IEC 62368-3:2026 Makes Liveness Checks Mandatory

On June 1, 2026, the IEC formally put IEC 62368-3:2026 into effect, making liveness detection a mandatory security requirement for biometric sensors used in identity authentication. For suppliers of fingerprint, facial recognition, and iris modules, as well as device makers, buyers, and market access teams serving multiple jurisdictions, this is worth close attention because the requirement now links anti-spoofing capability directly to product entry conditions in 23 adopting markets.

What the new requirement explicitly covers

The confirmed change is that IEC 62368-3:2026, a revised safety standard for audio, video, and ICT equipment, now requires biometric sensors used in authentication scenarios to include liveness detection capability. The requirement applies to fingerprint, face, and iris modules used for identity verification.

The standard further states that these modules must pass Level 3 attack testing under ISO/IEC 30107-3. It also requires the label “Liveness Verified” to appear on product labels and in technical documentation.

According to the provided information, the standard has already been adopted by 23 countries, including the European Union, the United Kingdom, South Korea, and Singapore, as a basis for local market access.

Where the impact is likely to appear first

Authentication module suppliers face a direct compliance threshold

From an industry perspective, suppliers of fingerprint, face, and iris modules are the most directly affected because the rule is attached to the modules themselves when they are used for identity authentication. The main business impact is likely to fall on testing, documentation, product labeling, and readiness for customer qualification.

Device manufacturers need to reassess integration and market entry plans

For equipment manufacturers using biometric modules in audio, video, or ICT products, the impact is likely to appear in product selection, certification planning, and launch schedules for markets that use the standard as an entry basis. What deserves closer attention is whether current module choices and related documents align with the new requirement before shipment or listing.

Procurement and channel teams may see stricter document checks

Buyers, distributors, and channel-side compliance teams may be affected because the new rule does not stop at technical performance; it also requires a visible “Liveness Verified” claim in labels and technical materials. In practice, the key pressure point is likely to be document consistency across sourcing, customs, tendering, and customer review processes.

Service and supply chain partners will need clearer proof trails

Analysis shows that testing partners, compliance service providers, and broader supply chain support roles may need to adapt around evidence handling, specification review, and delivery coordination. The reason is simple: once anti-spoofing capability becomes a formal entry condition, proof of conformity becomes part of commercial execution rather than only a technical discussion.

Practical points companies should watch now

Separate confirmed requirements from internal assumptions

Companies should first work from the confirmed points only: mandatory liveness detection, ISO/IEC 30107-3 Level 3 attack testing, and “Liveness Verified” marking in labels and technical documents. This helps avoid building internal compliance plans around interpretations that are not yet confirmed in the provided information.

Check product scope market by market

What deserves closer attention is whether a given module is used specifically in identity authentication scenarios, because that is the condition stated in the input. Businesses serving the European Union, the United Kingdom, South Korea, Singapore, and other adopting jurisdictions should review where this requirement intersects with active sales and shipment plans.

Review labels and technical files alongside test readiness

The change is not only about passing a test. It also includes how the product is presented in labels and technical documentation. For manufacturers and suppliers, this means compliance preparation should cover both technical verification and document control, especially where customer delivery packages rely on formal specifications and declarations.

Prepare for customer and supplier communication updates

Observably, customer questions are likely to focus on whether a module has passed the required anti-attack test and whether the “Liveness Verified” claim is properly reflected in product materials. Companies may therefore need to align supplier qualifications, purchasing specifications, and external communication before contracts or deliveries move forward.

Why this reads as more than a short-term rule update

Analysis shows that this development is better understood as a clear regulatory and market-access signal rather than a temporary compliance adjustment. The reason is that liveness detection is no longer described as an optional security enhancement in the provided information; it is framed as a mandatory baseline tied to authentication use cases and recognized by 23 adopting markets.

At the same time, it is also appropriate to keep this under continued observation. The provided information confirms the new baseline and adoption status, but businesses will still need to watch how local enforcement, procurement interpretation, and documentation expectations are expressed in actual market practice.

How to read the change at this stage

The immediate significance of IEC 62368-3:2026 is that anti-spoofing capability for biometric authentication modules has moved into the category of formal access requirements in multiple markets. For the industry, the practical message is not only about test performance, but also about product labeling, technical documentation, and evidence readiness.

It is more appropriate to understand this as an established compliance signal with longer-term implications, while still recognizing that operational details in different markets may require continued verification. In that sense, the change is already concrete, but its full business effect will depend on how companies translate the requirement into sourcing, certification, and delivery workflows.

Basis of this article and what still needs verification

This article is based on the user-provided news title, event date, and event summary concerning the entry into force of IEC 62368-3:2026 on June 1, 2026. The analysis and observations above are limited to that provided information and do not add unverified data, company names, market figures, or external claims.

For this type of industry update, relevant source categories typically include official notices, standard organization documents, company compliance statements, industry association updates, and reporting by authoritative media. A specific official source link was not provided in the input, so the exact text, local implementation details, and any follow-up guidance still require ongoing verification.