U.S. expands biometric border checks for foreign travelers

The Department of Homeland Security has published a final rule titled Collection of Biometric Data From Aliens Upon Entry to and Departure From the United States, now codified in the Federal Register (90 FR 48604). The rule takes effect on December 26, 2025, and marks a regulatory step intended to complete and expand biometric entry and exit capabilities across airports, land ports, seaports, and other authorized points of departure.

The rule formalizes practices that CBP has already piloted and rolled out at scale, but it also widens the program in several important ways, including mandatory facial-image capture for non‑U.S. citizens, authorization to collect other biometrics, longer retention windows for certain records, and the removal of prior pilot and port limits for departure collection.

What the final rule changes

The final rule authorizes Customs and Border Protection to require that all aliens, defined as non‑U.S. citizens including lawful permanent residents, be photographed upon entry to and/or departure from the United States. The regulatory text appears at 90 FR 48604 and is effective December 26, 2025, making facial-image capture a formal, nationwide policy rather than a set of localized pilot projects.

Beyond photographs, DHS explicitly authorized collection of additional biometric modalities for non‑exempt aliens, including fingerprints, palm prints, ocular imagery, voiceprints, and in limited circumstances DNA. The rule also removes many prior limitations that had confined departure collection to pilot ports or selected modalities, enabling a phased but broad operational expansion.

The regulatory analysis in the Federal Register includes estimated respondent and response counts and operational burden figures across air, land, and pedestrian categories, reflecting DHS intent to scale the program across millions of crossings. DHS cites longstanding statutory mandates as the legal basis for the rule, including IIRIRA 1996, the Enhanced Border Security and Visa Entry Reform Act 2002, IRTPA 2004, and the 9/11 Commission Act of 2007.

Who is affected and where this applies

Under the rule, the primary mandatory subjects are non‑U.S. citizens , a category that expressly includes lawful permanent residents. U.S. citizens may still participate voluntarily in facial biometric processing; CBP states that photos of citizens used for matching in cloud services are generally purged within 12 hours.

The rule covers airports, land ports, seaports, and other authorized points of departure. CBP has said it has deployed facial biometrics at all U.S. airports for arrival processing and at hundreds of ports across modes, and the final rule removes prior pilot and port restrictions to permit broader departure collection as CBP phases in capabilities at bridges, pedestrian crossings, and seaports.

Operational rollout will be phased despite the rule’s effective date. Many airports already have live Simplified Arrival or enhanced passenger processing, while land and seaport deployments will expand over time. Local reporting has flagged concerns about processing times and impacts on cross‑border communities where pedestrian and bridge traffic is significant.

Additional biometrics and age exemptions

A major substantive change is DHS authority to collect additional biometrics beyond facial images. The final rule authorizes collection of fingerprints, palm prints, ocular imagery, voice prints, and in limited circumstances DNA for non‑exempt aliens, creating potential for multimodal identity verification and law enforcement uses.

The rule also narrows prior age exemptions for photographs: children under 14 and adults over 79 are now within the scope for facial-image capture. Some exemptions for other biometric types remain for certain age groups at present, but DHS states these may be subject to future rulemaking or implementation guidance.

CBP and DHS point to results from prior pilots demonstrating operational gains and high algorithmic performance as assessed by NIST in some contexts, but independent observers and civil‑liberties groups continue to press for care in any expansion of modalities given risks of misidentification and demographic bias.

Data systems, retention, and matching

CBP will implement entry‑exit processing through the Traveler Verification Service, or TVS, and transfer in‑scope traveler images and biometrics to DHS identification systems, notably IDENT and its successor HART, for matching, storage, and cross‑checks. The rule and associated documents make clear how TVS interfaces with centralized biometric stores.

DHS states that some gallery photos used for short‑term cloud matching are purged quickly; CBP has described cloud galleries for matching as being purged within hours, typically no later than 12 hours after entry or departure. However, images and biometric matches for non‑citizens moved into IDENT/HART may be retained for far longer, and DHS cites retention schedules that allow certain biometric and biographic records to be kept for up to 75 years in system records.

That long retention horizon has been a focal point of scrutiny. DHS has published privacy impact assessments and system of records notices, and describes safeguards such as access controls, encryption, user training, and deletion policies for citizen data in the cloud, but watchdogs and reporters have highlighted the risks posed by large centralized biometric repositories.

Operational claims and deployment status

CBP reports processing over 807 million travelers through its facial comparison efforts across air, land, and sea as of the agency’s updated metrics in 2025, and emphasizes outcomes such as interdictions of impostors, faster touchless identity checks, and improved detection of document fraud and visa overstays. CBP leadership has framed the expansion as enabling officers to focus on higher‑risk individuals.

Large‑scale deployments already exist at many U.S. airports, and CBP characterizes the final rule as completing the legal and regulatory framework needed to broaden departures collection beyond prior pilot constraints. Industry and agency releases cite high algorithmic accuracy in controlled tests and report program successes dating back to pilots initiated several years earlier.

Despite these claims, CBP notes that implementations will be phased, and operational impacts at land crossings and pedestrian lanes will depend on logistics, staffing, and infrastructure investments. Local media in border communities have reported concerns about potential delays and the need for careful operational planning.

Legal, privacy, and civil‑liberties debate

The rule cites a statutory and policy history that includes IIRIRA, the 9/11 Commission Act, and other laws that directed development of a biometric entry‑exit capability. DHS and CBP point to this legal background in defending the rule as a compliance step with congressional mandates and national security priorities.

At the same time, civil‑liberties groups such as the Electronic Frontier Foundation and the ACLU, immigrant‑rights organizations, and other advocates have argued the expansion amounts to mass biometric surveillance with risks of misuse, mission creep, demographic bias, and data breaches. Those groups filed comments during the rulemaking and remain active in urging stronger limits on retention, sharing, and modalities such as DNA collection.

Independent oversight has also been active: the Government Accountability Office reviewed DHS’s rulemaking packet and issued an assessment in December 2025 summarizing the regulatory change to permit photographing all aliens entering and exiting and authorizing collection of other biometrics. Major media outlets and analysts have reported concerns about centralization and security of biometric stores, prompting calls for clearer legal limits and stronger technical safeguards.

International cooperation and enforcement implications

DHS and CBP have publicly noted expanded biometric cooperation with partner countries, including announced deployments and engagements in nations such as Colombia and Chile to combat transnational crime and manage migration. International sharing and technical assistance are part of a broader strategy to improve cross‑border identity verification.

On the enforcement and operational side, some local reporting points to effects at land ports and on cross‑border commerce and communities. Any phased expansion into bridges and pedestrian lanes will require operational adjustments, technology installations, and training to avoid undue delays while achieving the identified security benefits.

Because the rule enables broader collection, sharing across agencies and with partners could increase. That prospect is one reason privacy advocates seek explicit statutory or regulatory constraints on use, retention, access, and downstream sharing of biometric records, and why analysts emphasize independent audits and transparency about algorithm performance and error rates.

How to read the rule and what to watch next

The final rule text is available in the Federal Register and on govinfo, and DHS has posted privacy impact assessments, system of records notices, and CBP materials on TVS and biometrics on its privacy pages and newsroom. Key primary sources include the Federal Register notice (Oct 27, 2025), CBP releases on Simplified Arrival and enhanced passenger processing, and the GAO B‑337894 assessment.

Observers should track implementation milestones rather than assuming immediate nationwide uniformity: the rule is effective December 26, 2025, but CBP will phase deployments across modes. Watch for updates to TVS PIAs, system security documentation, and independent reviews of algorithmic performance and demographic impacts.

Stakeholders and travelers can also monitor reporting from major outlets and privacy groups, and review CBP statistics and operational notices. Advocacy groups and lawmakers may press for further rulemaking, statutory clarification, or oversight depending on implementation outcomes and any incidents or privacy concerns that arise.

The expansion of biometric border checks represents a consequential shift in U.S. border management and identity verification. It brings potential operational benefits and security gains, but it also amplifies privacy, civil‑liberties, and data‑security concerns that will shape public debate and oversight in the coming years.

Anyone seeking the primary documents should consult the Federal Register notice, DHS privacy pages, the TVS PIAs and SORNs, CBP biometrics material, and the GAO report for authoritative text and analysis. Continued transparency, independent auditing, and legislative or regulatory guardrails will determine how the balance between security and privacy evolves as deployments proceed.