On April 2, 2026, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, and the Ministry of Public Security jointly issued the 2026 Special Action for Personal Information Protection.
The core requirements are explicit: in the education, medical, financial, and transportation sectors, facial recognition shall not be used as the sole verification method, and non-facial recognition alternative measures must be introduced.
This single document has transformed iris recognition from a "high-end optional feature" into a "compliance mandatory requirement".
I. What Does the Policy State?
Over the past decade, facial recognition has rapidly penetrated all walks of life with its convenience. Facial scanning for building access, cash withdrawal, and hospital registration... the human face has almost become a "master key".
However, with the popularization of deepfake technology, the security shortcomings of facial recognition have become increasingly exposed. In 2025, multiple cases of financial fraud using AI face-swapping to bypass facial identity verification systems attracted widespread public attention, prompting regulators to re-examine the compliance risks of "single facial authentication".
The core provisions of the joint action by the three authorities include:
1. Financial institutions (banks, securities firms, insurance companies) shall not use facial recognition as the sole method of identity verification.
2. Medical institutions (hospitals, clinics) must provide at least one alternative verification scheme that does not involve facial recognition.
3. Educational institutions (schools, training organizations) are prohibited from mandating the use of facial recognition.
4. The transportation sector (airports, high-speed railways) must ensure unimpeded access to non-facial recognition channels.
5. Violators will face penalties including rectification orders, fines, and even suspension of services.
Rectification window: to be completed by the end of 2026. Relevant institutions have less than 9 months left to fulfill the requirements.
▲ Four Major Industries Facing Imminent Compliance Rectification
II. The Dilemma Faced by Institutions
After the policy was issued, many institutions fell into a genuine dilemma:
On one hand, they cannot abandon facial recognition — the systems, with investments of millions or even tens of millions of yuan, cannot be scrapped overnight.
On the other hand, they must introduce alternative measures — otherwise, they will face compliance penalties that directly affect their business qualifications.
The only question for procurement decision-makers is: what alternative to use?
● Passwords/PIN codes? A 20-year step backward in security, with extremely poor user experience.
● Fingerprint recognition? Contact-based collection carries health risks, and it is equally vulnerable to replication attacks.
● Voiceprint recognition? Susceptible to recording attacks, with poor performance in noisy environments.
● Hardware Tokens? Inconvenient to carry, high loss rate, and prohibitive costs.
Iris recognition, however, is the only answer to this question that balances security, non-contact operation, uniqueness, and user experience.
III. Why Iris Recognition?
The iris is the annular tissue surrounding the pupil of the human eye. The texture of each person's iris is finalized within 18 months after birth and remains stable for life. No two identical irises exist in the world — not even for identical twins, or the left and right eyes of the same individual.
Compared with facial recognition, iris recognition has inherent advantages:
● Strong anti-forgery capability: Cannot be replicated through photos, videos, 3D printing or other means, completely immune to deepfake attacks.
● Non-contact collection: No need to touch the device, meeting the zero-contact requirements of medical and health venues.
● Fast recognition speed: Homsh's OVAI system completes recognition in less than 1 second, delivering a smooth user experience.
● Ultra-high accuracy: False Acceptance Rate (FAR) as low as 1 in 1,000,000, far exceeding facial and fingerprint recognition.
● Strong compliance: As a "non-facial recognition biometric feature", it fully meets the requirements of the three authorities.
● Easy integration: Supports parallel deployment with existing facial recognition systems, no need to rebuild infrastructure.
In short: iris recognition is not a competitor to facial recognition, but its best compliance partner.
▲ Iris Recognition: The Optimal Solution for Non-Facial Recognition Compliance Alternatives
IV. Homsh: Built Specifically for Compliance Scenarios
WuHan Homsh Technology Co., Ltd. (HOMSH) is one of the very few domestic enterprises that masters all three core technologies of iris recognition: core algorithms, dedicated chips, and complete system solutions, with full independent control from algorithms to hardware.
In response to the compliance requirements of the 2026 Special Action for Personal Information Protection, Homsh provides complete industry-specific solutions:
Financial Industry Solution | Bank Branches / Securities Business Departments / Insurance Counters:
OVAI iris identity verification terminals support real-time verification for a database of tens of thousands of people; deployed in parallel with existing facial recognition systems to enable one-stop "dual-mode authentication".
Medical Industry Solution | Tertiary Hospitals / Community Hospitals / Internet Medical Services:
Non-contact iris verification for registration and medicine collection, meeting infection control requirements; optimized collection for special groups such as the elderly and children.
Education Industry Solution | Universities / K12 Schools / Vocational Training Institutions:
Full coverage of access control, attendance, and examination hall management; compliant with the Ministry of Education's requirements for minor data protection.
▲ Iris Recognition: Building a Trusted Identity Authentication Infrastructure for Multiple Industries
V. Act Now to Seize the Compliance Window
The regulatory countdown has begun. With the rectification deadline set for the end of 2026, institutions have an actual window of only 6-8 months to complete the full cycle of procurement, deployment, testing, and launch.
Based on past experience, the procurement cycle for an iris recognition system is typically 2-4 months (including bidding, testing, and contracting), with a deployment cycle of 1-3 months. Starting now fits perfectly within the window; delaying until the second half of the year may result in missing the compliance deadline.
Homsh has provided compliant iris authentication solutions for numerous financial institutions, government service halls, and border inspection ports, with extensive industry implementation experience.
Want to learn about the compliant iris authentication solution suitable for your organization?
Free compliance risk assessment · Customized solutions · Seamless integration support
Compliance is not a burden, but an opportunity to build a trusted digital identity.
