The Three Laws of Biometrics

The Biometrics Institute has devised the Three Laws of Biometrics to prompt its members to remember the fundamentals of using biometric technology responsibly and ethically.

The laws – or the PPT of biometrics – should be used as a checklist to guide members in their implementations, and crucially in the order in which tasks should be carried out. Policy first, then process and only when robust review of those initial steps has taken place should the requisite technology be appropriately explored.

We want our members to ask with every application, ‘Just because we can, should we?’ – thoroughly assessing each use case and the impact on its users. We are calling on the biometrics community to ensure the technology continues to serve us responsibly and ethically, not exploit us.  

We hope these three laws will act as an easy reminder of the principles anyone operating in this space should hold.

For detailed drilling down into all of these issues, members should refer to our Good Practice Framework.


The Three Laws of Biometrics


  1. POLICY – comes first: Any use of biometrics is proportionate, with basic human rights, ethics and privacy at its heart.


  1. PROCESS – follows policy: Safeguards are in place to ensure decisions are rigorously reviewed, operations are fair and operators are accountable.


  1. TECHNOLOGY – guided by policy and process: Know your algorithm, biometric system, data quality and operating environment and mitigate vulnerabilities, limitations and risks.   


We encourage you to use the Three Laws of Biometrics, but please note they need to be referenced to the Biometrics Institute.

© Copyright 2020 Biometrics Institute.  All Rights Reserved.


Lead the debate with us on the
responsible use of Biometrics