Monitoring employees with AI: what is allowed and what isn't?
Adopted 2026-06-20 ยท ≈ 2 min read ยท 
edited by Dirk Baaijen
AI monitoring of employees quickly clashes with the rules: emotion recognition at work is banned (Art. 5), performance monitoring can be high-risk (Annex III), and the GDPR requires a legal basis, transparency and proportionality. Continuous, intrusive monitoring is legally risky.
Short answer: AI for monitoring employees is not allowed without limits. One form is banned entirely: AI that infers emotions in the workplace (Art. 5 AI Act, since 2 February 2025). Other forms โ performance or behaviour monitoring โ can be high-risk (Annex III, workforce management) and in any case fall under the GDPR, which requires a valid legal basis, transparency and proportionality. Continuous, intrusive monitoring is legally vulnerable.
What is banned
AI systems that infer employees' emotional state โ through camera, voice or behaviour analysis โ are banned in the workplace. It does not matter how "helpful" it is meant to be; only a narrow exception applies for medical or safety purposes. See prohibited AI practices.
When monitoring is high-risk
AI that monitors and evaluates workers' performance or behaviour falls under workforce management in Annex III and can therefore be high-risk. Then human oversight (Art. 14), informing the workers concerned (Art. 26) and data-quality requirements apply, among others. The more the system weighs in decisions about people, the heavier the regime.
The GDPR sets the limits
Even without a high-risk qualification, the GDPR applies. Monitoring requires a valid legal basis (employee consent is usually not freely given, so weak), transparency in advance, data minimisation and a proportionality test: does the purpose outweigh the privacy intrusion? A Data Protection Impact Assessment (DPIA) is often mandatory for systematic monitoring. In many countries the works council also has consultation or co-determination rights.
What to do
- Start with whether it is banned (emotion recognition) โ if so, don't.
- Classify the monitoring: high-risk or not (see high-risk obligations).
- Test proportionality and record a DPIA.
- Inform employees transparently and involve worker representatives.
- Limit what you collect and how long you keep it.
Monitoring is where employers most quickly go wrong: the technology can do a lot, but the law draws sharp lines. Start with the purpose and proportionality, not with what is technically possible.
Sources
- https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Regulation (EU) 2024/1689 (AI Act): Art. 5 (ban on workplace emotion recognition) and Annex III (workforce management high-risk). - https://eur-lex.europa.eu/eli/reg/2016/679/oj
General Data Protection Regulation (GDPR): legal basis, transparency and data minimisation for monitoring.
Read next
AI in the workplace: the guide for employers and HR
AI in recruitment, workforce management and monitoring largely falls under the AI Act (Annex III, high-risk) and the GDPR, with one hard ban: emotion recognition at work. This guide brings together what applies to employers and where to start.
AI proctoring and exam surveillance: is AI monitoring allowed?
AI proctoring (online exam surveillance) detects prohibited behaviour during tests and therefore falls under Annex III: high-risk. If the system infers emotions, it is even banned (Art. 5). The GDPR also requires a legal basis, proportionality and usually a DPIA โ especially for minors.
AI in education: what does the AI Act mean for schools and trainers?
AI that determines access to education, evaluates learning outcomes or monitors exam behaviour falls under Annex III and is high-risk. Emotion recognition in education is banned. The GDPR (often minors' data) and the AI-literacy duty also apply.