Integration of biometric features in passports and travel documents

KEY POINTS

The biometric features in passports and travel documents will be used only for verifying the authenticity of the document and the identity of the holder, who will have the right to verify the personal data contained in the passport or travel document and, where appropriate, to ask for rectification or erasure. The collection and storage of biometric data is intended exclusively for the purpose of issuing passports and travel documents.

Passports and travel documents must include a high-security storage medium (chip) for storing digital data and must have sufficient capacity to guarantee the integrity, authenticity and confidentiality of that data. The storage medium contains a facial image and two fingerprints taken flat (rather than rolling individual fingers, nail to nail). These data, which must be in interoperable formats, must be secured.

To ensure that the classified information on security features and the production details are not made available to more parties than necessary, each Member State designates one body to be responsible for producing passports and travel documents. Member States remain free to change that body, if required. For security reasons, each Member State communicates the name of the competent body to the European Commission and the other Member States.

The minimum security standards with which passports and travel documents issued by Member States must comply are set out in the annex to the regulation. These include detailed requirements on:

• the materials used (e.g. special paper, watermarks, fibres);
• the layout, machine readability and protection of the biographical data page;
• anti-forgery printing techniques and optically variable devices;
• the secure integration of biometric and issue data;
• procedures for issuing and personalising the document securely.

These are specifications that are not secret. These specifications are supplemented by specifications that may remain secret in order to prevent the risk of counterfeiting and falsification. These additional specifications are adopted by means of implementing acts by the Commission, are in accordance with international standards and relate to:

• further security features;
• the storage medium and its security;
• common quality requirements for the facial image and the fingerprints.

In 2018, the Commission adopted an implementing decision laying down the technical specifications regarding the standards for security features and biometrics in passports and travel documents, which repealed and replaced similar earlier decisions. The Annex to that decision was subsequently amended in 2021 by another implementing decision, which updated the list of normative references.

Under Regulation (EC) No 444/2009, children under 12 (provisional age limit) and persons for whom this is physically impossible are exempted from fingerprinting. Only qualified and duly authorised staff of national authorities who are responsible for issuing passports and travel documents may take biometric identifiers. Passports and travel documents must be issued as individual documents in accordance with international requirements.

Under the rules of the Schengen body of law (acquis) (see summary), Denmark, Ireland and the United Kingdom did not take part in this regulation and so were not bound by it. Denmark, however, decided to implement it in its national law. Iceland, Liechtenstein, Norway and Switzerland, although not part of the EU, will be involved in implementing the regulation.

The regulation does not apply to identity cards issued by Member States to their nationals or to temporary passports and travel documents valid for 12 months or less.