FprCEN/TS 18212-2

SLOVENSKI STANDARD
01-februar-2026
Osebna identifikacija - Zahteve za biometrične izdelke - 2. del: Preskus
interoperabilnosti
Personal identification - Requirements for biometric products - Part 2: Interoperability
tests
Persönliche Identifikation - Anforderungen an biometrische Produkte - Teil 2: Test zur
Interoperabilität
Ta slovenski standard je istoveten z: FprCEN/TS 18212-2
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

FINAL DRAFT
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
November 2025
ICS 35.240.15
English Version
Personal identification - Requirements for biometric
products - Part 2: Interoperability tests
Persönliche Identifikation - Anforderungen an
biometrische Produkte - Teil 2: Test zur
Interoperabilität
This draft Technical Specification is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/TC 224.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a Technical Specification. It is distributed for review and comments. It is subject to change
without notice and shall not be referred to as a Technical Specification.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. FprCEN/TS 18212-2:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Acronyms and abbreviated terms . 7
5 Interoperability issues in biometric systems . 7
6 Input data interoperability tests . 8
6.1 General . 8
6.2 Digital inputs interoperability tests . 8
6.2.1 T1.1.1.1 Level 1 conformance . 8
6.2.2 T1.1.1.2 Level 1 non-conformance . 8
6.2.3 T1.1.1.3 Level 2 conformance . 8
6.2.4 T1.1.1.4 Level 2 non-conformance . 9
6.2.5 T1.1.1.5 Level 3 conformance based on particular use-cases . 9
6.2.6 T1.1.1.6 Level 3 non-conformance based on particular use-cases . 9
6.2.7 T1.1.1.7 Bad quality inputs . 9
6.3 Subject presentations interoperability tests . 9
6.3.1 T1.1.2.1 Bona-fide presentations with subjects that present good quality samples . 9
6.3.2 T1.1.2.2 Presentations with bad quality samples . 9
7 Output data interoperability tests . 10
7.1 General . 10
7.2 T1.2.1 Level 1 conformance of output data . 10
7.3 T1.2.2 Level 2 conformance of output data . 10
7.4 T1.2.3 Quality evaluation of output data . 10
8 Interoperability of exchanged information between TOE and external devices . 10
Bibliography . 12
European foreword
This document (FprCEN/TS 18212-2:2025) has been prepared by Technical Committee CEN/TC 224
"Personal identificätion and related personal devices with secure elements, systems, operations and
privacy in a multi sectorial environment", the secretariat of which is held by AFNOR.
This document is currently submitted to the Vote on TS.
Introduction
The use of remote services has increased significäntly. This was boosted during 2020-2021, when many
service providers and administrations migrated most of their processes to online handling. Many online
services can now be found, such as opening of a bank account, claiming expenses, paying taxes, starting
legal actions, etc.
For all these services there is the need of identifying the persons claiming for that service, and doing it
in a comfortable, universal, reliable and auditable way. Even though some of those services, in some
countries, were deployed using public key infrastructures (PKIs), as recommended by eIDAS[1], this
approach was far away from being used by a significänt part of the population.
Biometric recognition has been considered as a technology to solve the binding between the system
and the consumer. Adding biometric recognition to all kind of systems is a common practice nowadays.
In this context, service providers and administrations define their own requirements, select the
products and deploy the solution. On the other hand, manufacturers needed to implement different
solutions to different customers, in order to fulfil each of those requirement sets. Both sides would
benefit from standards and regulations, on which to rely for the product definition.
Everybody benefits from having a common way of defining those requirements, and a detailed
evaluation methodology.
This document is addressing this need for the case of biometric products, analysing and merging all
current works, and defining a detailed set of requirements, a biometric-mode-specific evaluation
methodology, and the passing criteria for different application profiles. This document has been
developed with consideration for GDPR principles.
Application profiles (APs) are targeting the evaluation of a specific range of products using biometric
recognition. APs are the baseline for checking conformity with the CEN/TS 18212 series.Indeed, a
product manufacturer (PM), product vendor (PV) or sponsor can ask a conformity assessment body
(CAB) for the evaluation of a specific product to check its conformity according to the CEN/TS 18212
series and a specific AP at a certain level of assurance (basic, substantial or high).
These objectives are reached by the development of a multipart Technical Specificätion with the
following structure:
— Parts 1-3: Defining the generic principles and methodologies, not requiring a biometric mode
specific approach.
In particular these parts will be:
— Part 1: General requirements and application profile definition
— Part 2: Interoperability tests
— Part 3: Functionality evaluation methodology
— Parts 4-n: Defining the particularities of each biometric mode (e.g. specific tests, specific
requirements), and containing, each of the parts, a set of APs, that will establish the test and
requirements applicable for a specific application and context. Those APs will be written as
individual annexes, following the structure provided in Part 1.
For example, these parts can be:
— Part 4: Fingerprint biometrics
— Part 5: Face biometrics
This part is devoted to the definition of those tests needed to evaluate the interoperability capabilities
of a biometric product. These tests should be executed prior, or in parallel, to the other tests defined in
Parts 4-n, which follow the methodology defined in Part 3.
1 Scope
The CEN/TS 18212 series specifies a generic framework for the establishment of requirements and
their evaluation methodology for biometric products. The requirements depend on the biometric mode
considered, and are adapted to each scenario, through the definition of a variety of application profiles
(APs).
This series of standards are expected to provide the evaluation methodology, the individual tests, and
the APs (with their particular requirements).
This document specifies:
— tests for evaluating the interoperability of all biometric input data (received or read);
— test for evaluating the interoperability of all biometric output data (stored or transmitted);
— test for evaluating the interoperability of all exchange of information between the TOE and external
components or devices.
NOTE 1 Additional parts are provided covering the specifics of each biometric mode. For each of these
modalities, application-independent tests are defined, as well as a set of APs, that detail the applicable tests, the
evaluation parameters, and the passing criteria.
The Technical Specificätions within this series can be taken by any certificätion body and/or sector, to
define and evaluate the requirements for their biometric products within their selected applications.
NOTE 2 Regarding biometrics for public sector applications, see also BSI TR 03121 [2] which can apply.
NOTE 3 For an overview of sectors addressed in the Cybersecurity Act, see Regulation (EU) 2019/881.
NOTE 4 This part defines all potential tests that could be applicable when evaluating the interoperability of a
biometric product. It will be the relevant AP, the one that will specify which of these tests are applicable.
2 Normative references
The following documents are ref
...