iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC DTS 29196

(Main)

Information technology — Guidance for biometric enrolment

Information technology — Guidance for biometric enrolment

This document provides guidance to organizations relating to successful, secure and usable implementation of biometric enrolment processes. This document details risk factors, legal/privacy issues, and policy aspects that organisations can address during procurement, design, deployment and operation. This document is applicable to any organization, regardless of size, type and nature.

Technologies de l'information — Directives pour l'inscription biométrique

General Information

Status
Not Published
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Drafting Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Current Stage
5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Start Date
12-Sep-2025
Completion Date
12-Sep-2025
Ref Project

Relations

Revises
ISO/IEC TR 29196:2018 - Information technology — Guidance for biometric enrolment
Effective Date
05-Aug-2023
ISO/IEC DTS 29196 - Information technology — Guidance for biometric enrolment Released:29. 08. 2025ISO/IEC DTS 29196 - Information technology — Guidance for biometric enrolment Released:29. 08. 2025
PreviousNext
Draft
ISO/IEC DTS 29196 - Information technology — Guidance for biometric enrolment Released:29. 08. 2025
English language
48 pages
sale 15% off
Preview
sale 15% off
Preview
REDLINE ISO/IEC DTS 29196 - Information technology — Guidance for biometric enrolment Released:29. 08. 2025REDLINE ISO/IEC DTS 29196 - Information technology — Guidance for biometric enrolment Released:29. 08. 2025
PreviousNext
Draft
REDLINE ISO/IEC DTS 29196 - Information technology — Guidance for biometric enrolment Released:29. 08. 2025
English language
48 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


FINAL DRAFT
Technical
Specification
ISO/IEC JTC 1/SC 37
Information technology — Guidance
Secretariat: ANSI
for biometric enrolment
Voting begins on:
Technologies de l'information — Directives pour l'inscription 2025-09-12
biométrique
Voting terminates on:
2025-11-07
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
FINAL DRAFT
Technical
Specification
ISO/IEC JTC 1/SC 37
Information technology — Guidance
Secretariat: ANSI
for biometric enrolment
Voting begins on:
Technologies de l'information — Directives pour l'inscription
biométrique
Voting terminates on:
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Role of biometric capture processing in a biometric system . 3
6 Stakeholders and approaches for enrolment . 6
6.1 Enrolment stakeholders .6
6.2 Enrolment approaches .8
7 Stakeholder interests . 8
7.1 Key observations .8
7.2 Best practices and recommendations .10
7.2.1 General .10
7.2.2 Subject interests .10
7.2.3 Enrolment authority interests . 13
7.2.4 Operator interests .21
7.2.5 Relying party interests . 26
7.2.6 Designer and developer interests .27
7.2.7 Regulator interests. 33
7.2.8 Auditor interests . 34
8 Biometric enrolment capability development .34
8.1 General . 34
8.2 Enrolment station architecture and design . 34
8.3 System definition. 35
9 Modality specific guidance .35
9.1 General . 35
9.2 Facial biometric systems . 36
9.2.1 General . 36
9.2.2 Environment . 36
9.2.3 Pose and position . 36
9.2.4 Ethnicity .37
9.2.5 Improvements .37
9.2.6 Glasses . 38
9.3 Fingerprint biometric systems . 38
9.3.1 General . 38
9.3.2 Fingerprint capture considerations . 39
9.3.3 Single finger systems . 39
9.3.4 Tenprint systems . 40
9.4 Vascular (vein) authentication systems . 40
9.4.1 General . 40
9.4.2 Palm vein technology . 40
9.4.3 Finger vein technology .41
9.5 Iris biometric systems .41
10 Mobile applications .43
10.1 Best practice guidelines .43
10.2 Fingerprint systems .43
10.3 Facial image systems .45
10.4 Iris systems . 46
Bibliography . 47

© ISO/IEC 2025 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see ww
...


ISO #####-#:####(X)/IEC DTS 29196
ISO/TC ###/IEC JTC 1/SC 37/WG 4
Secretariat: ANSI
Date: 2024-07-14
Information technology – — Guidance for biometric enrolment

WDTechnologies de l'information — Directives pour l'inscription biométrique
FDIS stage
Warning for WDs and CDs
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
change without notice and may not be referred to as an International Standard.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.

A model document of an International Standard (the Model International Standard) is available at:

© ISO #### – All rights reserved

ISO #####-#:####(X)
2 © ISO #### – All rights reserved

© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
iii
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 4
5 Role of biometric capture processing in a biometric system . 4
6 Stakeholders and approaches for enrolment . 7
6.1 Enrolment stakeholders . 7
6.2 Enrolment approaches . 11
7 Stakeholder interests . 12
7.1 Key observations . 12
7.2 Best practices and recommendations . 13
8 Biometric enrolment capability development . 40
8.1 General . 40
8.2 Enrolment station architecture and design . 41
8.3 System definition . 41
9 Modality specific guidance . 42
9.1 General . 42
9.2 Facial biometric systems . 42
9.3 Fingerprint biometric systems . 45
9.4 Vascular (vein) authentication systems . 47
9.5 Iris biometric systems . 49
10 Mobile applications . 50
10.1 Best practice guidelines . 50
10.2 Fingerprint systems . 51
10.3 Facial image systems . 52
10.4 Iris systems . 53
Bibliography . 55

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members
of ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC
Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs). ).
Attention is drawnISO and IEC draw attention to the possibility that some of the elementsimplementation of
this document may beinvolve the subjectuse of (a) patent(s). ISO and IEC take no position concerning the
evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication
of this document, ISO and IEC had not received notice of (a) patent(s) which may be required to implement
this document. However, implementers are cautioned that this may not represent the latest information,
which may be obtained from the patent database available at www.iso.org/patents and https://patents.iec.ch
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see ).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation onof the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the following URL: IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
This thirdfirst edition cancels and replaces the second edition (ISO/IEC TR 29196:2018), which has been
technically revised and converted into a Technical Specification.
The main changes are as follows:
— recommendations added throughout the document;
— Clause 3 Terms and references modified;
— information about enrolment updated to state of art;
— Annex A removed.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© ISO/IEC 2025 – All rights reserved
v
Introduction
One of the most important contributions to a successful biometric recognition system is a consistent biometric
enrolment service (‘("biometric capture process’)process") that stores biometric data captured from
individuals for biometric comparison purposes. Biometric data captured for subsequent verifications or
identifications will beare compared with the biometric data collected at enrolment time. If the quality of the
biometric samples captured for enrolment is not consistently maintained, the performance of the biometric
recognition system is likely to be unreliable. For those who are enrolled in a verification system, a poor quality
enrolment will result inis an inconvenience shouldif they fail to beare not recognized. (Readers of this
document should note that quality
NOTE Quality has a specific meaning when applied to biometric systems, comparesee ISO/IEC 29794-1;: a high
quality capture is one that results in biometric data that provides good comparison scores when compared with other
high quality images from the same biometric feature.).
Principles based on stakeholder requirements can guide the development of system policy that would seek to
ensure that the quality of biometrics samples captured for enrolment are fit for purpose. Where biometric
capture processing is outsourced to a third party, a shared understanding of quality is an extremely important
basis for ensuring the relying party, and the Enrolment Authority,enrolment authority are aligned on what
constitutes a biometric sample of acceptable quality.
Although the recommendations and guidelines in this document are directed primarily to the parties
responsible for the biometric capture process itself and for management of the enrolment service (noting that
these two entities maycan be one and the same), they willare also be of value to the designers and developers
of enrolment systems.
© ISO/IEC 2025 – All rights reserved
vi
Information technology – — Guidance for biometric enrolment
1 Scope
This document consolidates informationgives guidance relating to successful, secure and usable
implementation of biometric enrolment processes, while indicating risk factors that organizations proposing
towhich use biometric technologies shouldcan address during procurement, design, deployment and
operation. Much of the informationthis document is generic to many types of applicationapplications, e.g. from
national scale commercial and government applications, to closed systems for in-house operations, and to
consumer applications. However, the intended application and its purpose often have influence on the
necessary enrolment data quality and are intended to be taken into account when specifying an enrolment
system and process.
TheThis document points outspecifies the differences in operation relating to specific types of application, e.g.
where self-enrolment is more appropriate than attended enrolment. This document focuses on mandatory,
attended enrolment at fixed locations. In summary, this documentIt ultimately consolidates information
relating to better practicepractices for the implementation of biometric enrolment capability in various
business contexts including considerations of process, function (system), and technology, as well as
legal/privacy and policy aspects.
TheThis document provides guidance on collection and storage of biometric enrolment data and the impact
on dependent processes of verification and identification. This document does not include material specific to
forensic and law enforcement applications.
This document does not contain any mandatory requirements. The following terms are used in this document
to provide guidance.
The terms “should” and “should not” indicate that among several possibilities one is recommended as
particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred
but not necessarily required, or that (in the negative form) a certain possibility or course of action is
discouraged but not prohibited.
The term “may” indicates a course of action permissible within the limits of the publication.
The terms “can” and “cannot” indicate a possibility and capability, whether material, physical or causal.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382--37, Information technology — Vocabulary — Part 37: Biometrics
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 2382--37 and the following
apply.
ISO and IEC maintain terminologicalterminology databases for use in standardization at the following
addresses:
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 20059:2025(Main)
Information technology — Methodologies to evaluate the resistance of biometric systems to morphing attacks

This document establishes a methodology to evaluate the resistance of BSs to morphing attacks, including multiple identity attacks. The document is limited to image-based morphing attacks. The term "image-based" includes modalities such as face, iris and finger image data. The document establishes: — a definition of biometric sample modifications and manipulation with a specific focus on manipulations that constitute a multiple identity attack. This can be, for instance, an enrolment attack with face image morphing; — a methodology to measure the morphing attack potential of a morphing method. The document also describes how morphing algorithms can be used for system evaluation.

  • Standard
    16 pages
    English language
    sale 15% off
  • Draft
    17 pages
    English language
    sale 15% off
  • Draft
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 19785-4:2025(Main)
Information technology — Common Biometric Exchange Formats Framework — Part 4: Security block format specifications

This document specifies security block (SB) formats (see ISO/IEC 19785-1) registered in accordance with ISO/IEC 19785-2 as formats defined by the Common Biometric Exchange Formats Framework (CBEFF) biometric organization ISO/IEC JTC 1/SC 37. This document also specifies registered SB format identifiers. NOTE The SB format identifier is recorded in the standard biometric header (SBH) of a patron format (or defined by that patron format as the only available SB format). The general-purpose SB format specifies whether the biometric data block (BDB) is encrypted or the SBH and BDB have integrity applied (or both). The general-purpose SB format can include ACBio instances (see ISO/IEC 24761). This SB provides all necessary security parameters, including those used for encryption or integrity. This document does not restrict the algorithms and parameters used for encryption or integrity, but it provides for the recording of such algorithms and parameter values. This document does not cover profiling to determine what algorithms and parameter ranges can be used by the generator of an SB for a particular application area, and hence what algorithms and parameter ranges have to be supported by the user of an SB. The second SB format is more limited but simpler. In particular, it cannot contain ACBio instances and does not support encryption of the BDB. The general-purpose SB format in XML provides for specification of whether the BDB is encrypted or the SBH and BDB have integrity applied (or both).

  • Standard
    20 pages
    English language
    sale 15% off
  • Draft
    18 pages
    English language
    sale 15% off
  • Draft
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 19785-3:2025(Main)
Information technology — Common Biometric Exchange Formats Framework — Part 3: Patron format specifications

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs. See Annex A for rules on how patron formats are defined using CBEFF data elements.

  • Standard
    142 pages
    English language
    sale 15% off
  • Draft
    139 pages
    English language
    sale 15% off
  • Draft
    139 pages
    English language
    sale 15% off
ISO
ISO/IEC 29794-5:2025(Main)
Information technology — Biometric sample quality — Part 5: Face image data

This document establishes requirements on implementations that quantify how a face image’s properties conform with those of canonical face images, for example those specified in ISO/IEC 39794-5:2019, Clause D.1, for three use-cases: 1) collection of reference samples for ID documents; 2) sample system enrolment; and 3) probes for instantaneous response. This document also establishes terms and definitions for quantifying face image quality and specifies methods for quantifying the quality of face images. This document does not establish requirements on: — assessing the quality of pairs or sequences of images; NOTE This document establishes requirements for software that inspects exactly one image. This document does not establish requirements for software that compares two or more images (such as biometric recognition). However, the computations of this document can be applied separately to each image in a pair or sequence. — assessing the quality of 3D captures; — encodings of face image quality data; — performance evaluation of face image quality assessment algorithms. The use cases within scope of this document primarily address the assessment of images from data capture subjects who consent to processing of their biometric data, or for whom biometric capture is operationally authorized.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 19794-14:2022/Amd 1:2025(Amendment)
Information technology — Biometric data interchange formats — Part 14: DNA data — Amendment 1: Conformance requirements
  • Standard
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC 9868:2025(Main)
Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects

This document provides recommendations and requirements for the design, development, use and maintenance of biometric identification systems involving passive capture subjects, including pre- and post-deployment evaluation. While the emphasis is on surveillance systems, this document is also applicable to other types of biometric identification systems involving passive capture subjects, regardless of biometric characteristic or sensing technology. This includes systems involving passive capture of subjects where some capture subjects enrolled voluntarily. This document does not apply to biometric verification systems and biometric identification systems only involving capture subjects deliberately taking part in the capture. This document does not define specific services, platforms or tools.

  • Standard
    30 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24722:2024(Main)
Information technology — Biometrics — Multimodal and other multibiometric fusion

This document provides descriptions and analyses of current practices on multimodal and other multibiometric fusion, including (as appropriate) references to more detailed descriptions. This document contains descriptions and explanations of high-level multibiometric concepts to aid in the explanation of multibiometric fusion approaches including: multi-characteristic-type, multi-instance, multi-sensorial, multialgorithmic, decision-level and score-level logic.

  • Technical report
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 22604:2024(Main)
Information technology — Biometric recognition of subjects in motion in access-related systems

This document establishes requirements for the development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solutions acquire biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, thus controlling access using contactless biometrics.

  • Technical specification
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 21419:2024(Main)
Information technology — Cross-jurisdictional and societal aspects of implementation of biometric technologies — Use of biometrics for identity management in healthcare

This document describes potential applications of biometrics in identity management systems used for medical and healthcare purposes. It provides feedback from healthcare practitioners on the advantages, disadvantages, risks and priority of implementing certain use cases of healthcare with biometrics. For those use cases, information related to the selection of biometric type and associated measures related to security and privacy protection is provided to system designers. The document concentrates on aspects of the subject which apply to the good management of healthcare services for patients who need monitoring, treatment and care in hospitals, clinics or at home, but can be incapacitated. It does not cover the measurement and interpretation of symptoms and biological data for the purposes of medical treatment or research. The document is intended to be useful for the management of public and private healthcare systems anywhere in the world, and to commercial providers of identity management services and equipment. It is also potentially relevant to regulatory stakeholders addressing issues of privacy and legality, and the assessment of potential vulnerabilities in biometrics and identity management systems applied in the healthcare sector.

  • Technical specification
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 19795-10:2024(Main)
Information technology — Biometric performance testing and reporting — Part 10: Quantifying biometric system performance variation across demographic groups

This document establishes requirements for estimating and reporting on performance variations observed when cohorts belonging to different demographic groups engage with biometric enrolment and recognition systems. In this context, performance refers to failure-to-enrol rate, failure-to-acquire rate, shifts in comparison score, recognition error rates, and aspects of response and processing time (throughput). This document is applicable to the following: — demographic group membership; — using phenotypic measures; — reporting on tests; — stating statistical uncertainty estimates; — operational thresholds settings; — equitability; — procurement agency activities. This document also provides terms and definitions to be used when reporting performance variation across demographic groups. This document is applicable to: — technology evaluations of algorithms, subsystems and systems; — scenario evaluations of systems; — operational evaluations of fielded systems. Application of this document does not require detailed knowledge of a system’s algorithms but it does require specific knowledge of the demographic characteristics for the population of interest.

  • Standard
    25 pages
    English language
    sale 15% off