Anthropic Now Wants Your ID and a Selfie. Is That an EU AI Act Issue?
AI-GENERATED IMAGE
From 8 July, some Claude users will be asked to hand over a government-issued photo ID and a live selfie before they can carry on using the product. Anthropic runs the check through a third party called Persona, which matches the selfie to the ID and tests that a real person is present. The checks started in limited form in April and are widening across the Free, Pro, and Max tiers.
The reaction online has been loud. “An AI company is collecting your face” is the gist, with the usual surveillance framing attached. It is worth separating what is actually happening from what people fear is happening.
What Anthropic is actually doing
The facts, from Anthropic’s own help documentation and Persona’s role in it:
- It is a verification check. You submit your own ID and your own selfie. Persona confirms the two match and that the selfie is a live person, not a photo of a photo.
- Persona holds the data. The ID image and selfie sit with Persona. Anthropic can see verification records when it needs to, for example when reviewing an appeal, but says it does not copy or store the images itself.
- It is not universal. The check is triggered when you access certain capabilities, during routine integrity checks, or when activity looks fraudulent or abusive.
- It is not training data. Anthropic states the identity and biometric data will not be used to train models or shared beyond the fraud-prevention purpose, and that Persona is contractually limited to that use.
You can dislike this. Plenty of people object to handing biometric data to any company, and the friction of being asked for ID mid-session is a real product cost. But “dislike it” and “it breaks EU law” are different claims, and the second one is where much of the online commentary is going.
What the outrage misses
The EU AI Act treats biometrics seriously, so the instinct to reach for it here is understandable.
The Act draws a hard line between two things that sound similar:
- Biometric identification is one-to-many. A system takes your face and compares it against a database to work out who you are, often without your active involvement. Imagine a system designed to identify individuals in public places. This is the remote biometric identification the Act worries about, and it is mostly banned outright under Article 5.
- Biometric verification is one-to-one. The system compares your biometric data to data you have just provided, to confirm you are who you claim to be. Article 3 defines it as the “automated, one-to-one verification, including authentication, of the identity of natural persons.”
The Anthropic flow is squarely the second kind. You actively present your own ID and selfie to confirm a claimed identity. That matters because the Act’s high-risk list goes out of its way to exclude it.
Annex III lists remote biometric identification as a high-risk use, then immediately carves out systems intended for biometric verification “the sole purpose of which is to confirm that a specific natural person is the person he or she claims to be.” In plain terms: a one-to-one “are you really you?” check is not on the high-risk track. No conformity assessment, no CE marking, no EU database registration triggered by that clause.
So the dramatic reading, that Anthropic has switched on a biometric surveillance system and is breaking the law, does not hold. The Act deliberately leaves it alone because it is used only for verification.
GDPR is where the obligation sits
The regulations live in a different place.
A face match used to confirm a specific person’s identity is biometric data processed for the purpose of uniquely identifying someone. Under GDPR that is special category data under Article 9, and you cannot process it on a normal lawful basis alone. You need an Article 9(2) condition on top, and for a consumer login check the realistic one is explicit consent under Article 9(2)(a).
That is the right frame for what Anthropic and Persona are doing for their EU users, and it is the frame any business copying the pattern should use. We have written about where GDPR and the AI Act overlap and where they don’t. Identity verification is a clean example of a case that looks like an AI Act story and is really a GDPR one.
The part worth arguing about
Two questions are still open, and worth arguing. One is legal. One is about direction.
Consent? Explicit consent under Article 9(2)(a) is the only realistic basis for a check like this. But GDPR consent also has to be freely given, and Recital 42 says it is not freely given where a person cannot refuse “without detriment.” Being locked out of the product is a detriment. So the one lawful basis available is consent, and the provider has made that consent a condition of access. You agree to the selfie or you do not get in.
Whether that survives a challenge is unsettled. Anthropic could argue that Claude Pro is an optional product a user can decline, and that walking away from an €18/month subscription is a free choice.
The direction is the bigger story. Identity verification is becoming the price of admission to frontier AI, justified by fraud, abuse, and account-sharing. Access is shifting from “anyone with an email” to “anyone who will show their face.” Using the most capable software increasingly means proving who you are first.
Verification is carved out of the high-risk rules precisely because lawmakers saw it as the low-risk, consent-based end of biometrics. Whether that judgement still fits a world where a handful of AI providers become identity gatekeepers is a fair thing to ask. It is just not the same as saying Anthropic broke the rules.
What does this mean for you?
If this lands on your desk, in either direction:
- As a user or buyer, decide whether you are comfortable with handing over your government ID, and check where your provider’s verification data is held and for how long.
- As a builder, map your own identity checks to the verification-versus-identification line, then build the GDPR file: Article 9 condition, DPIA, and a processing agreement with your vendor.
- Don’t reach for the AI Act first. When biometrics show up in a consumer product, start with GDPR.
Frequently asked questions
Is Anthropic's biometric ID check a high-risk AI system under the EU AI Act?
No. The check is one-to-one biometric verification: you submit your own ID and selfie to confirm you are who you claim to be. Annex III of the EU AI Act lists remote biometric identification as high-risk but explicitly excludes verification systems whose sole purpose is to confirm a person's claimed identity. So this sits outside the high-risk track. The main EU law in play is GDPR, not the AI Act's high-risk rules.
What is the difference between biometric identification and biometric verification?
Identification is one-to-many: a system compares your biometric data against a database to work out who you are, often without your active involvement. Verification is one-to-one: it compares your biometric data to data you have just provided to confirm a claimed identity. The EU AI Act regulates remote identification heavily and carves verification out of the high-risk category (Annex III, point 1, and Article 3's definitions).
If I build biometric ID checks into my own product, what EU law applies?
Mainly GDPR. A face match used to identify or verify a specific person is biometric data processed for the purpose of unique identification, which is special category data under Article 9. You need an Article 9(2) condition to process it, usually explicit consent, plus a lawful basis under Article 6, a DPIA, and a data processing agreement with your verification vendor. The AI Act high-risk obligations generally do not bite on one-to-one verification.
John holds editorial responsibility for all ComplyDrive content.
About the author →The 47-item checklist, an editable tracker, nine sample documents and nine fill-in templates.
Get the Toolkit