Which New Zealand government agencies use biometric verification today and what systems are in place for law enforcement and border control?

1. Legal framework now governing biometric use — what the Code covers and deadlines

The Biometric Processing Privacy Code, issued under the Privacy Act 2020, came into force for new biometric processing from 3 November 2025 and gives organisations already using biometrics until 3 August 2026 to align with the new rules ^{[1] [5] [6]}. The Code requires agencies to pass an “effectiveness and proportionality” or necessity test before collecting biometric data, limits highly intrusive uses (for example emotion-prediction or inferring ethnicity), and obliges transparency about retention and purpose — all provisions designed to be legally enforceable in the privacy regulator’s toolkit ^{[7] [8] [9]}.

2. Law enforcement: what is publicly acknowledged and the issues it raises

New Zealand Police are explicitly referenced in reporting as a user of biometric technology and the subject of concern around potential discrimination in biometric deployments, particularly facial recognition and matching use-cases; the Code is framed in part to respond to those risks ^{[3] [6]}. The Code treats identification (1‑to‑many matching) and verification (1‑to‑1 matching) as covered activities and therefore requires agencies using such systems, including police, to document necessity, safeguards and proportionality ^{[6] [9]}. Reporting also flags public debate about accuracy and bias — and the Code’s additional obligations (proportionality assessments, cultural impact considerations) are intended to force agencies to surface those risks before deployment ^{[10] [5]}.

3. Border control and identity verification — systems in use and current reporting limits

Multiple sources describe the Code as applying to identity verification workflows common in AML and commercial onboarding — selfie/ID checks and other automated matches — signalling that the same technical approaches underpin many border and immigration identity systems ^{[8] [6]}. However, the provided reporting does not publish a definitive, sourced inventory of which specific border-control or immigration agency systems (for example, Immigration New Zealand or Customs) are presently using facial matching, fingerprint scanners, or e-gates; that absence means a precise catalog of active border biometric systems cannot be asserted from these sources alone ^{[8] [9]}.

4. National security exclusions and institutional dynamics

The Code contains specific exemptions for the New Zealand Security Intelligence Service and the Government Communications Security Bureau from certain provisions, reflecting a policy trade-off between oversight and operational secrecy in intelligence functions ^{[3] [2]}. That statutory carve‑out is important because it leaves some biometric uses outside the Code’s full transparency and proportionality requirements, which raises questions about independent scrutiny and accountability for intelligence-driven biometric programs ^[2].

5. Competing interests, Māori concerns and the political landscape

The Office of the Privacy Commissioner and legal commentators stress the need to balance innovation and privacy, while Māori stakeholders have raised concerns about bias, cultural impacts and data sovereignty — concerns the Code requires agencies to consider in proportionality assessments ^{[1] [5] [10]}. Industry actors welcomed regulatory clarity, noting the Code helps commercial verification and AML compliance, but commercial interests also have an agenda to keep verification workflows viable with limited friction ^{[8] [11]}. Those competing incentives — privacy advocates seeking strict limits, government agencies seeking operational capability, and industry seeking predictable rules — shape how biometric systems will be disclosed and governed going forward ^{[7] [10]}.