U.S. rolls out biometric entry-exit for foreign travelers

The U.S. Department of Homeland Security has issued a final rule titled “Collection of Biometric Data From Aliens Upon Entry to and Departure From the United States” (8 CFR parts 215 & 235), with an effective date of December 26, 2025. The rule authorizes Customs and Border Protection (CBP) to require photographs of all non‑U.S. citizens , defined in the rule as “aliens,” which includes lawful permanent residents , upon both entry and departure, and permits collection of other biometrics from non‑exempt travelers.

The rule represents a significant expansion of existing facial biometrics programs: it removes prior pilot and port limits, narrows some age exemptions, and frames a phased, multi‑year rollout across airports, land ports, seaports, private aircraft and pedestrian lanes. DHS and CBP say the change is intended to streamline travel and fulfill statutory mandates for an entry‑exit biometric system, while civil‑liberties groups warn of privacy risks and implementation challenges.

What the final rule does

The final rule formalizes authority for CBP to collect facial images at both arrival and departure, and to collect additional biometric identifiers from non‑exempt aliens. It codifies processes that previously operated in pilots and selected ports, making the system broadly available across transport modes and authorized departure points.

Notable regulatory specifics include the removal of earlier photographic age exemptions for facial images: children under 14 and adults 79 and older are now within scope for facial‑image capture, though age exemptions remain for some other biometric modalities. The rule also identifies the regulatory citations (8 CFR parts 215 & 235) and sets the effective date as December 26, 2025.

DHS explains that implementation will be phased: while the rule is effective in late 2025, full operational deployment across all modalities , especially land crossings, private aircraft and pedestrian exits , will occur over multiple years and may require additional notices and operational steps.

Who is affected and how

The rule applies to all “aliens” seeking to enter or depart the United States, a statutory term that includes non‑U.S. citizens and lawful permanent residents. CBP’s authority extends to capturing photographs of those travelers and to collecting other biometrics from non‑exempt individuals.

Because the rule removes previous port and pilot limitations, travelers can expect to encounter biometric capture not only at major airports but at land ports of entry, seaports, private aircraft departure points and pedestrian lanes where CBP chooses to deploy equipment and personnel. CBP has said that some environments will be rolled out later, so experiences may vary by location for some time.

The Federal Register and implementing materials require that alternative procedures be available when biometrics cannot be collected , for example, manual document inspection by CBP officers or airline manual verification. In practice, these alternatives can lead to secondary inspection, boarding denial, delays, or more lengthy manual review when identity or document authenticity is in question.

How the biometric entry‑exit system will work

CBP states that the biometric entry‑exit system will be centered on facial‑comparison technology called the Traveler Verification Service (TVS). TVS is designed to compare arrival photos to departure photos to detect visa overstays, document fraud and identity fraud by matching faces across travel transactions.

Operationally, images captured at the point of entry are compared with later departure images through TVS; facial images and biometric templates are transferred to CBP and DHS biometric repositories such as IDENT and HART (or successor systems) for processing and storage according to department schedules. CBP says it uses algorithms assessed by NIST and has completed Privacy Impact Assessments for TVS.

CBP also highlights prior large‑scale use of facial biometrics in travel: agency statements have reported tens to hundreds of millions of travelers processed under facial‑comparison programs, including figures cited publicly of “more than 55 million” in earlier notices and later “more than 171 million” participants as programs expanded across air, land and sea ports.

Data handling, retention and privacy controls

The rule specifies operational privacy controls and data‑handling practices. CBP notes that photographs of U.S. citizens collected for identity verification are deleted within 12 hours of confirmation of citizenship. By contrast, facial images of most non‑citizens are transferred into DHS biometric systems (such as IDENT/HART) and certain records may be retained under DHS retention schedules.

DHS/CBP retention policies cited in the rulemaking permit some biometric records to be held for extended periods; in Federal Register materials the department acknowledges retention authorities that in some cases allow preservation of records for many years , DHS schedules have been discussed in public materials as permitting retention for as long as 75 years for some records, subject to applicable SORNs and FOIA and records‑management rules.

The rule and accompanying Privacy Impact Assessments describe technical and procedural controls, and DHS states it shares biometrics consistent with existing privacy and disclosure rules. Nonetheless, civil‑liberties advocates have pressed for stricter limits, independent oversight, and clear deletion or minimization rules for sensitive biometric data.

Operational impact, testing and costs

DHS’s regulatory analysis estimated net costs associated with the broader entry‑exit system and provided annualized cost figures in the Federal Register. The department presented discounted and annualized net cost estimates in rulemaking documents; public materials summarized annualized net costs in the range of roughly $68, $70 million, along with additional one‑time implementation and operational costs for agencies and stakeholders.

CBP’s rule cites internal testing, PIAs and time‑motion studies used to estimate impacts such as citizen opt‑out rates and how biometric capture affects passenger flow. The department states that the TVS system is designed as a touchless, streamlined experience at many ports, and CBP has described deployments as supporting quicker identity verification in many cases.

However, the Federal Register and public commentary acknowledge that the largest operational challenges will be at sites that require new infrastructure or staffing, and in situations where biometrics cannot be captured and alternative procedures must be used. Airlines and CBP will need to coordinate manual identity checks, which can slow processing and increase secondary inspections.

Technology accuracy, testing and international comparisons

CBP emphasizes that TVS uses high‑ranked, NIST‑assessed facial‑comparison algorithms and points to prior operational results in preventing imposters and detecting travelers using another person’s document. Agency releases have highlighted examples where facial biometrics helped detect misuse of travel documents during testing and earlier deployments.

Independent researchers and civil‑liberties groups caution that algorithmic error rates and uneven demographic performance remain concerns. False non‑matches or misidentifications can have real‑world consequences, including delayed travel, unnecessary secondary inspection, or worse outcomes for affected individuals. Advocates have urged stronger testing transparency and mitigation measures for demographic bias.

The United States is not alone in moving toward biometric entry‑exit systems: other jurisdictions, including the EU, have been rolling out entry/exit programs in recent years. DHS frames the rule in part as aligning U.S. practice with statutory mandates and international efforts to modernize border controls, while also noting unique U.S. legal and operational contexts.

Reactions, oversight and legal questions

The rule has drawn mixed reactions. CBP and DHS officials have promoted the change as a way to “streamlin[e] travel” with a secure, touchless process that helps detect overstays and identity fraud. Agency messaging stresses operational benefits and the ability to meet congressional mandates for a biometric entry‑exit capability.

Privacy and civil‑liberties organizations such as the EFF and the ACLU have strongly criticized the expanded collection. Advocates have called the broad, long‑term retention of biometrics “grave” for privacy, raised specific concerns about collecting children’s biometric data, warned of mission creep and indefinite tracking, and urged stronger legal limits and oversight to prevent misuse.

Congressional and oversight bodies have also weighed in: the Government Accountability Office reviewed the rule under the Congressional Review Act and issued a report assessing DHS’s procedural compliance for what it classified as a “major rule.” That review is part of the broader accountability landscape that will likely include FOIA, record‑schedule questions, and potential litigation or policy challenges as implementation proceeds.

As the rule moves into effect, courts, Congress and watchdog agencies may scrutinize implementation steps, data‑sharing agreements, retention practices and CBP’s handling of exemptions and alternative procedures.

The new rule marks a substantial policy and operational shift in U.S. border management. Travelers, airlines and the broader public will need to follow phased implementation plans and local port guidance as CBP deploys equipment and processes in different settings over several years.

For individuals and organizations concerned about privacy and civil‑liberties implications, continued attention to the details in the Federal Register final rule, CBP Privacy Impact Assessments, and oversight reports from GAO and others will be important. The debate over the trade‑offs between security, convenience and privacy is likely to continue as the system is rolled out and as real‑world operational data become available.