SIST-TS CEN/TS 18212-1:2026

SLOVENSKI STANDARD
01-julij-2026
Osebna identifikacija - Zahteve za biometrične izdelke - 1. del: Splošne zahteve in
definicija aplikacijskega profila
Personal identification - Requirements for biometric products - Part 1: General
requirements and application profile definition
Persönliche Identifikation - Anforderungen an biometrische Produkte - Teil 1: Allgemeine
Anforderungen und Definition des Anwendungsprofils
Identification personnelle - Exigences relatives aux produits biométriques - Partie 1:
Exigences générales et définition du profil d'application
Ta slovenski standard je istoveten z: CEN/TS 18212-1:2026
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 18212-1
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
April 2026
TECHNISCHE SPEZIFIKATION
ICS 35.240.15
English Version
Personal identification - Requirements for biometric
products - Part 1: General requirements and application
profile definition
Identification personnelle - Exigences relatives aux Persönliche Identifikation - Anforderungen an
produits biométriques - Partie 1: Exigences générales biometrische Produkte - Teil 1: Allgemeine
et définition du profil d'application Anforderungen und Definition des Anwendungsprofils
This Technical Specification (CEN/TS) was approved by CEN on 20 March 2026 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2026 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 18212-1:2026 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Acronyms and abbreviated terms . 8
5 General concepts . 9
5.1 Evaluation actors (informative) . 9
5.1.1 General . 9
5.1.2 Conformity assessment bodies (CAB (3.3)) . 10
5.1.3 Sponsor . 11
5.1.4 Vendor . 12
5.1.5 Product manufacturer (3.7) (PM (3.7)) . 12
5.1.6 Consumer (3.4) . 12
5.2 Evaluation process . 12
5.2.1 Overall description . 12
5.2.2 Evaluation phases . 13
5.3 Documents involved in the evaluation . 14
5.3.1 Application profile (3.1) (AP (3.1)) . 14
5.3.2 Security Target (3.8) (ST (3.8)) . 14
5.3.3 TOE (3.9) Specification . 14
5.3.4 Evaluation technical report (3.5) (ETR (3.5)) . 15
6 Definition of the levels of assurance (LoA) . 16
7 Definition of individual tests . 17
8 Definition of application profiles (APs (3.1)) . 17
8.1 Introduction . 17
8.2 TOE (3.9) description . 18
8.3 Evaluation type target . 18
8.4 Levels of assurance . 18
8.5 Phase 1: Interoperability evaluation . 19
8.6 Phase 2: TOE (3.9) performance evaluation . 19
8.6.1 General . 19
8.6.2 Metrics for functional error classification rates . 19
8.6.3 Content of this section . 19
8.7 Phase 3: Vulnerability assessment . 19
8.7.1 General . 19
8.7.2 Metrics for security error classification rate . 20
8.7.3 Attack rating methodology . 20
8.7.4 Content of this section . 20
8.8 Requirements for the overall decision . 20
Annex A (informative) Example of the structure of an ETR (3.5) with the minimal content . 22
Bibliography . 23
European foreword
This document (CEN/TS 18212-1:2026) has been prepared by Technical Committee CEN/TC 224
"Personal identificatiön and related personal devices with secure elements, systems, operations and
privacy in a multi sectorial environment", the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specificatiön: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic
of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tu�rkiye and the
United Kingdom.
Introduction
The use of remote services has increased significantly. This was boosted during 2020-2021, when many
service providers and administrations migrated most of their processes to online handling. Many online
services can now be found, such as opening of a bank account, claiming expenses, paying taxes, starting
legal actions, etc.
For all these services there is the need of identifying the persons claiming for that service, and doing it
in a comfortable, universal, reliable and auditable way. Even though some of those services, in some
countries, were deployed using public key infrastructures (PKIs), as recommended by eIDAS [1], this
approach was far away from being used by a significant part of the population.
Biometric recognition has been considered as a technology to solve the binding between the system
and the consumer. Adding biometric recognition to all kind of systems is a common practice nowadays.
In this context, service providers and administrations define their own requirements, select the
products and deploy the solution. On the other hand, manufacturers implement different solutions to
different customers, in order to fulfil each of those requirement sets. Both sides would benefit from
standards and regulations, on which to rely for the product definitiön.
Everybody benefits from having a common way of defining those requirements, and a detailed
evaluation methodology. These two items can be used by conformity assessment bodies or by business
owners, to create their own certificatiön schemes for this kind of technology/products, by following
applicable standards.
NOTE ISO/IEC 17000 and related standards are examples of applicable conformity assessment standards.
This document is addressing this need for the case of biometric products, analysing and merging all
current works, and defining a detailed set of requirements, a biömetric-möde-specific evaluation
methodology, and the passing criteria for different application pröfiles. This document has been
developed with consideration for GDPR principles.
Application pröfiles (APs) are targeting the evaluation of a specific range of products using biometric
recognition. APs are the baseline for checking conformity with the CEN/TS 18212 series. Indeed, a
product manufacturer (PM), product vendor (PV) or sponsor can ask a conformity assessment body
(CAB) for the evaluation of a specific product to check its conformity according to the CEN/TS 18212
series and a specific AP (see Clause 8) at a certain level of assurance (basic, substantial or high; see
Clause 6).
The specificatiöns given in this document are based on EN ISO/IEC 2382-37:2023 [2], ISO/IEC 19989-3
[3] and the ISO/IEC 17000 family of standards, including ISO/IEC 17007 [4], EN ISO/IEC 17025 [5] and
EN ISO/IEC 17065 [6]. These standards specify all processes dealing with evaluation and certificatiön
of products and services, either related to their performance or to their security.
These objectives are reached by the development of a multipart Technical Specificatiön (i.e. the
CEN/TS 18212 series) with the following structure:
— Parts 1-3: Defining the generic principles and methodologies, not requiring a biometric mode
specific approach.
In particular these parts will be:
— Part 1: General requirements and application pröfile definitiön
— Part 2: Interoperability tests
— Part 3: Functionality evaluation methodology
— Parts 4-n: Planned future parts of the CEN/TS 18212 series, defining the particularities of each
biometric mode (e.g. specific tests, specific requirements), and containing, each of the parts, a set
of APs, that will establish the test and requirements applicable for a specific application and context.
Those APs will be addressed in individual annexes, following the structure provided in CEN/TS
18212-1:2026.
For example, these parts can be:
— Part 4: Fingerprint biometrics
— Part 5: Face biometrics
1 Scope
This Technical Specificatiön (TS) series provide a generic framework for the establishment of
requirements and their evaluation methodology for biometric products. The requirements depend on
the biometric mode considered, and are adapted to each scenario, through the definitiön of a variety of
application pröfiles (APs). In addition, this TS series provides the definitiön of the individual tests that
can be applied to a biometric product.
This document specifies the context for the evaluation of biometric products within the context of the
European Union, as well as the general requirements for such evaluation. This will be defined in a
biometric mode-independent point of view, as well as not being biased by the particular application
which is the target of the biometric product to be assessed.
This first part defines the following items:
— biometric evaluation process;
— biometric evaluation phases;
— how to define each particular biometric test;
— how to define the pröfiling for a particular application.
NOTE 1 Future parts of the CEN/TS series are planned to address the specifics of each biometric mode. For
each of these modalities, this document specifies application-independent tests, as well as a set of APs, that detail
the applicable tests, the evaluation parameters, and the passing criteria.
NOTE 2 Regarding biometrics for public sector applications, see also BSI TR 03121 [7] which can apply.
NOTE 3 For an overview of sectors addressed in the Cybersecurity Act, see Regulation (EU) 2019/881.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 19989-1, Information security — Criteria and methodology for security evaluation of biometric
systems — Part 1: Framework
ISO/IEC 19989-3, Information security — Criteria and methodology for security evaluation of biometric
systems — Part 3: Presentation attack detection
EN ISO/IEC 2382-37, Information technology - Vocabulary - Part 37: Biometrics (ISO/IEC 2382-37:2022)
CEN/TS 18099, Biometric data injection attack detection
3 Terms and definitions
For the purposes of this document, the terms and definitiöns given in EN ISO/IEC 2382-37 and the
following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
application profile
AP
APs
set of specificatiöns, requirements and acceptance criteria for a TOE (3.9) to reach the needs of the
defined area of application
Note 1 to entry: Application pröfiles (APs (3.1)) are defined for each biometric mode, and can be found either in
the annexes of parts 4-n of this TS series, or by an external body following Clause 8.
3.2
certification scheme
conformity assessment scheme
set of rules and procedures that describes de objects of conformity assessment, identifies de specified
requirements and provides the methodology of performing conformity assessment
Note 1 to entry: A conformity assessment scheme can be managed within a conformity assessment system.
Note 2 to entry: A conformity assessment scheme can be operated at an international, regional, national
subnational, or industry sector level.
Note 3 to entry: A scheme can cover all or part of the conformity assessment functions explained in EN ISO/IEC
17000:2020 [8] Annex A.
Note 4 to entry: For the scope of this TS series, both terms are considered synonymous.
[SOURCE: EN ISO/IEC 17000:2020 [8], mödified, Note 4 to entry added.]
3.3
conformity assessment body
CAB
CABs
body that performs conformity assessment activities, excluding accreditation
Note 1 to entry: Conformity assessment activities are defined in EN ISO/IEC 17000:2020 [8] .
Note 2 to entry: A conformity assessment body (3.3) (CAB (3.3)) may be either the certificatiön body, a testing
laboratory (3.10), or both.
[SOURCE: EN ISO/IEC 17000:2020 [8]]
3.4
consumer
individual member of the general public purchasing or using property, products or services for
private purposes
Note 1 to entry: Applying this definitiön to the scope of this document, a consumer (3.4) is a human being interacting
with the Target Of Evaluation (3.9) (TOE (3.9)) from outside of the TOE (3.9) boundary, once the product is
deployed (i.e. not taking part in the evaluation process)
[SOURCE: EN ISO 26000 [9]]
3.5
evaluation technical report
ETR
documentation of the overall result of the evaluation and its justificatiön, produced by the testing
laboratory (3.10) (TL (3.10)), and submitted to a Certificatiön Body (CB )
3.6
evaluator
individual assigned to perform evaluations in accordance with a given evaluation standard and
associated evaluation methodology
EXAMPLE        An example of evaluation standards is the EN ISO/IEC 15408-1 [10] series with the associated
evaluation methodology given in EN ISO/IEC 18045 [11].
[SOURCE: ISO/IEC 19896-1:2018 [12], clause 3.5]
3.7
product manufacturer
PM
organization responsible for the development of the Target Of Evaluation (3.9) (TOE (3.9))
3.8
security target
ST
implementation-dependent statement of security requirements for a Target Of Evaluation (3.9) (TOE
(3.9)) based on a security problem definitiön
3.9
target of evaluation
TOE
set of software, firmware and/or hardware possibly accompanied by guidance, which is the subject of
an evaluation
3.10
testing laboratory
laboratory
TL
body that performs one or more of the following activities:
— testing;
— calibration;
— sampling,
associated with subsequent testing or calibration
Note 1 to entry: In the context of this document, “laboratory (3.10) activities” refer to the three above-mentioned
activities.
Note 2 to entry: Within the scope of this TS series, the activity of calibration is not included, although the laboratory
(3.10) may also be accredited to perform such activity.
[SOURCE: EN ISO/IEC 17000:2020 [8], mödified, Note 2 to entry added.]
4 Acronyms and abbreviated terms
For the purpose of this document, the following acronyms and abbreviated terms apply.
CB Certificatiön Body
CSA Cybersecurity Act [13]
eIDAS electronic Identificatiön, Authentication and Trust Services
eIDAS2 new version of eIDAS
EU European Union / European
EUCC EU Cybersecurity Certificatiön Scheme on Common Criteria [14]
FITCEM Fixed-time cybersecurity Evaluation Methodology, (defined in EN 17640 [15])
GDPR General Data Protection Regulation
ID Identity
LoA Level of Assurance
PAD Presentation Attack Detection (defined in ISO/IEC 30107-1 [16])
PAI presentation attack instrument (defined in ISO/IEC 19989-1 [17])
TSFI TOE (3.9) Security Function Interfaces
5 General concepts
5.1 Evaluation actors (informative)
5.1.1 General
Within any product evaluation, the following actors typically play an important role:
— certificatiön scheme. This is out of the scope of this Technical Specificatiön. In those cases where
the evaluation is part of certificatiön scheme, a third party (i.e. Scheme Owner) could base the
certificatiön scheme on specificatiöns, requirements and methods defined in standards like this
one, providing also the rules for certifying relevant products and/or services;
— Conformity Assessment Body (CAB)
— certificatiön body (CB) – which is out of the scope of this document;
— testing laboratory (TL);
— sponsor;
— vendor;
— product manufacturer (PM);
— consumer.
Each of those actors are described in following subclauses.
An example of the relationship that could exist among the above-mentioned actors is summarized in
Figure 1.
Figure 1 — Example of relationships among the actors and elements involved in the evaluation
The sponsor will request the evaluation to the CAB (3.3), including which is the AP (3.1) that will be
applicable to the TOE (3.9). Then the PM (3.7) or the vendor will provide the TL (3.10) with the relevant
documents needed to start the evaluation (i.e. the ST (3.8) and the TOE (3.9) Specificatiön). Then the
TL (3.10) will plan and execute the relevant tests according to the AP (3.1) and the Evaluation
Methodology, to the TOE (3.9). If the TOE (3.9) passes all the evaluation, then the consumer (3.4) may
use the TOE (3.9), provided typically from the vendor.
Within the scheme, the following is defined:
— policies – out of scope of this document;
— biometric Evaluation Methodologies (Part 2 and 3 and individual tests in parts 4-x);
— biometric AP (3.1) (annexes in each part 4-x).
EXAMPLE Examples of policies are a) the requirement for TLs to be EN ISO/IEC 17025 [18] certified, and/or
b) how is the certificate and its duration issued, etc.
5.1.2 Conformity assessment bodies (CAB (3.3))
5.1.2.1 Certification body (CB)
A certificatiön body is a conformity assessment body performing the third-party conformity assessment
activity certificatiön, as defined in EN ISO/IEC 17000:2020 [8]. This document does not add any further
specificatiön or requirements to certificatiön bodies, as its activity is out of the scope of this document.
The certificatiön body assesses whether the system, product or person complies with the certificatiön
requirements.
Its role consists in:
— preparing the certificatiön;
— issuing the certificate, in which the AP (3.1) to which the certificatiön is obtained shall be specified;
— accrediting the testing laboratory (3.10).
The certificatiön scheme (3.2) may consider that the certificates issued are valid for a fixed period of
time, after which a recertificatiön can be performed. The maintenance of the certificatiön may include
assessment procedures to be performed during the validity of the certificatiön. The periodicity of the
certificate validity is defined in the certificatiön scheme (3.2), which is not in the scope of this standard
series.
Requirements for the certificatiön body can be found in EN ISO/IEC 17065 [6]
5.1.2.2 Testing laboratory (3.10) (TL (3.10))
Within the scope of this TS series, a testing laboratory (3.10) is body that performs third-party
conformity assessment activity, as defined in EN ISO/IEC 17000:2020 [8]. More in detail, the TL (3.10)
performs, at least, one or more of the following activities:
— testing;
— sampling, associated with subsequent testing [adopted from EN ISO/IEC 17025 [5].
The role of the testing laboratory (3.10) is to apply the testing methodology described in the parts 2 to
N (depending of the TOE (3.9)). The detailed specificatiön of the tests to be performed and its
methodology is given in the corresponding AP (3.1) applicable to the TOE (3.9) (see 5.2 and Clause 6).
NOTE 1 It is suggested that the testing laboratory (3.10) complies with the requirements provided by EN
ISO/IEC 17025 [19] or equivalent.
Evaluators are the staff in charge of performing the conformity assessment.
The CAB (3.3) or the TL (3.10) are expected to employ or be able to call on a sufficient number of staff
to cover the operations related to the evaluation, as well as the applicable standards and other normative
documents.
Evaluators are expected to have the skills appropriate to the functions they perform, including the ability
to make the necessary technical decisions, define policies and implement them.
NOTE 2 The evaluation can need special equipment as well as in-depth knowledge about biometrics.
As a synthesis, all evaluators are expected to act impartially, be competent and work in accordance
with the CAB (3.3) management system.
5.1.3 Sponsor
The sponsor is the entity the contacts the CAB (3.3) in order to request the certificatiön of the TOE
(3.9). The sponsor can be related to the manufacturing or selling of the TOE (3.9), or it can be a third
party interested in evaluating the TOE (3.9).
5.1.4 Vendor
The vendor is the entity in charge of selling and/or distributing the biometric product (i.e. the TOE
(3.9)). The vendor may be the sponsor and/or the PM (3.7).
5.1.5 Product manufacturer (3.7) (PM (3.7))
The product manufacturer (3.7) (PM (3.7)) produces the TOE (3.9) and is responsible for providing the
evidence required for the evaluation (e.g. training, design information), on behalf of the sponsor. The
PM (3.7) may be the sponsor of the evaluation.
5.1.6 Consumer (3.4)
The consumer (3.4) is either a human being or a machine, that interacts with the biometric product
once the biometric product is sold or deployed. The consumer (3.4) is an actor that do not take part in
the evaluation, but for whom the evaluation is thought.
5.2 Evaluation process
5.2.1 Overall description
Before performing the evaluation’s tests, the sponsor or the product manufacturer (3.7) provides two
documents:
— Security Target (3.8) (ST (3.8)): (see 5.3.2), that will help the TL (3.10) to detect the points where
the security evaluation will focus.
— TOE (3.9) Specificatiön: which defines the TOE (3.9) design (i.e. the functional relationships among
subsystems and modules) and the information exchange with the external world (TSFI s)
NOTE 1 It can happen that the sponsor and/or the PM (3.7) need the assistance of a third-party consultant, or
even the TL (3.10) selected, to define such documents.
The evaluation process is set on three different phases:
— Phase 1: interoperability evaluation (see 5.2.2.1);
— Phase 2: TOE (3.9) performance evaluation (see 5.2.2.2);
— Phase 3: vulnerability assessment (see 5.2.2.3).
The TL (3.10) may consider the most appropriate order of carrying out each of the phases, although the
expected order is the one shown in Figure 2. By passing Phase 1, the TL (3.10) can be sure that all the
different tests in phases 2 and 3 will not present any problem dealing with interoperability. By passing
Phase 2, the TL (3.10) can be sure that the TOE (3.9) is able to reach the documented functionality; if
the TOE (3.9) fails in Phase 2, then executing Phase 3 may be omitted. A correct Phase 2 will help to
understand the limits of the TOE (3.9), that will serve the TL (3.10) to better know the TOE (3.9) and
design more accurate tests in Phase 3.
Figure 2 — Expected execution order of the ev
...