EU AI Act Article 5: Why EU Data Carries Dual Jeopardy
EU AI Act Article 5 came into force Feb 2, 2025. Untargeted facial-image scraping is now a prohibited AI practice with fines up to €35M or 7% of global turnover. Clearview has absorbed €70M+. In October 2025, noyb filed the first criminal charges.
On February 2, 2025, Article 5 of the EU AI Act came into force. The article prohibits AI systems that “create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.” Penalties run up to €35M or 7% of global turnover, whichever is higher — the highest fine tier in the Act, sitting on top of any GDPR exposure.
The headline target of the article is Clearview AI — the company built explicitly on the prohibited practice. By the time Article 5 took effect, Clearview had already absorbed €70M+ in fines across four EU jurisdictions: Italy €20M, France €20M, Greece €20M, and Netherlands €30M (September 2024). None paid. The Dutch DPA threatened personal liability for Clearview directors. Clearview ignored that too.
In October 2025, noyb — Max Schrems’ privacy NGO — escalated. They filed criminal complaints under Austria’s GDPR §62 implementation invoking Article 84 GDPR. That was the first criminal route attempted against Clearview, and it changed the calculus. The same month, the UK Upper Tribunal reversed the lower-tier ruling and held that Clearview’s processing falls within GDPR’s territorial scope.
For scraping infrastructure operators, the Clearview case is exceptional in its facts but exemplary in its trajectory. The European enforcement apparatus has demonstrated that it can stack: GDPR fines, AI Act prohibitions, criminal complaints, and territorial-scope rulings, applied in sequence, against a single target. EU-resident data is now subject to dual jeopardy that does not exist in the US.
What Article 5 actually prohibits
The text is more limited than the press coverage suggests. Article 5(1)(e) prohibits AI systems that “create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.” Three elements have to all be present:
- Untargeted scraping: indiscriminate collection rather than collection of specific identified subjects
- Facial images specifically: not all biometric data, not all personal data
- Building or expanding a facial recognition database: the use case is FR, not other downstream applications
A scraper that pulls profile images from LinkedIn for a B2B contact-enrichment product is technically not within Article 5 if the product does not use the images for face recognition. A scraper that pulls the same images and feeds them into an FR pipeline is squarely within Article 5.
In practice, the ambiguity sits at the boundaries: what counts as “facial recognition” if the model identifies attributes (age, expression, demographic markers) without matching to identity? What counts as “untargeted” if the scraper collects images of specific named persons but does so at scale? European regulators are still defining those boundaries through enforcement actions.
The conservative posture for any scraper handling EU-resident facial imagery is to assume Article 5 may apply unless the use case is narrowly and provably outside the FR scope.
What this means beyond Clearview
The structural significance is that Article 5 is the first prohibition tier of the AI Act to take effect. The full Act phased in across 2024–2026 with progressively stricter requirements; Article 5 was the leading edge. Other prohibition categories — social scoring, predictive policing — have similar fine ceilings but more limited enforcement traction so far.
For scraping vendors and the buyers of scraped data, Article 5 establishes the legal precedent that the EU is willing to (a) ban specific data-collection practices outright, (b) attach extraterritorial liability that follows the data subject regardless of where the scraper is located, and (c) escalate enforcement to criminal charges when administrative fines fail.
That is a different posture from US law, where the Bright Data v. Meta line preserves logged-out scraping rights and enforcement is primarily contractual and tort-based. The two jurisdictions have diverged sharply on the legal status of large-scale public-data scraping, and the divergence is set to widen rather than narrow.
For a scraping operation that handles any EU-resident data, the practical implications:
- Provenance documentation matters more. A scraper that can demonstrate which records relate to EU residents (or to non-EU residents specifically) has a defensible compliance posture. A scraper that cannot make that distinction is exposed across the entire dataset.
- Use-case restrictions matter more. A scraper that contractually limits downstream use (no FR, no biometric profiling) shifts liability allocation. A scraper that sells raw data with no use restrictions absorbs the full liability when a buyer misuses it.
- EU territorial nexus matters more. A vendor with no EU presence and no EU customers is harder for European regulators to reach in practice (though noyb’s criminal route in Austria suggests this is changing). A vendor with EU operations or customers is well within reach.
What the noyb criminal route signals
The noyb filing in October 2025 deserves attention because of the legal structure it leverages. Article 84 GDPR allows member states to provide for penalties (including criminal) for infringements not subject to administrative fines. Austria’s implementation (GDPR §62) creates a criminal route. noyb argued that Clearview’s continued processing of Austrian residents’ data, after explicit DPA orders to cease, falls within that criminal regime.
If the Austrian prosecution proceeds and produces convictions, it establishes a template every other GDPR-implementing member state can follow. The administrative-fines-only era of GDPR enforcement against scraping vendors would end, replaced by a regime where individual responsibility (directors, founders, named officers) is on the table.
That change would meaningfully alter the calculus for vendors who have, until now, treated GDPR fines as a cost of doing business. A €20M unpaid fine is recoverable through corporate insolvency or asset shielding. A criminal conviction follows the individual.
Compliance posture for image-handling actors
For Apify Store publishers, Article 5 and the noyb criminal route are most relevant for actors that handle facial imagery, biometric data, or any data that could be used to build an FR system. That is a small subset of the Store catalog — the vast majority of actors target text data (jobs, products, prices, listings, profiles without images).
For the actors that do handle imagery — primarily social-media profile scrapers — the compliance posture worth adopting is:
- Avoid the FR use case explicitly. Actor descriptions that pitch “build your own face database” are now legally toxic in Europe. Descriptions that pitch “engagement analytics” are less so.
- Restrict downstream use contractually. Apify’s Terms of Use can be augmented with actor-specific use restrictions that shift liability.
- Be cautious about EU-resident data. Geo-filtering at the actor level is technically straightforward and meaningfully reduces exposure.
The broader implication for the Store is that European compliance posture is becoming a competitive differentiator at the actor level. Publishers who can credibly claim “no EU data” or “Article 5-compliant” will win European buyers who increasingly need to demonstrate compliance posture themselves. The publishers who treat EU compliance as someone else’s problem will lose those buyers.
The era of “scrape everything, ask questions later” is closed in Europe. The Bright Data doctrine that protects scraping in the US has no equivalent in EU law, and Article 5 is the formal demonstration that European regulators are willing to act on that gap. The next two years will test how far the enforcement runs.
Sources