Police Use of AI in Europe: The Surveillance Technology That Has Already Arrived

European police forces are using AI surveillance tools at a scale that most citizens are not aware of. Here is what is deployed, what is legal, and what the EU AI Act actually changes.

The AI Act's prohibition on real-time biometric surveillance in public spaces is one of its most discussed provisions. It is also one of its most complicated, because the legal definition of what constitutes 'real-time' biometric surveillance turns out to be far less clear in practice than it appears in theory — and because the exemptions carved out for national security, terrorism prevention, and serious crime investigation are broad enough to accommodate most of what European police forces are currently doing.

France has deployed AI-powered surveillance cameras at major transportation hubs since 2023, using systems that analyze crowd behaviour patterns to detect 'abnormal' movements associated with security threats. The system does not, its operators insist, perform facial recognition — it analyzes movement patterns, not identities. Legal scholars at Sciences Po have published detailed analyses arguing that this distinction is both legally significant and technically debatable.

Germany has invested heavily in AI-assisted analysis of CCTV footage for use in criminal investigations — a 'post-event' rather than real-time application that the AI Act treats differently from live surveillance. The question of whether footage analyzed within minutes of an incident constitutes 'real-time' or 'post-event' processing is not resolved in the law's text.

In Hungary, Latvia, and Bulgaria, police AI surveillance deployments include capabilities that EU legal experts have publicly flagged as potentially inconsistent with AI Act requirements, without the Commission having taken formal enforcement action against any of them.

The broader pattern is consistent: European police forces see AI surveillance as operationally necessary and are deploying it at the outer edges of what is legally permissible, while regulators struggle with the technical complexity of assessing compliance with rules that were written when the technology was less capable than it is now.