FprCEN/TS 18212-1

SLOVENSKI STANDARD
01-februar-2026
Osebna identifikacija - Zahteve za biometrične izdelke - 1. del: Splošne zahteve in
definicija aplikacijskega profila
Personal identification - Requirements for biometric products - Part 1: General
requirements and application profile definition
Persönliche Identifikation - Anforderungen an biometrische Produkte - Teil 1: Allgemeine
Anforderungen und Definition des Anwendungsprofils
Ta slovenski standard je istoveten z: FprCEN/TS 18212-1
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

FINAL DRAFT
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
November 2025
ICS 35.240.15
English Version
Personal identification - Requirements for biometric
products - Part 1: General requirements and application
profile definition
Persönliche Identifikation - Anforderungen an
biometrische Produkte - Teil 1: Allgemeine
Anforderungen und Definition des Anwendungsprofils

This draft Technical Specification is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/TC 224.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a Technical Specification. It is distributed for review and comments. It is subject to change
without notice and shall not be referred to as a Technical Specification.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. FprCEN/TS 18212-1:2025 E
worldwide for CEN national Members.

Page
Contents
European foreword . 3
Introduction . 4
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Acronyms and abbreviated terms . 8
5 General concepts . 9
5.1 Evaluation actors (informative) . 9
5.1.1 General . 9
5.1.2 Conformity assessment bodies (CAB (3.3)) . 11
5.1.3 Sponsor . 12
5.1.4 Vendor . 12
5.1.5 Product manufacturer (3.7) (PM (3.7)) . 12
5.1.6 Consumer (3.4) . 12
5.2 Evaluation process . 12
5.2.1 Overall description . 12
5.2.2 Evaluation phases . 13
5.3 Documents involved in the evaluation . 14
5.3.1 Application profile (3.1) (AP (3.1)) . 14
5.3.2 Security Target (3.8) (ST (3.8)) . 14
5.3.3 TOE (3.9) Specification . 15
5.3.4 Evaluation technical report (3.5) (ETR (3.5)). 15
6 Definition of the levels of assurance (LoA) . 17
7 Definition of individual tests. 17
8 Definition of application profiles (APs (3.1)). 17
8.1 Introduction . 17
8.2 TOE (3.9) description . 18
8.3 Evaluation type target . 18
8.4 Levels of assurance . 18
8.5 Phase 1: Interoperability evaluation . 19
8.6 Phase 2: TOE (3.9) performance evaluation . 19
8.6.1 General . 19
8.6.2 Metrics for functional error classification rates . 19
8.6.3 Content of this section . 19
8.7 Phase 3: Vulnerability assessment . 20
8.7.1 General . 20
8.7.2 Metrics for security error classification rate . 20
8.7.3 Attack rating methodology . 20
8.7.4 Content of this section . 21
8.8 Requirements for the overall decision . 21
Annex A (informative) Example of the structure of an ETR (3.5) with the minimal
content . 22
Bibliography. 23

European foreword
This document (FprCEN/TS 18212-1:2025) has been prepared by Technical Committee CEN/TC 224
"Personal identification and related personal devices with secure elements, systems, operations and
privacy in a multi sectorial environment", the secretariat of which is held by AFNOR.
This document is currently submitted to the Vote on TS.

Introduction
The use of remote services has increased significantly. This was boosted during 2020-2021, when many
service providers and administrations migrated most of their processes to online handling. Many online
services can now be found, such as opening of a bank account, claiming expenses, paying taxes, starting
legal actions, etc.
For all these services there is the need of identifying the persons claiming for that service, and doing it
in a comfortable, universal, reliable and auditable way. Even though some of those services, in some
countries, were deployed using public key infrastructures (PKIs), as recommended by eIDAS [1], this
approach was far away from being used by a significant part of the population.
Biometric recognition has been considered as a technology to solve the binding between the system and
the consumer. Adding biometric recognition to all kind of systems is a common practice nowadays.
In this context, service providers and administrations define their own requirements, select the
products and deploy the solution. On the other hand, manufacturers implement different solutions to
different customers, in order to fulfil each of those requirement sets. Both sides would benefit from
standards and regulations, on which to rely for the product definition.
Everybody benefits from having a common way of defining those requirements, and a detailed
evaluation methodology. These two items can be used by conformity assessment bodies or by business
owners, to create their own certification schemes for this kind of technology/products, by following
applicable standards.
NOTE   ISO/IEC 17000 and related standards are examples of applicable conformity assessment standards.
This document is addressing this need for the case of biometric products, analysing and merging all
current works, and defining a detailed set of requirements, a biometric-mode-specific evaluation
methodology, and the passing criteria for different application profiles. This document has been
developed with consideration for GDPR principles.
Application profiles (APs) are targeting the evaluation of a specific range of products using biometric
recognition. APs are the baseline for checking conformity with the CEN/TS 18212 series. Indeed, a
product manufacturer (PM), product vendor (PV) or sponsor can ask a conformity assessment Body
(CAB) for the evaluation of a specific product to check its conformity according to the CEN/TS 18212
series and a specific AP (see Clause 8) at a certain level of assurance (basic, substantial or high; see
Clause 6).
The specifications given in this document are based on EN ISO/IEC 2382-37:2023 [2], ISO/IEC 19989-3
[3] and the ISO/IEC 17000 family of standards, including ISO/IEC 17007 [4], EN ISO/IEC 17025 [5] and
EN ISO/IEC 17065 [6]. These standards specify all processes dealing with evaluation and certification
of products and services, either related to their performance or to their security.
These objectives are reached by the development of a multipart Technical Specification (i.e. the CEN/TS
18212 series) with the following structure:
— Parts 1-3: Defining the generic principles and methodologies, not requiring a biometric mode
specific approach.
In particular these parts will be:
— Part 1: General requirements and application profile definition
— Part 2: Interoperability tests
— Part 3: Functionality evaluation methodology
— Parts 4-n: Planned future parts of the CEN/TS 18212 series, defining the particularities of each
biometric mode (e.g. specific tests, specific requirements), and containing, each of the parts, a set
of APs, that will establish the test and requirements applicable for a specific application and
context. Those APs will be addressed in individual annexes, following the structure provided in
For example, these parts can be:
— Part 4: Fingerprint biometrics
— Part 5: Face biometrics
1 Scope
This Technical Specification (TS) series provide a generic framework for the establishment of
requirements and their evaluation methodology for biometric products. The requirements depend on
the biometric mode considered, and are adapted to each scenario, through the definition of a variety of
application profiles (APs). In addition, this TS series provides the definition of the individual tests that
can be applied to a biometric product.
This document specifies the context for the evaluation of biometric products within the context of the
European Union, as well as the general requirements for such evaluation. This will be defined in a
biometric mode-independent point of view, as well as not being biased by the particular application
which is the target of the biometric product to be assessed.
This first part defines the following items:
— biometric evaluation process;
— biometric evaluation phases;
— how to define each particular biometric test;
— how to define the profiling for a particular application.
NOTE 1   Future parts of the CEN/TS series are planned to address the specifics of each biometric mode. For
each of these modalities, this document specifies application-independent tests, as well as a set of APs, that detail
the applicable tests, the evaluation parameters, and the passing criteria.
NOTE 2   Regarding biometrics for public sector applications, see also BSI TR 03121 [8] which can apply.
NOTE 3   For an overview of sectors addressed in the Cybersecurity Act, see Regulation (EU) 2019/881.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 19989-1, Information security — Criteria and methodology for security evaluation of biometric
systems — Part 1: Framework
ISO/IEC 19989-3, Information security — Criteria and methodology for security evaluation of biometric
systems — Part 3: Presentation attack detection
EN ISO/IEC 2382-37, Information technology - Vocabulary - Part 37: Biometrics (ISO/IEC 2382-37:2022)
CEN/TS 18099, Biometric data injection attack detection
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN ISO/IEC 2382-37 and the
following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
application profile
AP
APs
set of specifications, requirements and acceptance criteria for a TOE (3.9) to reach the needs of the
defined area of application
Note 1 to entry: Application profiles (APs) are defined for each biometric mode, and can be found either in the
annexes of parts 4-n of this TS series, or by an external body following Clause 8.
3.2
certification scheme
conformity assessment scheme
set of rules and procedures that describes de objects of conformity assessment, identifies de specified
requirements and provides the methodology of performing conformity assessment
Note 1 to entry: A conformity assessment scheme can be managed within a conformity assessment system.
Note 2 to entry: A conformity assessment scheme can be operated at an international, regional, national
subnational, or industry sector level.
Note 3 to entry: A scheme can cover all or part of the conformity assessment functions explained in EN ISO/IEC
17000:2020 [9] Annex A.
Note 4 to entry: For the scope of this TS series, both terms are considered synonymous.
[SOURCE: EN ISO/IEC 17000:2020 [9], modified, Note 4 to entry added.]
3.3
conformity assessment body
CAB
CABs
body that performs conformity assessment activities, excluding accreditation
Note 1 to entry: Conformity assessment activities are defined in EN ISO/IEC 17000:2020 [9] .
Note 2 to entry: A conformity assessment body (3.3) (CAB (3.3)) may be either the certification body, a testing
laboratory (3.10), or both.
[SOURCE: EN ISO/IEC 17000:2020 [9]]
3.4
consumer
individual member of the general public purchasing or using property, products or services for private
purposes
Note 1 to entry: Applying this definition to the scope of this document, a consumer (3.4) is a human being
interacting with the Target Of Evaluation (3.9) (TOE (3.9)) from outside of the TOE (3.9) boundary, once the
product is deployed (i.e. not taking part in the evaluation process)
[SOURCE: EN ISO 26000 [10]]
3.5
evaluation technical report
ETR
documentation of the overall result of the evaluation and its justification, produced by the testing
laboratory (3.10) (TL (3.10)), and submitted to a Certification Body (CB)
3.6
evaluator
individual assigned to perform evaluations in accordance with a given evaluation standard and
associated evaluation methodology
EXAMPLE     An example of evaluation standards is the EN ISO/IEC 15408-1 [11] series with the associated
evaluation methodology given in EN ISO/IEC 18045 [12].
[SOURCE: ISO/IEC 19896-1:2018 [13], clause 3.5]
3.7
product manufacturer
PM
organization responsible for the development of the Target Of Evaluation (3.9) (TOE (3.9))
3.8
security target
ST
implementation-dependent statement of security requirements for a Target Of Evaluation (3.9) (TOE
(3.9)) based on a security problem definition
3.9
target of evaluation
TOE
set of software, firmware and/or hardware possibly accompanied by guidance, which is the subject of
an evaluation
3.10
testing laboratory
laboratory
TL
body that performs one or more of the following activities:
— testing;
— calibration;
— sampling,
associated with subsequent testing or calibration
Note 1 to entry: In the context of this document, “laboratory (3.10) activities” refer to the three above-mentioned
activities.
Note 2 to entry: Within the scope of this TS series, the activity of calibration is not included, although the laboratory
(3.10) may also be accredited to perform such activity.
[SOURCE: EN ISO/IEC 17000:2020 [9], modified, Note 2 to entry added.]
4 Acronyms and abbreviated terms
For the purpose of this document, the following acronyms and abbreviated terms apply.
CB Certification Body
CSA Cybersecurity Act [14]
eIDAS electronic Identification, Authentication and Trust Services
eIDAS2 new version of eIDAS
EU European Union / European
EUCC EU Cybersecurity Certification Scheme on Common Criteria [15]
FITCEM Fixed-time cybersecurity Evaluation Methodology, (defined in EN 17640 [16])
GDPR General Data Protection Regulation
ID Identity
LoA Level of Assurance
PAD Presentation Attack Detection (defined in ISO/IEC 30107-1 [17])
PAI presentation attack instrument (defined in ISO/IEC 19989-1 [18])
TSFI TOE (3.9) Security Function Interfaces
5 General concepts
5.1 Evaluation actors (informative)
5.1.1 General
Within any product evaluation, the following actors typically play an important role:
— certification scheme. This is out of the scope of this Technical Specification. In those cases where
the evaluation is part of certification scheme, a third party (i.e. Scheme Owner) could base the
certification scheme on specifications, requirements and methods defined in standards like this
one, providing also the rules for certifying relevant products and/or services;
— Conformity Assessment Body (CAB)
— certification body (CB) – which is out of the scope of this document;
— testing laboratory (TL);
— sponsor;
— vendor;
— product manufacturer (PM);
— consumer.
Each of those actors are described in following subclauses.
An example of the relationship that could exist among the above-mentioned actors is summarized in
Figure 1.
Figure 1 — Example of relationships among the actors and elements involved in the evaluation
The sponsor will request the evaluation to the CAB (3.3), including which is the AP (3.1) that will be
applicable to the TOE (3.9). Then the PM (3.7) or the vendor will provide the TL (3.10) with the relevant
documents needed to start the evaluation (i.e. the ST (3.8) and the TOE (3.9) Specification). Then the TL
(3.10) will plan and execute the relevant tests according to the AP (3.1) and the Evaluation Methodology,
to the TOE (3.9). If the TOE (3.9) passes all the evaluation, then the consumer (3.4) may use the TOE
(3.9), provided typically from the vendor.
Within the scheme, the following is defined:
— policies – out of scope of this document;
— biometric Evaluation Methodologies (Part 2 and 3 and individual tests in parts 4-x);
— biometric APs (3.1) (annexes in each part 4-x).
EXAMPLE   Examples of policies are a) the requirement for TLs to be EN ISO/IEC 17025 [19] certified, and/or
b) how is the certificate and its duration issued, etc.
5.1.2 Conformity assessment bodies (CAB (3.3))
5.1.2.1 Certification body (CB)
A certification body is a conformity assessment body performing the third-party conformity assessment
activity certification, as defined in EN ISO/IEC 17000:2020 [9]. This document does not add any further
specification or requirements to certification bodies, as its activity is out of the scope of this document.
The certification body assesses whether the system, product or person complies with the certification
requirements.
Its role consists in:
— preparing the certification;
to which the certification is obtained shall be
— issuing the certificate, in which the AP (3.1)
specified;
— accrediting the testing laboratory (3.10).
The certification scheme (3.2) may consider that the certificates issued are valid for a fixed period of
time, after which a recertification can be performed. The maintenance of the certification may include
assessment procedures to be performed during the validity of the certification. The periodicity of the
certificate validity is defined in the certification scheme (3.2), which is not in the scope of this standard
series.
Requirements for the certification body can be found in EN ISO/IEC 17065 [6]
5.1.2.2 Testing laboratory (3.10) (TL (3.10))
Within the scope of this TS series, a testing laboratory (3.10) is body that performs third-party
conformity assessment activity, as defined in EN ISO/IEC 17000:2020 [9]. More in detail, the TL (3.10)
performs, at least, one or more of the following activities:
— testing;
— sampling, associated with subsequent testing [adopted from EN ISO/IEC 17025 [5].
The role of the testing laboratory (3.10) is to apply the testing methodology described in the parts 2 to
N (depending of the TOE (3.9)). The detailed specification of the tests to be performed and its
methodology is given in the corresponding AP (3.1) applicable to the TOE (3.9) (see 5.2 and Clause 6).
NOTE 1   It is suggested that the testing laboratory (3.10) complies with the requirements provided by EN
ISO/IEC 17025 [20] or equivalent.
Evaluators are the staff in charge of performing the conformity assessment.
The CAB (3.3) or the TL (3.10) are expected to employ or be able to call on a sufficient number of staff
to cover the operations related to the evaluation, as well as the applicable standards and other
normative documents.
Evaluators are expected to have the skills appropriate to the functions they perform, including the
ability to make the necessary technical decisions, define policies and implement them.
NOTE 2   The evaluation can need special equipment as well as in-depth knowledge about biometrics.
As a synthesis, all evaluators are expected to act impartially, be competent and work in accordance with
the CAB (3.3) management system.
5.1.3 Sponsor
The sponsor is the entity the contacts the CAB (3.3) in order to request the certification of the TOE (3.9).
The sponsor can be related to the manufacturing or selling of the TOE (3.9), or it can be a third party
interested in evaluating the TOE (3.9).
5.1.4 Vendor
The vendor is the entity in charge of selling and/or distributing the biometric product (i.e. the TOE
(3.9)). The vendor may be the sponsor and/or the PM (3.7).
5.1.5 Product manufacturer (3.7) (PM (3.7))
The product manufacturer (3.7) (PM (3.7)) produces the TOE (3.9) and is responsible for providing the
evidence required for the evaluation (e.g. training, design information), on behalf of the sponsor. The
PM (3.7) may be the sponsor of the evaluation.
5.1.6 Consumer (3.4)
The consumer (3.4) is either a human being or a machine, that interacts with the biometric product once
the biometric product is sold or deployed. The consumer (3.4) is an actor that do not take part in the
evaluation, but for whom the evaluation is thought.
5.2 Evaluation process
5.2.1 Overall description
Before performing the evaluation’s tests, the sponsor or the product manufacturer (3.7) provides two
documents:
— Security Target (3.8) (ST (3.8)): (see 5.3.2), that will help the TL (3.10) to detect the points where
the security evaluation will focus.
— TOE (3.9) Specification: which defines the TOE (3.9) design (i.e. the functional relationships
among subsystems and modules) and the information exchange with the external world (TSFIs)
NOTE 1   It can happen that the sponsor and/or the PM (3.7) need the assistance of a third-party consultant,
or even the TL (3.10) selected, to define such documents.
The evaluation process is set on three different phases:
— Phase 1: interoperability evaluation (see 5.2.2.1);
— Phase 2: TOE (3.9) performance evaluation (see 5.2.2.2);
— Phase 3: vulnerability assessment (see 5.2.2.3).
The TL (3.10) may consider the most appropriate order of carrying out each of the phases, although the
expected order is the one shown in Figure 2. By passing Phase 1, the TL (3.10) can be sure that all the
different tests in phases 2 and 3 will not present any problem dealing with interoperability. By passing
Phase 2, the TL (3.10) can be sure that the TOE (3.9) is able to reach the documented functionality; if the
TOE (3.9) fails in Phase 2, then executing Phase 3 may be omitted. A correct Phase 2 will help to
understand the limits of the TOE (3.9), that will serve the TL (3.10) to better know the TOE (3.9) and
design more accurate tests in Phase 3.

Figure 2 — Expected execution order of the evaluation phases
Depending of the biometric mode used by the TOE (3.9), the possible tests performed during each phase
are described in the corresponding part of this standard series.
EXAMPLE 1   If the TOE (3.9) is using face recognition, the different tests performed during each phase are
described in the part 5 of this standard series.
For each biometric mode, different parts of this standard series, contain annexes with APs (3.1) (see
Clause 6). The AP (3.1) defines the TOE (3.9), as well as the applicable tests to take into account during
the TOE (3.9) assessment for a specific typology of produc
...