When the EU AI Act moved from proposal to law, a specific worry landed on anyone running or buying a people-counting system: is this thing now classified as high-risk? The word "high-risk" carries heavy obligations under the Act, and the Annex III list that defines much of that category includes biometric uses that sound, at a glance, uncomfortably close to counting people. The honest answer turns on what the system actually does, and the distinction is sharper than the surface worry suggests.

This post walks the Annex III classification question point by point for camera-free counting. It explains what Annex III lists, what the biometric terms in it mean, why counting a non-identifying trajectory falls outside them, and where a deployment could slip into high-risk territory if it changed. For the broad "does the Act apply to people counting" overview, see how the EU AI Act applies to people counting; this post is the focused high-risk classification walk-through beneath it. This is general information, not legal advice; the classification for your own deployment is a call for your DPO and counsel.
Is people counting classified as high-risk under the EU AI Act?
Camera-free people counting with Ariadne is not high-risk under the EU AI Act (Regulation (EU) 2024/1689). Annex III lists remote biometric identification and biometric categorisation among the high-risk uses, but both require processing biometric data to recognise or categorise a specific person. Ariadne does neither: it counts trajectories that carry no identifier, no face, and no biometric template, so there is no biometric identification or categorisation to regulate. That places the measurement outside the Annex III high-risk category as long as the deployment stays camera-free and identifier-free. This is general information, not legal advice; confirm the classification for your own deployment with your data protection officer and counsel.
What Annex III lists as high-risk, and what the biometric terms mean
The EU AI Act, Regulation (EU) 2024/1689, sorts AI systems into risk tiers, and Annex III is the list of use cases treated as high-risk. Among the categories relevant here are biometric uses: remote biometric identification systems and biometric categorisation systems. Both are anchored on the concept of biometric data and on doing something with it, either recognising a specific person or sorting people into categories.
The load-bearing terms are worth stating plainly. Biometric identification means using biometric data, such as a facial image or another physical characteristic, to establish or verify who a specific individual is. Biometric categorisation means using biometric data to place a person into a category, for example inferring an attribute about them. Both depend on processing biometric data about a person in the first place. If there is no biometric data, and no attempt to recognise or categorise an identifiable individual, the biometric limbs of Annex III have nothing to operate on. That is the pivot the whole classification turns on, so it is worth being exact rather than approximate about which use cases the Annex actually names.
Why counting is not biometric identification or categorisation
Counting people is arithmetic on movement, not recognition of persons. A camera-free counter that records how many bodies cross a line and how a crowd flows is measuring geometry and motion. It is not building a facial template, not matching anyone against a watchlist, and not sorting individuals into inferred categories. There is no "who is this" step and no "what kind of person is this" step, because there is no biometric data being processed to answer either question.
That is the difference between counting and the biometric uses Annex III targets. A facial-recognition gate identifies a specific person; a demographic-inference camera categorises them by inferred attributes. Both process biometric data about an identifiable individual. A trajectory that carries no identifier, no face, and no template does neither. It is a count and a path with no person attached. For the deeper contrast between sensing that captures biometric data and sensing that does not, see biometric versus non-biometric counting. The reasoned position is straightforward: where the system processes no biometric data and performs no identification or categorisation of a person, the biometric high-risk category in Annex III is not the thing being described. Whether that position holds for a given deployment is for that deployment's DPO and counsel to confirm, not for a blog to guarantee.
How Ariadne measures, and why the method keeps counting outside Annex III
The classification argument only works if the method genuinely captures no biometric data and identifies no one. That is exactly what Ariadne's method is built to do.
Ariadne measures this with Hybrid Fusion, its patented camera-free method. Time-of-Flight depth sensing counts every visitor at the entrances, capturing geometry rather than images, while patented phone signal sensing follows movement through the interior, detecting the signals a phone emits even in airplane mode, and tracks that movement to about one-metre precision. The sensor streams both feeds to Ariadne, where Hybrid Fusion combines them into one trajectory per visit and computes counts, dwell, and paths. The streams carry no identifier: no MAC address, no device ID, no biometric data, and no camera is involved. Identifiers are stored only when a visitor explicitly opts in, which keeps the method GDPR-friendly and outside biometric territory.
Map that onto the Annex III terms and the fit is clean. No camera means no facial image to identify anyone with. Depth sensing captures geometry, not a picture, so there is no biometric template to match. Signal sensing stores no MAC address by default, so there is no persistent identifier to attach movement to a person. The fusion that combines the two feeds happens centrally inside the Ariadne platform, not on the sensor, and what it produces is a trajectory per visit with no identity in it. There is no biometric identification because there is no biometric data, and there is no biometric categorisation because no one is being sorted by an inferred personal attribute. The measurement stays outside the biometric high-risk category by construction, not by a control bolted on afterward. That construction is a data-minimising design choice, and it also means there is no personal data captured that would later need protecting, which is the point regulators tend to care about.
Where a deployment can slip into high-risk territory
The classification is contingent on what the deployment actually does, and it can change if the deployment changes. It is worth being blunt about the moves that would alter the analysis, because a buyer's DPO will ask.
- Adding cameras. Point a camera at an entrance and you introduce images of identifiable people, which is exactly the biometric raw material the counting method was avoiding.
- Turning on facial recognition. Matching faces against identities is remote biometric identification in the Annex III sense, and it changes the classification directly.
- Adding demographic or attribute inference. Sorting visitors by inferred characteristics is the biometric categorisation limb of Annex III, and it pulls the system toward the high-risk category.
- Storing device identifiers without a lawful opt-in basis. Persisting a MAC address or device ID to track individuals reintroduces personal data the counting method had left uncollected.
None of these is inherent to camera-free counting; each is an added capability that would need its own classification analysis. Keeping a deployment camera-free and identifier-free is what keeps the reasoned "not high-risk" position defensible. If your organisation is considering any of the above, that is precisely the point to bring your DPO and counsel in rather than assuming the counting classification carries over. For how measuring an audience without recognising anyone works in a different setting, see measuring signage audiences without facial recognition.
What to take to your DPO: the questions that settle the classification
The classification is a legal call, and the way to get it right is to hand your data protection officer the facts that decide it rather than a conclusion. The useful questions are the ones that map directly onto the Annex III test.
- Does the system process biometric data as the Act defines it? For camera-free counting the honest answer is no, and that answer should be evidenced by the method statement, not asserted.
- Does the system identify or verify a specific individual? A no-identifier trajectory does not, but the DPO will want to see how the vendor guarantees that.
- Does the system categorise people by inferred personal attributes? Pure counting does not; anything doing demographic inference does.
- Are there any optional features that change the answers above, and are they scoped and documented separately?
Those questions turn the classification from a worry into a documented position. Pairing them with a formal assessment is good practice; a DPIA template for people counting gives a structure for recording the analysis, and where counting sits relative to watching individuals is drawn out in counting is not surveillance. For the product itself, see camera-free people counting. The final classification is your DPO's and counsel's to make; this post is the general information they can work from.
FAQ
Is counting people biometric data?
No. Biometric data is data about a person's physical characteristics processed to identify or categorise them, such as a facial image used for recognition. A count of how many people crossed a line, and the shape of a path with no identity attached, is not biometric data. Camera-free counting processes no biometric data at all.
Does the EU AI Act ban people counters?
No. The Act does not name or ban people counting. It classifies certain biometric uses, such as remote biometric identification and biometric categorisation, as high-risk under Annex III. Camera-free counting that processes no biometric data and identifies no one is not the biometric use case those provisions describe.
Is camera-free people counting high-risk under Annex III?
The reasoned position is that it is not, because Annex III's biometric high-risk categories require processing biometric data to identify or categorise a person, and camera-free counting does neither. That position depends on the deployment staying camera-free and identifier-free, and the final call belongs to your DPO and counsel.
What would make a people-counting deployment high-risk?
Adding cameras, turning on facial recognition, adding demographic or attribute inference, or persistently storing device identifiers to track individuals. Each introduces biometric data or identification that the plain counting method avoids, and each would need its own classification analysis.
Do I need cameras?

No. Ariadne counts with Hybrid Fusion: Time-of-Flight depth sensing plus patented phone signal sensing, never cameras. Time-of-Flight captures geometry rather than images, and signal sensing captures no MAC address by default, so the measurement involves no video, no faces, and no biometric data.



