A policy brief “Independent Evaluation of Biometric Technology in the EU: State of Play and Future Options” highlights a growing gap in Europe’s digital infrastructure that we lack independent capacity to test and verify biometric systems.
Biometric technologies, like facial recognition, fingerprints, and iris scans, are now embedded across everyday life in the European Union. They unlock smartphones, verify identities in banking, and underpin border control and law enforcement systems that have been in use for over 50 years. But as their influence grows, so do the consequences of getting them wrong.
Performance matters and accuracy, bias, robustness, and transparency are not technical details; they are fundamental rights issues.
The report published by INTERPOL highlights that despite the stakes, the EU currently lacks a strong, unified system to evaluate how well biometric technologies actually perform. Instead, public authorities often rely on results from the National Institute for Standards and Technology, whose large-scale programmes – like the Face Recognition Vendor Test (FRVT) and Fingerprint Vendor Technology Evaluation (FpVTE) – have become global benchmarks.
But this reliance creates a structural weakness. NIST evaluations are designed around U.S. government needs, not European legal frameworks or operational realities. The report warns that the EU has little control over what gets tested, how it is tested, or whether results will continue to be publicly available.
At the same time, evaluations carried out by vendors or private laboratories often lack transparency. They typically test only their own systems, use non-public datasets, and do not allow meaningful comparison across technologies. This limits trust and makes it difficult for policymakers or public authorities to make informed decisions.
Testing biometric systems properly is not simple. The report highlights that meaningful evaluation depends on access to large-scale, representative datasets and data that reflects real-world conditions, including demographics, environmental factors, and data quality.
Here lies a major EU challenge. Strict legal frameworks such as the General Data Protection Regulation and the EU Artificial Intelligence Act tightly regulate how personal and biometric data can be used. While these rules protect individuals, they also make it difficult to access and reuse data for testing purposes.
Yet paradoxically, these same laws increase the need for robust evaluation. Under the AI Act, high-risk systems, including many biometric applications, must demonstrate that they are trained and tested on datasets that are accurate, relevant, and representative. Without proper evaluation infrastructure, meeting these requirements becomes significantly harder.
The EU does have pockets of expertise. National institutions such as Germany’s Biometrics Evaluation Centre, France’s Inria, and the Netherlands Forensic Institute conduct evaluations. EU-funded projects like BEAT and BioSecure have also developed tools, datasets, and testing platforms.
But these efforts are limited in scale and often one-off. They do not match the continuous, large-scale, and transparent evaluation programmes run by NIST over the past 30 years. As a result, the report says, the EU lacks a consistent benchmark for comparing biometric technologies across vendors and use cases.
The risks of doing nothing
- No trusted benchmarks
- Fragmentation across Member States
- Limited insight into bias and vulnerabilities
- Slower and riskier deployment
- Weaker global influence
A Blueprint for EU independence
To close the gap, the policy brief proposes building a dedicated EU-level evaluation capability based on:
- A common biometric data repository
- A centralised evaluation and testing platform
Building independent evaluation capacity is a strategic necessity. It would strengthen regulatory oversight, support compliance with EU law, improve public trust, and enhance Europe’s technological sovereignty.
