Biometric Collection — The Control-Grid Component
Biometric collection is the component you cannot revoke. A leaked password can be changed; a leaked fingerprint, iris, face, or DNA profile is permanent, and once harvested it is the key that ties a body to every other layer of the grid — identity, payments, movement, scoring. The collection is usually justified by the least objectionable use (a secure passport, a welfare-fraud check, a border crossing) and then becomes the substrate everything else runs on. Scored in the Convergence Index.
China
China runs the most comprehensive and coercive collection. In Xinjiang, Human Rights Watch documented mandatory collection of DNA, iris scans, and voice samples from millions of residents under the cover of a “free health check” program (Human Rights Watch). This is collection without consent, targeted at an ethnic population, fused with the surveillance and identity stack. Maximum scale, maximum coercion, no limit — the component at its darkest.
European Union
The EU’s collection is standardized and bounded — for now. Biometric passports follow the ICAO 9303 standard (ICAO), and eIDAS 2.0 adds biometric provisions to the digital-identity wallet (Regulation (EU) 2024/1183). The collection is real and expanding through the wallet rollout, but it sits under the GDPR’s special-category protections — the strongest legal floor of the four, eroding at the terror/CSAM margins.
India
India built the largest biometric database on Earth. Aadhaar enrolls fingerprints and iris scans against published UIDAI biometric standards (UIDAI), now covering well over a billion people. It is the collection that makes the rest of India Stack possible — and the component where exclusion bites hardest, because a worn fingerprint that fails authentication is, as documented elsewhere in this index, a person locked out of subsidized food. Comprehensive, consequential, with the (contested) DPDP-Act floor.
United States & United Kingdom
No central biometric database — collection happens at the border and through forensics. US Customs and Border Protection runs facial recognition at airports under a published privacy-impact assessment, matching travelers against gallery photos (DHS), and law enforcement extracts biometric and other data from seized devices using tools like Cellebrite (EFF). Fragmented and use-specific rather than universal — but the border touches nearly everyone who travels, and the forensics layer reaches anyone whose device is seized, with the consent step replaced by a checkpoint or a warrant of varying rigor.
The counter-argument
Biometrics solve real problems: they make identity documents hard to forge, cut welfare fraud, speed legitimate travel, and let Aadhaar deliver subsidies to people who previously had no provable identity at all. The irreducible difference from every other component is permanence — a biometric breach cannot be remediated, and a biometric database built for one purpose is the most valuable, least revocable asset on the entire grid. The component scores the collection; consent, purpose-limitation, and the strength of the legal floor are what the “limit” axis tracks. The Xinjiang program is what collection without any of those looks like.
Part of the Convergence Index component set. Scored in the interactive index; full cross-country comparison in the convergence table.