• Content Type

ISO/IEC 9868:2025

Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects

Last updated: 18 Jul 2024

Development Stage

Pre-draft

Draft

Published

23 Oct 2021
18 Dec 2023
13 Feb 2025
published

Scope

This standard establishes recommendations and requirements for remote biometric identification systems including both real-time and ex-post, including AI-based systems:

1. Technical solutions to be implemented in the design and development phases in relation to the following:

  • appropriateness of training and testing datasets and data management practices for the intended purpose;
  • logging capabilities enabling the automatic recording of events (‘logs’) while the system is operating;;
  • provision of information to instruct the operator of the system and information for appropriate use;;
  • human oversight measures, enabling the system to be effectively overseen and managed during the period of use;;
  • accuracy, robustness and cybersecurity.;

2. The standard also establishes requirements on development practices:

  • Risk management process to be implemented by the provider when designing and developing the system, notably in relation to the identification and implementation of solutions described under point (1);
  • Quality management systems to be implemented by the provider in its organisation, including a system for post-market monitoring;

3. The standard also establishes requirements on post-deployment tests and audit of the systems, including:

  • Verification and testing procedures to assess whether the deployed system is proportionate and fitfor- purpose against the requirements given in point (1);;
  • Verification and testing procedures to assess the biometric recognition components are fit-forpurpose against the requirements given in point (1);;
  • Verification procedure to control the appropriateness of the quality management system measures and processes, as described under point (2).;

While the emphasis is on surveillance systems, other types of remote biometric identification systems are in scope, regardless of biometric modality or sensing technology. Not in scope are personal authentication systems, and other types of voluntary, opt-in, systems.

Note: This scope includes both technical biometric aspects and management systems aspects, as discussed on page 7. The latter will be developed as a sector-specific extension of ISO/IEC 42001 AI – Management System.

© ISO/IEC 2022 All rights reserved

External Links

More information
BSI webpage

Let the community know

Categorisation

Domain: Horizontal
Scope: AI-specific
Topic: Accuracy and performance, Data management, Documentation, Human-centred design, Risk management, Robustness, Security and resilience, System quality
Application: Computer vision - Facial recognition
Type: Measurement and test methods, Process, management and governance, Product and performance requirements

Key Information

Organisation: ISO/IEC
Committee: ISO/IEC JTC 1/SC 37
Share on XShare on LinkedIn

Discussion Forum

  • Author
    Posts
  • 31 January 2023 at 3:45 pm
    Up
    0
    ::
    AI Standards Hub

    Share your thoughts on this standard with the AI Standards Hub community here.

  • Author
    Posts

You must be logged in to contribute to the discussion

Login