TL;DR: Brazil’s Gov.br expansion highlights a public-sector trilemma between data sovereignty, universal inclusion, and defence against deepfakes, with on-premise and sovereign biometric processing presented as the architectural response, according to Oz Forensics. The governance lesson is that identity assurance, privacy compliance, and fraud resilience now have to be designed together, not sequenced separately.
NHIMG editorial — based on content published by Oz Forensics: Solving the Gov.br Trilemma: On-Premise Biometrics
By the numbers:
- With over 130 million Brazilians using the Gov.br platform as of 2025, the identity layer is operating at national scale.
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should identity teams govern biometric verification in regulated environments?
A: They should govern biometric verification as a high-sensitivity identity control, not just a UX feature.
Q: Why do biometric onboarding flows need both inclusion and fraud controls?
A: Because a flow that is secure but unusable will push legitimate users away, while a flow that is easy to bypass creates identity fraud exposure.
Q: What do security teams get wrong about deepfake-resistant identity checks?
A: They often focus on face-match accuracy and ignore the capture environment.
Practitioner guidance
- Map biometric data flows to sovereign boundaries Document where biometric images, templates, and decision outputs are processed, stored, and logged.
- Test liveness under low-friction and low-end-device conditions Measure abandonment, false rejects, and latency across older phones, low bandwidth, and accessibility-constrained journeys.
- Add anti-spoofing coverage for synthetic media and injection attacks Validate whether the verification stack can detect virtual camera feeds, emulator environments, replayed captures, and deepfake presentation attacks.
What's in the full article
Oz Forensics's full article covers the operational detail this post intentionally leaves for the source:
- Deployment guidance for sovereign and on-premise biometric processing in regulated environments.
- Architectural detail on passive liveness detection and how it reduces user friction.
- Practical anti-spoofing capabilities for detecting deepfakes, masks, and injection attacks.
- The ISO/IEC 30107-3 Level 3 validation context behind the biometrics approach.
👉 Read Oz Forensics’s analysis of Brazil’s Gov.br biometric sovereignty challenge →
Gov.br biometrics, sovereignty and deepfake risk: what teams need?
Explore further
Biometric identity programmes now have to be governed like security platforms, not point solutions. Once biometrics becomes the access gate for public services, the control problem expands beyond face matching into privacy, residency, audit, and fraud resistance. That makes the architecture itself part of the trust model, especially where identity data is immutable and jurisdictionally sensitive. Practitioners should treat biometric deployment choices as governance decisions, not implementation detail.
A question worth separating out:
Q: Who is accountable when biometric identity verification fails in government services?
A: Accountability should sit with the programme owner, the security function, and the privacy lead, because the failure spans identity assurance, data governance, and fraud risk. In regulated environments, the operating model should define who owns evidence, who approves exceptions, and who responds when controls fail in production.
👉 Read our full editorial: Brazil’s digital identity trilemma exposes biometric governance gaps