Core Viewpoint - The article discusses the implementation of the "Facial Recognition Technology Application Security Management Measures" by the National Internet Information Office and the Ministry of Public Security, aimed at regulating the use of facial recognition technology to protect personal information rights, effective from June 1, 2025 [1][2]. Group 1: Regulatory Framework - The Measures establish a systematic regulatory framework for the application of facial recognition technology, requiring personal information handlers to balance economic benefits with social responsibilities [2]. - It prohibits the use of facial recognition technology as the sole verification method when other non-facial recognition alternatives exist [4]. - The Measures emphasize that the processing of facial information must have specific purposes and be necessary, employing the least intrusive methods while implementing strict protective measures [4]. Group 2: Consent and Notification - Personal consent is required for processing facial information, which must be obtained under conditions of full awareness, allowing individuals to withdraw consent easily [5]. - The Measures mandate clear and prominent notification to individuals regarding the processing of their facial information, including the purpose, method, and retention period [6]. Group 3: Evaluation and Record-Keeping - Personal information handlers must conduct impact assessments before processing facial information, documenting the purpose, legality, and necessity of the processing [7]. - A registration requirement is established for handlers storing facial information of over 100,000 individuals, to be completed within 30 working days [7]. Group 4: Special Considerations - The Measures address the protection of vulnerable groups, stipulating that processing facial information of disabled individuals and the elderly must comply with relevant accessibility regulations [8]. - For minors under 14, parental or guardian consent is required for processing their facial information [8]. - The Measures do not apply to facial recognition technology research and algorithm training activities within China, promoting innovation while ensuring safety [8].

6月1日起施行！两部门联合公布 《办法》明确了人脸识别技术应用安全规范。一是实现相同目的或者达到同等业务要求，存在其他 非人脸识别技术方式的，不得将人脸识别技术作为唯一验证方式。国家另有规定的，从其规定。二是应 用人脸识别技术验证个人身份、辨识特定个人的，鼓励优先使用国家人口基础信息库、国家网络身份认 证公共服务等渠道实施。三是任何组织和个人不得以办理业务、提升服务质量等为由，误导、欺诈、胁 迫个人接受人脸识别技术验证个人身份。四是在公共场所安装人脸识别设备，应当为维护公共安全所必 需，依法合理确定人脸信息采集区域，并设置显著提示标识。任何组织和个人不得在宾馆客房、公共浴 室、公共更衣室、公共卫生间等公共场所中的私密空间内部安装人脸识别设备。五是人脸识别技术应用 系统应当采取数据加密、安全审计、访问控制、授权管理、入侵检测和防御等措施保护人脸信息安全。 《办法》明确了监督管理职责。个人信息处理者应当在应用人脸识别技术处理的人脸信息存储数量 达到10万人之日起30个工作日内向所在地省级以上网信部门履行备案手续。网信部门会同公安机关和其 他履行个人信息保护职责的部门，建立健全信息共享和通报工作机制，协同开展相关工 ...