ISO/IEC 9868:2025

International
Standard
ISO/IEC 9868
First edition
Information technology — Design,
2025-02
development, use and maintenance
of biometric identification systems
involving passive capture subjects
Technologies de l'information — Conception, développement,
utilisation et maintenance des systèmes d'identification
biométriques appliqués sur des sujets de capture passifs
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
3.1 Roles .2
3.2 Categories of biometric identification system and use cases .3
3.3 Miscellaneous .4
4 Abbreviated terms . 4
5 Conformance . 5
6 Scenarios and use of biometric systems involving passive capture subjects . 6
6.1 Main characteristics .6
6.2 Use cases and scenarios.6
6.3 Minimizing identification errors .7
7 Consideration of risk arising from BISPCS . 8
8 Design and development practice . 9
8.1 Biometric system and algorithm .9
8.2 Impact of capture devices on training and testing .10
9 Technical capabilities of the system .10
9.1 Performance .10
9.1.1 General .10
9.1.2 Biometric recognition .10
9.1.3 Demographic differential performance assessment .11
9.1.4 Detection of anomalous image quality .11
9.1.5 Security evaluation and presentation attack detection .11
9.1.6 Third-party ex-ante performance evaluation .11
9.2 Security and integrity . 12
9.3 Biometric data management . 12
9.4 Support for manual review . 13
9.5 Support for human oversight .14
9.6 Support for operational testing .14
9.7 Documentation .14
10 Operational practice .15
10.1 Organizational control . 15
10.2 Competence of biometric system operators . 15
10.3 Operational security.16
10.4 Privacy measures .16
10.4.1 General .16
10.4.2 Privacy principles of ISO/IEC 29100.16
10.4.3 Biometric information protection .19
10.5 Operational monitoring .19
10.5.1 Monitoring .19
10.5.2 Operational testing and internal audit .19
10.5.3 Feedback . 20
10.5.4 Threshold management . 20
10.6 Improvement .21
10.6.1 Retraining of ML-based biometric systems .21
10.6.2 Continuous learning .21
10.6.3 Continual improvement.21
Annex A (informative) Use case profiles .23

© ISO/IEC 2025 – All rights reserved
iii
Annex B (informative) Example audit report .26
Bibliography .30

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
v
Introduction
Recent improvements in biometric systems, and in particular face recognition, have allowed new usage
for identification systems. Biometric systems using artificial intelligence (AI) techniques are capable
of capturing biometric data in publicly accessible spaces without any deliberate action from the capture
subjects and possibly even without their knowledge.
On 13 March 2024, the European Commission adopted a proposal for a regulation laying down a “uniform
[1]
legal framework in particular for the development, marketing and use of artificial intelligence”. This is one
of the first-ever proposed horizontal regulations in the field of AI, aiming at building appropriate standards
for safe and human-centric AI systems.
The regulation includes a risk-based framework with a tiered approach. The framework prohibits the use of
certain systems posing a particularly high risk to the fundamental rights and safety of individuals, sets out
requirements for high-risk AI systems and introduces transparency requirements for other AI systems. The
regulation defines high-risk systems, which are systems that pose a risk of harm to the fundamental rights,
health or safety of individuals. Biometric identification systems involving passive capture subjects (referred
to as “remote biometric identification systems” in the words of the proposal) are classified as high-risk in the
regulation risk-based framework. Providers and owners of high-risk systems are expected to demonstrate
compliance with European Union (EU) regulatory requirements and identify design/operational risks and
mitigation measures before they are put on the European market.
With this development in mind, this document is intended to provide international standardization in a
sector which requires strong guidelines and harmonized practices in order to respond to concerns related to
privacy protection, bias and accurate performance. It establishes requirements for the design, development,
evaluation, operation and maintenance of biometric identification systems involving passive capture
subjects.
Many of the examples and use cases found in this document focus on face and face-related biometric systems,
given that face biometric characteristics are currently the more commonly used biometric characteristic.
Gait and voice are other examples of usable biometric characteristics.

© ISO/IEC 2025 – All rights reserved
vi
International Standard ISO/IEC 9868:2025(en)
Information technology — Design, development, use and
maintenance of biometric identification systems involving
passive capture subjects
1 Scope
This document provides recommendations and requirements for the design, development, use and
maintenance of biometric identification systems involving passive capture subjects, including pre- and post-
deployment evaluation.
While the emphasis is on surveillance systems, this document is also applicable to other types of biometric
identification systems involving passive capture subjects, regardless of biometric characteristic or sensing
technology. This includes systems involving passive capture of subjects where some capture subjects
enrolled voluntarily.
This document does not apply to biometric verification systems and biometric identification systems only
involving capture subjects deliberately taking part in the capture.
This document does not define specific services, platforms or tools.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics
ISO/IEC 19795-1:2021, Information technology — Biometric performance testing and reporting — Part 1:
Principles and framework
ISO/IEC 19795-2, Information technology — Biometric performance testing and reporting — Part 2: Testing
methodologies for technology and scenario evaluation
ISO/IEC 19795-6, Information technology — Biometric performance testing and reporting — Part 6: Testing
methodologies for operational evaluation
ISO/IEC 19795-10, Information technology — Biometric performance testing and reporting – Part 10:
Quantifying biometric system performance variation across demographic groups
ISO/IEC 29794-1, Information technology — Biometric sample quality — Part 1: Framework
ISO/IEC 30107-3, Information technology — Biometric presentation attack detection — Part 3: Testing and
reporting
ISO/IEC 29100, Information technology — Security techniques — Privacy framework
ISO/IEC 24745, Information security, cybersecurity and privacy protection — Biometric information protection
ISO/IEC 22989, Information technology — Artificial intelligence — Artificial intelligence concepts and
terminology
ISO/IEC 27001, Information security, cybersecurity and privacy protection — Information security management
systems — Requirements
© ISO/IEC 2025 – All rights reserved
ISO/IEC 27002, Information security, cybersecurity and privacy protection — Information security controls
ISO/IEC 27005, Information security, cybersecurity and privacy protection — Guidance on managing
information security risks
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 22989 and in ISO/IEC 2382-37
and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Roles
3.1.1
biometric capture subject
individual who is the subject of a biometric capture process
Note 1 to entry: The individual remains a biometric capture subject only during the biometric capture process.
[SOURCE: ISO/IEC 2382-37:2022, 37.07.03]
3.1.2
biometric system developer
individual or organization that performs development activities (including requirements analysis, design,
testing through acceptance) during the system or software life cycle process
Note 1 to entry: While the biometric system provider (3.1.3) and biometric system developer can be different entities,
all requirements defined in this document for the biometric system developer are under the responsibility of the
biometric system provider.
[SOURCE: ISO/IEC 25000:2014, 4.6, modified — Preferred term has been changed from “developer” to
“biometric system developer” and Note 1 to entry has been added.]
3.1.3
biometric system provider
natural or legal person, public authority, agency or other body that places a biometric identification system
involving passive capture subjects (BISPCS) (3.2.1) on the market or puts it into service under its own name or
trademark, whether for payment or free of charge
3.1.4
biometric system owner
person or organization with overall accountability for the acquisition, implementation and operation of the
biometric system
[1]
Note 1 to entry: The biometric system owner is known as the “user” in the EU AI Act.
[SOURCE: ISO/IEC 2382-37:2022, 37.07.09, modified — Note 1 to entry has been added.]
3.1.5
experimenter
individual responsible for defining, designing and analysing the test
[SOURCE: ISO/IEC 19795-1:2021, 3.5]

© ISO/IEC 2025 – All rights reserved
3.1.6
biometric system operator
person or organization who executes policies and procedures in the administration of a biometric system
Note 1 to entry: In the context of this document, the biometric system operator designates staff from the biometric
system owner (3.1.4) operating the system
[SOURCE: ISO/IEC 2382-37:2022, 37.07.08, modified — Note 1 to entry has been added.]
3.1.7
passive capture subject
individual who is the subject of a biometric capture process where biometric data capture does not require
any deliberate action of biometric presentation by the biometric capture subject (3.1.1)
Note 1 to entry: Passive capture subjects are often unaware that their biometric data is being captured and unable to
prevent capture.
3.1.8
test crew member
selected biometric data subject whose use of the operational system is controlled or monitored as part of the
evaluation
Note 1 to entry: In an operational evaluation, test subjects can be subjects of the operational system or they can be
members of a test crew using the system specifically for evaluation purposes.
[SOURCE: ISO/IEC 19795-6:2012, 4.17]
3.2 Categories of biometric identification system and use cases
3.2.1
biometric identification system involving passive capture subjects
BISPCS
biometric identification system where biometric data capture does not require any deliberate action of
biometric presentation by the biometric capture subject (3.1.1)
EXAMPLE 1 A biometric identification system capturing passive capture subjects (3.1.7) walking in a designated
area to create biometric probes is a BISPCS.
EXAMPLE 2 A biometric system where biometric capture subjects actively and knowingly participate in the
biometric data capture process is not a BISPCS.
EXAMPLE 3 An access control system to a secured building where the personnel have voluntarily enrolled in the
biometric reference database is not a BISPCS.
Note 1 to entry: A BISPCS can implement watchlist identification (3.2.2).
3.2.2
watchlist identification
process of searching a probe from a biometric capture subject (3.1.1) against a biometric reference database
to return biometric reference identifier(s) attributable to a biometric person of interest
EXAMPLE A biometric system searching for a missing child in a publicly accessible space.
Note 1 to entry: In watchlist identification scenarios, most biometric capture subjects are not mated to references in
the watchlist. Therefore, the expected result is that no reference is returned.
3.2.3
video surveillance system
VSS
system consisting of camera equipment, monitoring and associated equipment for transmission and
controlling purposes, which can be necessary for the surveillance of a protected area
[SOURCE: ISO/IEC 30137-1:2024, 3.2.12]

© ISO/IEC 2025 – All rights reserved
3.3 Miscellaneous
3.3.1
demographic group
category of the human population, defined by specific traits or criteria
EXAMPLE Ethnic group, gender, age group, but also people having facial hair/not having facial hair, wearing
make-up/not wearing make-up, wearing accessories/not wearing accessories, etc.
Note 1 to entry: The recognition performance of a biometric identification system can vary across different
demographic groups.
3.3.2
manual review
human intervention to achieve a biometric decision
Note 1 to entry: Human intervention can encompass all aspects of a biometric system policy.
3.3.3
monitoring mechanism
mechanism which enables the biometric system owner (3.1.4) to assess whether or not the system is
functioning as expected
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
AI artificial intelligence
ATM automated teller machine
BISPCS biometric identification systems involving passive capture subjects
CAPNIR concealer attack presentation non-identification rate
CMC cumulative match characteristic (as defined in ISO/IEC 19795-1)
FND false negative differential
FNIR false negative identification rate
FPD false positive differential
FPIR false positive identification rate
FRT face recognition technology
FTAR failure-to-acquire rate
FTER failure-to-enrol rate
ML machine learning
PAD presentation attack detection
VIP very important person
VSS video surveillance system
© ISO/IEC 2025 – All rights reserved
5 Conformance
Requirements of this document can apply to multiple stakeholders. Some requirements are the responsibility
of the biometric system provider. Some requirements are the responsibility of the biometric system owner.
Some requirements are the responsibility of both the biometric system provider and biometric system
owner. A BISPCS is conformant with this document only if the biometric system provider and the biometric
system owner fulfil all their responsibilities.
The biometric system developer can be different from the biometric system provider, but all requirements
assigned to the developer are under the responsibility of the biometric system provider.
The biometric system provider, in coordination with the biometric system developer where appropriate,
shall document the following:
— the system’s intended purpose;
— the rationale for development of the biometric algorithm to process captured data to achieve its intended
purpose;
— operating assumptions and limitations;
— types of biometric characteristic to be captured and processed;
— quality and compatibility requirements;
— biometric performance characteristics;
— BISPCS use cases;
— how fitness for purpose for BISPCS use cases is determined.
The biometric system provider can be the same as the biometric system owner, such as a government agency
with the resources and skill to train new models using custom internal algorithms.
Biometric system providers and biometric system owners shall fulfil all the responsibilities summarized in
Table 1.
Table 1 — Roles and responsibilities
Topic Role Representative respon- Applicable Clause/subclause
sibilities
Risk assessment Biometric Assessment for intended Clause 7
system pro- use case of the system
vider and provision of suitable
mitigation measures
Biometric Document assessment for
system owner the intended use case
Design and development Biometric Appropriate develop- Clauses 8 and 9
system pro- ment of the BISPCS, and
vider testing and validation
of all required technical
functionalities
Operational Competence of Biometric Provide training 10.2
practice biometric system system pro-
operators vider
Biometric Ensure competence is
system owner validated
Operational security Biometric Ensure that the system 10.3
system owner utilizes appropriately
configured and main-
tained security controls
© ISO/IEC 2025 – All rights reserved
TTabablele 1 1 ((ccoonnttiinnueuedd))
Topic Role Representative respon- Applicable Clause/subclause
sibilities
Privacy measures Biometric Review and implement 10.4
system owner privacy preserving meas-
ures
Operational moni- Biometric Establish and implement 10.5
toring system owner monitoring plan
Improvement Biometric sys- When necessary, take 10.6
tem owner steps to improve the per-
formance of the BISPCS
6 Scenarios and use of biometric systems involving passive capture subjects
6.1 Main characteristics
BISPCS have two primary characteristics.
First, a BISPCS interacts with passive capture subjects for whom biometric data capture does not entail any
deliberate action of biometric presentation. Capture of biometric data from passive capture subjects is often
achieved using biometric capture devices deployed in publicly accessible spaces. The quality of the biometric
samples captured from passive capture subjects can be lower than what is usually achieved for cognizant
and cooperative presentations and a re-capture step for increasing this quality is not possible.
EXAMPLE 1 Capture subjects are aware while walking down a street that a VSS is capturing their biometric
characteristics, but they are not deliberately taking part in a biometric presentation.
EXAMPLE 2 Systems using face recognition in combination with VSS are used in football stadiums for identifying
biometric persons of interest as they enter the stadium.
Second, a BISPCS performs biometric identification in which a biometric probe is used to query a biometric
reference database to find and return matching reference identifiers. Biometric samples captured from
passive capture subjects can be compared against biometric references captured during enrolment, against
references captured by another BISPCS, or against references captured by other biometric systems.
6.2 Use cases and scenarios
Examples of use cases and scenarios for BISPCS include:
— search for missing persons;
— protection of public or private spaces;
— watchlist identification;
— investigation after a criminal event.
In the “watchlist identification” use case, the biometric system owner is typically a law enforcement
authority but can also be a private entity. In this use case, the biometric reference database contains
biometric references of persons of interest together with associated identity or contextual information.
EXAMPLE 1 A VSS uses face, voice or gait recognition to search a watchlist to determine whether people walking in
a specific area are persons of interest enrolled in the watchlist.
The watchlist can include biometric references obtained from mug shots, portraits from identity documents,
or samples from another BISPCS, like videos or voice recordings. The references can be added to and
removed as required while following applicable regulations.
NOTE 1 This type of biometric reference database is referred to as a Type 1 database in A.1.2.

© ISO/IEC 2025 – All rights reserved
In a typical use case, the BISPCS captures the facial image probes of subjects within range, for example, and
compares them against the watchlist to find and return potential matches.
NOTE 2 In some cases, users register voluntarily for a watchlist (e.g. VIP programmes or gambling addicts list in
casinos). Such users, as well as all passers-by, are still considered passive biometric capture subjects.
In the “investigation after a criminal event” use case, passive capture subjects can be processed and enrolled
in the system to constitute a biometric reference database.
NOTE 3 This type of biometric reference database is referred to as a “Type 2” database in A.1.2.
EXAMPLE 2 A biometric system uses facial recognition to identify whether a suspect was in a specific area at a
specified time. Faces from all bystanders present near a crime scene are encoded to constitute the biometric reference
database. A biometric probe from a known felon or a suspected felon is then searched against this biometric reference
database to determine if they were present.
In this use case, the BISPCS operates at a specific location. The BISPCS can be a VSS which operates routinely
for law enforcement purposes or it can be private system.
The biometric probe can be created in various ways, such as from:
— a mug shot, whether pre-existing or acquired during the investigation;
— an available identity document;
— another passive biometric capture, like video recordings.
Further examples of use cases and scenarios can be found in Annex A.
Examples of use cases and scenarios for systems that do not involve passive capture subjects include:
— any biometric systems that verify a biometric claim, such as assessing during border control that
a person is the rightful holder of an identity document by comparing a biometric capture with the
biometric reference stored in that document, because the system performs a biometric verification and
not a biometric identification;
— biometric systems deployed on personal devices, e.g. for unlocking smartphones or biometric validation
of remote payment, because the capture subject is actively involved in the biometric capture process;
— biometric access control systems, where persons try to get access to an area by presenting their biometric
characteristics to be verified, because the capture subjects are aware of the system and actively involved
in the biometric capture process.
6.3 Minimizing identification errors
The quality of biometric data captured from passive capture subjects can often negatively influence
identification error rates due to lack of control over capture. As the use cases considered imply that
identification errors can lead to adverse consequences for the capture subjects, measures shall be taken to
compensate the impact of the false-negative identification rate (FNIR) and the false-positive identification
rate (FPIR). These shall include at a minimum:
— the involvement of trained biometric system operators to monitor automated identification results and
to adjudicate automated identification decisions;
— a process that utilizes further confirmation that the biometric probe matches a biometric reference
when confidence levels of match decisions are low to confirm the true identity of the person in question,
e.g. identity document checks.
For some use cases, such as prevention of imminent threats, the BISPCS can process biometric data in real
time to raise alerts which are assessed in the field through direct human intervention.

© ISO/IEC 2025 – All rights reserved
7 Consideration of risk arising from BISPCS
Both the biometric system owner and the biometric system provider shall conduct risk assessment activities.
It is recommended that these activities be based on objective criteria and follow references ISO/IEC 31000,
ISO/IEC 27701, IEC 31010, ISO/IEC 29134, ISO/IEC 23894 and ISO/IEC 42001.
The biometric system provider shall conduct a risk assessment based on the intended use cases of the
system and provide suitable mitigation measures for its operational deployment. The biometric system
provider shall provide clear and understandable information and documentation to the biometric system
owner about the intended use case, capabilities and limitations of the system and any other factors that can
affect risks.
The biometric system owner shall assess the risks that the BISPCS can pose in the specific use case and
target environment, including whether BISPCS is the most appropriate technology for the intended purpose.
The biometric system provider should assist the biometric system owner in this use-case-specific risk
assessment. Given the socio-technical nature of risks – in that such risks concern the interaction of the
technical capabilities and limitations of a system, with social, legal, regulatory and environmental factors
specific to the context in which a system is deployed – this use-case-specific risk assessment is important.
Biometric system owners shall produce a risk assessment document in which the consequences of the
following kinds of error are discussed:
— a false negative, where the capture subject is in the reference biometric database but no identity is
returned;
— a false positive, where the capture subject is not in the reference biometric database but another identity
is returned;
— a false positive, where the capture subject is in the reference biometric database but another identity is
returned;
— a failure to acquire, where a biometric sample should be captured, but is not.
The biometric system owner can incorporate developer-provided information into this risk assessment.
The following examples show potential considerations which can arise in a risk assessment for a theoretical
use case.
EXAMPLE 1 In a “compulsive gambler detection” use case, a missed detection or a false negative can allow a
compulsive gambler into the casino, while a false positive can lead to an incorrect inquiry or expulsion of a legitimate
casino patron.
EXAMPLE 2 The developer’s recognition algorithm documentation describes elevated false positive rates in
children. In the compulsive gambler detection use case, this is immaterial because policy is not to enrol children.
EXAMPLE 3 The developer’s recognition algorithm documentation indicates the highest false positive rates
in individuals exhibiting certain racial and ethnic features. The threshold has been set to achieve the desired false
positive rate data on that population, so it is anticipated that the overall false positive rates will be lower than that
specific rate.
NOTE Risk assessments can be made in conjunction with external stakeholders and special interest groups,
including but not limited to civil liberties, policy equity, legal advocacy and justice organizations.
For the specific use case of facial recognition used for law enforcement, the World Economic Forum published
[8]
a white paper on responsible use. In the absence of local regulation and before deploying a BISPCS, a
biometric system owner can use the proposed self-assessment questionnaire in Reference [8] to ensure that
they have introduced appropriate risk-mitigation processes.

© ISO/IEC 2025 – All rights reserved
8 Design and development practice
8.1 Biometric system and algorithm
The biometric system developer shall document the system’s intended purpose, and the rationale for
developing the biometric algorithm to process captured data to achieve this intended purpose. The
biometric system developer shall also document operating assumptions and limitations, types of biometric
characteristic to be captured and processed, quality and compatibility requirements and biometric
performance characteristics. The biometric system developer shall document the BISPCS use cases and how
fitness for purpose for these is determined.
The biometric system developer should utilize controls described in ISO/IEC 42001. Organizations can
implement these controls to assure that the BISPCS considers impacts to interested parties, to design and
develop AI responsibly, and to assure the use of high quality data.
For developing a VSS, see ISO/IEC 30137-1 for further information.
The biometric system developer should aim for the biometric algorithm to reach sufficient biometric
performance according to the use case, such as FNIR/FPIR trade-off for the target FPIR operating point.
Biometric performance measurement during development shall be documented using relevant testing and
reporting methodologies defined in ISO/IEC 19795-1, ISO/IEC 19795-2 and ISO/IEC 19795-10. Biometric
algorithm performance shall be based on training, validation and testing datasets consistent with the
intended use case which is provided by the biometric system owner. The biometric system provider shall
document compliance with applicable data protection requirements.
The biometric system developer shall work to minimize differential recognition error rates across
demographic groups comprising the target capture subjects for the system. The biometric system developer
shall document efforts to reach sufficient biometric performance and to reduce demographic differential of
error rates. Such documentation shall include information on biometric algorithm development as well as
the training and selection of a machine learning model.
Biometric performance testing documentation shall state the degree to which biometric algorithm
performance is sufficient and fit for the system’s intended purpose.
EXAMPLE 1 The biometric performance testing report specifies the sample quality and resolution necessary for
the biometric algorithm to achieve a specified level of performance. This is information that biometric system owners
can then use.
The training and validation datasets should include data representative of the intended use case, including
environment and target population. The training and validation datasets may additionally include more
diverse data and the balance between groups may be different than the target population for generalization
purposes. The use of training and validation data shall be consistent with any licence or user-generated
content restrictions.
As far as possible, the testing dataset shall be representative of the target population and the intended
use case, and the test reports shall describe the efforts taken to achieve this objective. This is necessary
to predict the performance of the deployed system, including the projected performance differential
for different demographic groups. The report should provide data on differential performance across
demographic groups so that stakeholders can determine whether performance is in line with the general
principles of fairness and non-discrimination of all individuals.
Training and testing datasets shall be disjoint sets.
EXAMPLE 2 The report before release of a system can include biometric performance reported on various
demographic groups representative of the target population with empirical validation of a low differential.
The biometric system developer should embed mechanisms to provide explainability of the BISPCS outputs
to the biometric system operator.
1)
NOTE ISO/IEC TS 6254:— intends to provide support for development of such mechanisms.
1) Under preparation. Stage at the time of publication: ISO/IEC DTS 6254:2025.

© ISO/IEC 2025 – All rights reserved
The BISPCS should be developed so that comparison scores returned are understandable by a biometric
system operator. Preferably, the comparison score should be directly interpretable as an expected FPIR
and this interpretation should be stable throughout the system life cycle (for example, to automatically
compensate for changes such as increase of biometric reference database size or to the environment).
EXAMPLE 3 For a given system, an increase of 10 in comparison score is interpretable as a tenfold decrease in
expected FPIR. Therefore, for example, if a comparison score of 10 corresponds to 1 % FPIR, then a comparison score
of 20 corresponds to 0.1 % FPIR and a comparison score of 30 corresponds to 0.01 % FPIR.
8.2 Impact of capture devices on training and testing
Biometric developers should select training data from relevant capture devices that is representative of
operational use. For systems that utilize a specific biometric algorithm for a particular capture device, the
developer should train machine learning models on data from all relevant variations of the capture device.
If biometric capture devices have various settings in
...