Facial recognition compliant with the European Union’s AI Act is a step closer to deployment to public spaces on the continent, following Herta’s completion of an Artificial Intelligence Sandbox run by the Government of Spain.
Herta participated in a Sandbox ran from May 2025 to June 2026, run by the State Secretariat for Digitalisation and Artificial Intelligence, with its BioSurveillence software.
Herta CEO Javier Rodríguez tells Biometric Update in an email that rather than marking the end of facial recognition in Europe, the AI Act “should be understood as the beginning of a more mature, responsible and trustworthy market.”
The Sandbox, he explains, “was created precisely to help companies test, assess and adapt high-risk AI systems in line with the requirements of the EU AI Act.”
“Completing the European Union’s first Artificial Intelligence Sandbox is a strategic milestone for Herta,” says Rodríguez in the company announcement. “It demonstrates that it is possible to develop and deploy facial recognition technology from Europe with the highest legal, technical and ethical safeguards.”
The 14-month process was highly valuable to the company, according to Rodríguez, as the highly-controlled environment allowed Herta to ensure its BioSurveillance is aligned with the Act’s key principles of human oversight, risk management, traceability, technical documentation, cybersecurity, transparency and the protection of fundamental rights.
“This does not mean that facial recognition can be deployed without limits,” he says. “On the contrary, it means that Herta is now in a stronger position to help public authorities and private operators design facial recognition projects that are lawful, proportionate, auditable and aligned with the new European rules.”
The completed Sandbox gives public authorities a clearer picture of how the AI Act’s restrictions and prohibitions apply to facial recognition, Rodríguez says.
Herta’s facial recognition software protects the privacy of EU citizens through purpose limitation, data minimization and human oversight, with safeguards including traceability, access control, audit logs, cybersecurity measures and technical documentation to ensure deployments are transparent, accountable and reviewable.
“The regulation places important restrictions on the use of facial recognition, especially in publicly accessible spaces and in real-time law enforcement scenarios. These restrictions are necessary because biometric technologies can have a significant impact on fundamental rights if they are used without proper limits.
“However, the AI Act does not create a general ban on facial recognition. Instead, it distinguishes between prohibited uses, high-risk uses and permitted uses subject to strict safeguards. This means that every project must be analysed according to its purpose, legal basis, operational context, proportionality, technical design and governance model.
Related Posts
Article Topics
AI Act | biometric identification | biometrics | facial recognition | Herta Security | Spain
Latest Biometrics News
The Five Eyes intelligence alliance’s warning this month that Chinese intelligence services are using fake recruiters on LinkedIn and other…
When Australia’s myID becomes available for businesses to carry out digital identity verification by the first day of 2027, they…
Privacy-preserving biometric age assurance technologies work; what doesn’t is insignificant consequences for massive, multibillion dollar companies. Australia is taking this…
MetaOptics has taken a step forward in commercializing its contactless fingerprint authentication technology. The company has begun sending evaluation kits…
