The Department of Homeland Security has quietly finalized a sweeping rule that will require U.S. Customs and Border Protection (CBP) to capture a facial photograph of every non-U.S. citizen— including lawful permanent residents and infants—each time they enter or depart the United States. Details of the regulation, published 27 October and highlighted by international media on 29 October, confirm that the mandatory program will take effect 26 December 2025 across all air, land and sea ports.
The measure removes previous age exemptions and lifts a cap that had limited biometric-exit pilots to 15 airports. CBP will rely on its Traveler Verification Service, matching live images against passport and visa photos already on file. Travelers who cannot be matched or who opt out (limited to U.S. citizens) will be directed to manual inspection. DHS argues the expansion is essential to close long-standing data gaps on visa overstays and to prevent identity fraud; privacy advocates counter that it institutionalizes mass surveillance and creates the world’s largest facial-recognition repository.
For global-mobility managers, the rule means all foreign assignees— even frequent business travelers with Global Entry—should expect an additional photo capture at jet-bridges or exit kiosks. Companies should update employee-travel FAQs and advise travelers to allow extra time when leaving the U.S. for the holidays or the 2026 FIFA World Cup influx. Although CBP says most scans take under two seconds, rollout glitches during earlier pilots caused missed connections. Airlines that partner on exit-control (notably Delta, United and JetBlue) will accelerate installation of facial-recognition e-gates at departure gates in the next eight weeks.
The final rule requires DHS to publish annual privacy-impact assessments and to delete boarded-traveler photos within 12 hours, but images of non-matched travelers may be retained for enforcement or intelligence purposes for up to 75 years. Multinational employers should review internal data-protection notices to ensure employees are informed of cross-border biometric transfers. Litigation from civil-liberties groups is likely, but experts say a court-ordered stay is improbable given Congress’s long-standing statutory mandate for a comprehensive biometric entry-exit system.
Practical advice: enroll foreign staff in Global Entry or CLEAR only if they are comfortable with expanded biometric use; remind green-card holders that they, too, will be photographed; and consider routing sensitive travelers through pre-clearance airports where CBP infrastructure may be newer and faster.
The measure removes previous age exemptions and lifts a cap that had limited biometric-exit pilots to 15 airports. CBP will rely on its Traveler Verification Service, matching live images against passport and visa photos already on file. Travelers who cannot be matched or who opt out (limited to U.S. citizens) will be directed to manual inspection. DHS argues the expansion is essential to close long-standing data gaps on visa overstays and to prevent identity fraud; privacy advocates counter that it institutionalizes mass surveillance and creates the world’s largest facial-recognition repository.
For global-mobility managers, the rule means all foreign assignees— even frequent business travelers with Global Entry—should expect an additional photo capture at jet-bridges or exit kiosks. Companies should update employee-travel FAQs and advise travelers to allow extra time when leaving the U.S. for the holidays or the 2026 FIFA World Cup influx. Although CBP says most scans take under two seconds, rollout glitches during earlier pilots caused missed connections. Airlines that partner on exit-control (notably Delta, United and JetBlue) will accelerate installation of facial-recognition e-gates at departure gates in the next eight weeks.
The final rule requires DHS to publish annual privacy-impact assessments and to delete boarded-traveler photos within 12 hours, but images of non-matched travelers may be retained for enforcement or intelligence purposes for up to 75 years. Multinational employers should review internal data-protection notices to ensure employees are informed of cross-border biometric transfers. Litigation from civil-liberties groups is likely, but experts say a court-ordered stay is improbable given Congress’s long-standing statutory mandate for a comprehensive biometric entry-exit system.
Practical advice: enroll foreign staff in Global Entry or CLEAR only if they are comfortable with expanded biometric use; remind green-card holders that they, too, will be photographed; and consider routing sensitive travelers through pre-clearance airports where CBP infrastructure may be newer and faster.
