Within the framework of the project, general rules for working with biometric data in the context of state digital resources are established, as well as requirements for the technologies used for their storage and for physical carriers outside these resources.
The Cabinet emphasizes that biometric information should be used exclusively for the authentication of citizens during elections, referendums, and the provision of public services. Mass matching of such data with information databases is prohibited.
Cybersecurity is also given significant attention. The project stipulates the use of certified protection means, the maintenance of digital logs for all data operations, and an annual risk assessment by institutions with access to biometric information. Requirements for the work of employees are specifically outlined, including mandatory registration in a digital service and multi-factor authentication.
The procedures for the transfer and backup storage of biometric data are also being tightened. All physical carriers must be encrypted, accounted for, and sealed. In the event of a loss of the need for storage, they must be destroyed according to an act. The transfer of such carriers is permitted only if there is no possibility of sending data through secure channels.
Furthermore, the project abolishes regulatory acts that have been in effect from 2014 to 2024, which regulated the biometric sphere, as they have lost their relevance with the introduction of new digital regulations.
