Mexico has officially introduced a digital identification system by signing a law that turned the previously optional biometric-based citizen code into a mandatory document for all citizens.
Last month, legislators approved amendments to a law related to the 18-character personal identifier, known as Unique Population Registry Code (Clave Única de Registro de Población – CURP), with the change formalized on Wednesday through a decree.
The mandatory CURP will contain personal and biometric information, including a photograph and a QR code containing biometric fingerprint and iris data. The identifier is expected to be introduced gradually to all Mexicans by February 2026.
The government has also allowed the consolidation of the citizen codes into a single identity platform that will be connected to other state databases and administrative records. According to the decree, the Ministry of the Interior and the Digital Transformation Agency must create a Unified Identity Platform within 90 days, while public and private institutions will be required to update their system to recognize the identifier.
The country also plans to kick-start a national program to collect biometric data from children and adolescents within 120 days, according to news outlet Mexico Business.
CURP raises surveillance suspicions
The first CURP was issued in 1996, allowing both citizens and residents to use it in tax filings, company records, schools, passport applications and other government services. The biometric version of the code began rollout at the beginning of 2025.
Privacy advocates, however, have viewed the introduction of the mandatory biometric ID with suspicion, raising concerns that the CURP will lead to surveillance and data security issues.
The new law, for instance, does not require authorities to inform citizens when their data is viewed or accessed.
“This puts us in a massive surveillance ecosystem with no provisions to identify wrong use of data, data breaches, identity theft, or acts of corruption,” José Flores, director of digital rights group R3D, told Context News.
CUPR could also allow Mexico to establish data-sharing agreements with other countries, including a deportation deal with U.S. law enforcement agencies.
Rights groups such as Article 19 believe that the ID will give intelligence services access to data without restrictions or transparency. Mexico’s national security agencies, such as the National Intelligence Centre and the National Guard, are among the government bodies that will gain access to the biometric data.
The government says that the misuse of sensitive data, including biometrics, is regulated by existing data privacy laws.
“A wiretap can only be approved by a judge, according to the Constitution and the law,” Mexican President Claudia Sheinbaum said at the beginning of July.
The Unified Identity Platform will be able to connect to the National Registry of Missing and Unlocated Persons and the National Forensic Data Bank, allowing the country to combat the alarming trend of disappearances, according to the government.
Shared from https://www.biometricupdate.com/202507/mexico-makes-biometric-identifier-mandatory-for-all-citizens
Mexico’s ABM Sets Stricter AML Rules for Transfers, Cash
For cash transactions above MX$140,000 (US$7,541.54), banks would require official identification and biometric verification starting in July 2026, aiming both to deter criminal activity and promote the digitalization of the economy.
The Mexican Banking Association (ABM) has announced plans to strengthen anti–money laundering (AML) and compliance practices across the country’s banking system, following recent cases involving CIBanco and Intercam.
Emilio Romano, ABM president, said the measures will go beyond regulatory requirements to reinforce the integrity and stability of Mexico’s financial system. “We want the system to be as well-protected as possible to prevent illicit activities from occurring,” he said at a press conference following the association’s committee meeting.
Key recommendations include restricting international transfers to verified account holders, with immediate implementation for corporate clients and phased adoption for individuals by mid-2027. For cash transactions above MX$140,000 (US$7,541.54), banks would require official identification and biometric verification starting in July 2026, aiming both to deter criminal activity and promote the digitalization of the economy. All deposits to concentrator accounts will also be fully referenced to ensure transaction traceability.
The ABM plans to align AML practices with US standards, sharing information on money laundering patterns and typologies to enhance detection. A new technology platform will enable near-real-time data sharing between institutions, while the association will hold regular meetings with the Financial Intelligence Unit (UIF) to review cases and coordinate prevention strategies.
Romano clarified that these steps reflect ongoing efforts to strengthen controls, not a response to deficiencies. Regarding recent allegations, CIBanco has ceased operations and is no longer part of the ABM, while Intercam continues to operate at reduced capacity after transferring part of its assets to Capital Bank.
“The Mexican banking sector is taking concrete action to uphold trust, ensure compliance, and maintain operational continuity,” Romano said.
Shared from https://mexicobusiness.news/finance/news/mexicos-abm-sets-stricter-aml-rules-transfers-cash
(read between the lines…)
Mexico: New data collection law violates human rights
As Mexico takes steps to introduce new legislation regarding data collection, ARTICLE 19 warns of the profound risks to human rights, and the dangerous precedent such as move sets. We urge the government to protect digital rights, essential to any democracy.
In recent months, the Mexican government has published a package of laws and reforms that enable the collection, interconnection, and analysis of biometric, financial, fiscal, health, telecommunications, and geolocation data on the country’s entire population. This system, operated by civilian and military authorities, lacks effective safeguards and represents a serious setback in human rights.
Among the most concerning provisions are:
- The mandatory biometric Unique Population Registry Code (CURP), which consolidates sensitive data on a state platform interconnected with public and private databases.
- The creation of a Central Intelligence Platform, which will allow the National Intelligence Center and the National Guard to access, in real time, databases containing personal information held by public and private entities without judicial authorisation.
- The reiteration of real-time geolocation powers without a court order, even by military forces.
- The proposed addition of Article 30-B to the Federal Tax Code, which, when implemented, will empower the Tax Administration Service (SAT) to request a temporary blocking of digital platforms when it deems that they ‘impede compliance with tax provisions’.
These reforms add to a worrying pattern ARTICLE 19 has documented in Mexico, which has included the use of Pegasus malware against journalists and defenders, extrajudicial surveillance of activists, and abuse of access to telecommunications data. Despite opposition from ARTICLE 19 and activist groups, these practices are on the way to being legalised and normalised.
What is happening in Mexico today sets a dangerous regional precedent. The protection of digital rights is essential to any democracy.
Shared from https://www.article19.org/resources/mexico-new-data-collection-law-violates-human-rights/