Biometric Authentication Compliance
EN 301 549 Clause 5.3 requires that any system using biometric authentication must also provide a fully functional non-biometric alternative. Use this tool to check compliance and explore authentication method options.
EN 301 549 §5.3 — Mandatory Requirement
"Where ICT uses biological characteristics, it shall not rely on the use of a particular biological characteristic as the only means of user identification or for control of ICT."
This requirement applies to websites, mobile apps, ATMs, kiosks, and any ICT product in scope of the EAA (Directive 2019/882).
Answer each question to assess your product's Clause 5.3 compliance. Questions unlock progressively.
Does your product or service use any biometric authentication method (fingerprint, face, voice, iris)?
EN 301 549 §5.3 — Scope trigger
For self-service kiosks or ATMs: is the interface operable without requiring the user to look at, touch, or present a body part to the device?
EN 301 549 §5.3 + §8.3.2 — Physical accessibility
EU AI Act Article 5 — scope clarification
This tool covers EN 301 549 §5.3 accessibility requirements for biometric authentication — the obligation to provide non-biometric fallbacks. It does not assess compliance with the EU AI Act (Regulation 2024/1689), which introduces separate prohibitions for certain biometric AI systems. Key distinctions:
- Article 5(1)(d): Real-time remote biometric identification in publicly accessible spaces is prohibited for law enforcement purposes (with narrow, court-authorised exceptions). This does not automatically apply to commercial operators.
- Commercial operators deploying biometric authentication (e.g. device unlock, app login, workplace access) are generally not covered by Art 5(1)(d) but may be deploying a high-risk AI system under Annex III, Category 1 (biometric identification and categorisation of natural persons), which requires a conformity assessment before deployment in the EU.
- Facial recognition systems used for marketing, emotion recognition in workplaces, and social scoring are subject to additional prohibitions under Article 5(1)(a)–(c) regardless of whether the operator is a law enforcement authority.
Consult your DPO and legal counsel for a full EU AI Act assessment. This tool addresses accessibility compliance only.
Export as evidence
Answer questions or select methods to enable export
Every export includes a legal-evidence metadata footer with the audit ID, generation date, tool version, EN 301 549 clauses, and the standard disclaimer. Legal-grade evidence — not legal advice.
Important Legal Disclaimer
This tool is a self-assessment aid only and does not constitute legal advice or a formally certified compliance assessment. Outputs — including reports, scores, checklists, and accessibility statements — are for internal use and should be reviewed by a qualified legal representative or independent accessibility auditor before being relied upon for regulatory, procurement, or public-disclosure purposes. All assessment risk lies with the internal assessor. accessibilityref, its developers, and staff accept zero liability for losses arising from use of or reliance on these outputs. Always verify against official sources: the W3C WCAG 2.2 Recommendation, the European Accessibility Act (Directive 2019/882), and your national enforcement authority.