain from attending such gatherings.
This phenomenon, known as the “chilling effect,” contradicts the intentions of both the AI Act and the EU Charter, which aim to protect individual rights and freedoms. By endorsing real-time biometric surveillance for low-level infractions, Hungary undermines the principles of EU law.
Recommendations for Action
The new legislation in Hungary permits surveillance of individuals engaged in peaceful protests and minor infractions, which fundamentally contradicts the AI Act. The allowance of such AI applications threatens free speech, public participation, and overall trust in democratic processes.
It is imperative for the EU to rigorously scrutinize this legislation. The establishment of a new AI Office within the European Commission, tasked with safeguarding individuals against AI-related risks, must ensure that protective measures are upheld. This situation transcends national borders; how the EU responds will be closely monitored by policymakers and citizens globally.
This case serves as a critical test for the EU’s commitment to enforcing its AI regulations and protecting the rights of individuals within its jurisdiction.
