The EU AI Act has fundamentally changed what Irish CCTV designers can specify. As of 2 February 2025, the prohibited AI provisions of the EU AI Act are in force — and several AI-powered video analytics features that are standard offerings in enterprise VMS platforms are now illegal in certain deployment contexts in Ireland. For CCTV design consultants in Ireland, specifying a video management system without verifying which AI analytics features are enabled — and whether they are permitted — is no longer defensible professional practice.
This guide covers what the EU AI Act means for AI CCTV analytics in Ireland in 2025, which AI analytics are prohibited, which are high-risk (requiring conformity assessment), which are freely permitted, and what the technical design implications are for security specifications in Irish commercial, healthcare and critical infrastructure projects.
The EU AI Act in Ireland — A Security Consultant's Summary
The EU AI Act (Regulation EU 2024/1689) creates a risk-based framework for AI systems in the EU. It classifies AI systems into four categories: prohibited AI (banned outright); high-risk AI (permitted but with significant compliance requirements); limited-risk AI (permitted with transparency obligations); and minimal-risk AI (permitted without specific obligation). The Act applies to all AI systems placed on the EU market or used in the EU, regardless of where the system or its developer is located.
For Irish security design professionals, the Act's most immediately relevant provisions are: the prohibited real-time biometric identification systems (facial recognition in public spaces); the high-risk classification of post-event biometric identification systems; and the requirement for AI systems used in critical infrastructure security to undergo conformity assessment before deployment.
Prohibited AI Systems — What Cannot Be Deployed in Irish CCTV
The following AI systems are prohibited from 2 February 2025 and cannot be deployed in any Irish CCTV system regardless of safeguards:
Real-Time Facial Recognition in Publicly Accessible Spaces — Prohibited
Real-time remote biometric identification systems in publicly accessible spaces are prohibited. A "publicly accessible space" under the EU AI Act includes: retail shop floors; hotel lobbies; restaurant and pub entrances; commercial building reception areas; transport stations; car parks accessible to the public; and any outdoor area accessible without access control. The prohibition applies even if the facial recognition feature is marketed as "optional" or "disabled by default" — if the VMS platform contains the prohibited capability, the operator bears responsibility for ensuring it is permanently deactivated and cannot be reactivated without a prohibited AI deployment.
Emotion Recognition and Biometric Categorisation — Prohibited
AI systems that infer emotional states (fear, anger, happiness, distress) from facial expressions, voice patterns or physiological signals are prohibited in workplace and educational contexts. AI systems that categorise individuals by sensitive characteristics — race, political opinion, religious belief, sexual orientation — from biometric data are prohibited in all contexts. Both of these capabilities are offered by some enterprise VMS platforms as video intelligence features. Irish building owners and security consultants must verify that these capabilities are not present or are permanently disabled in any VMS specified for Irish deployment.
High-Risk AI Systems — What Requires Conformity Assessment
Biometric Identification Systems — High-Risk
Post-event biometric identification — searching recorded CCTV footage against a database of known individuals to identify a specific person after an incident — is classified as high-risk AI. For Irish data centres, airports, financial services buildings and critical infrastructure, this capability may be operationally desirable (incident investigation, access control audit). However, deploying it requires: a conformity assessment conducted by the operator before deployment; registration in the EU AI Act database; ongoing monitoring and logging; and an assigned person responsible for AI governance within the organisation.
AI Analytics That Are Currently Permitted in Irish CCTV
Not all AI video analytics are prohibited or high-risk. The following are freely permitted in Irish CCTV systems subject to GDPR compliance:
- Perimeter intrusion detection — AI systems that detect zone boundary crossing, loitering in restricted areas, or direction of travel (moving against flow) are permitted without EU AI Act compliance obligations
- Vehicle and licence plate recognition — Not biometric, not categorising individuals by sensitive characteristics; permitted subject to GDPR and DPC guidance on LPR retention
- Object detection — Detecting specific objects (unattended bags, weapons, vehicles in pedestrian zones) without identifying the person associated with the object is permitted
- Crowd density analytics in aggregate — Counting or estimating the number of people in an area, without identifying individuals, is not subject to EU AI Act restrictions
- Camera health monitoring — AI systems that monitor camera alignment, image quality, obstruction detection and tampering alerts are not regulated by the EU AI Act
- Anomaly detection based on non-biometric criteria — Unusual patterns of movement or behaviour (not linked to identification of specific individuals) may be permitted but requires careful legal analysis for each specific use case
Technical Design Requirements for EU AI Act-Compliant CCTV in Ireland
For Irish security design consultants, the EU AI Act creates the following technical specification requirements:
- VMS specification must state the AI analytics features included and whether any require EU AI Act conformity assessment
- Security schedule must identify which analytics are enabled on which cameras and confirm they are within the permitted category
- Commissioning documentation must confirm that prohibited AI features are disabled and cannot be reactivated without express authorisation
- Audit log configuration must record all changes to AI analytics settings
- For high-risk AI deployments: conformity assessment documentation must be completed before system goes live
See our physical security consultant Ireland page and our CCTV design consultant Ireland service page for the complete security design scope we provide to Irish clients.
FAQs — AI CCTV Analytics Ireland
Real-time AI facial recognition in publicly accessible spaces is prohibited under the EU AI Act (from 2 February 2025). Even outside public spaces, biometric identification systems are high-risk AI requiring conformity assessment. The DPC Ireland treats facial recognition as biometric special-category data under GDPR Article 9, requiring an additional lawful basis.
Permitted analytics include: perimeter intrusion detection; vehicle/LPR detection (not biometric); unattended object detection; crowd density analytics in aggregate (not identifying individuals); and camera health monitoring. These are not prohibited or high-risk AI under the EU AI Act, subject to GDPR compliance.
Yes. The EU AI Act applies to all AI systems used in the EU, regardless of whether the operator is public or private. An Irish retail, hospitality or commercial building deploying prohibited AI analytics falls within scope and must comply with applicable provisions.
High-risk AI relevant to Irish security includes: post-event biometric identification systems; AI for critical infrastructure security; and AI-based biometric access control authentication. High-risk systems require conformity assessment, EU registration, technical documentation and ongoing monitoring before deployment.
The DPC Ireland indicates that AI analytics involving automated decision-making about individuals may require a DPIA under GDPR Article 35 and explicit notification under GDPR Article 22. The DPC has published general AI/GDPR guidance but has not yet published Ireland-specific guidance on the EU AI Act/GDPR intersection for building security systems.
Request a GDPR & EU AI Act Compliant Security Design
ASDV specifies only EU AI Act-compliant analytics and provides GDPR documentation alongside every CCTV design package for Irish projects.
Request Free AssessmentOr: +91-8800334308 · WhatsApp Us