The discussions are no longer focusing only on the accuracy of the algorithms but are now also concerned with the infrastructure of the systems
Over the years, facial recognition has transformed from being a technology used by only a few agencies to becoming a standard feature all over the world. It has also been integrated into various sectors like airport boarding, retail security, workplaces, and many more. Facial recognition technology has even expanded to non-private sectors like public-space monitoring.
As facials are being deployed more globally, a very important question is coming up for discussion all over the world: where is the sensitive facial data stored exactly, and who governs it really? With India and global regulators tightening rules around surveillance, data retention, and biometric processing, the cloud and infrastructure layer have become central to public trust.
The discussions are no longer focusing only on the accuracy of the algorithms but are now also concerned with the infrastructure of the systems and how the different models of storage, cloud platforms, server locations, and legal jurisdictions are playing a key role in determining the privacy, security, and sovereignty of biometric identity.
In order to see how different companies are dealing with the situation, we consulted leaders from two different areas of the same industry: Utho Cloud, a sovereign Indian cloud platform, and Techugo, the leading mobile app development company, which is building privacy-conscious biometric solutions. We also looked at Utho Cloud, a company that is based on data sovereignty, compliance, and transparent governance, to help us understand the infrastructure risks behind facial recognition. As biometric and AI-driven systems scale, Utho’s focus on ensuring that India’s sensitive data stays within the country’s borders places it at the centre of this critical conversation.
Sharing his perspective on global privacy architecture and the infrastructural decisions shaping biometric safety, the Founder & CEO of Utho Cloud, Mr. Manoj Dhanda, said, “Facial recognition is no longer a ‘future tech’ debate, as it’s a live governance and privacy question. The core questions people should ask are: where is my face data stored, under which country’s law, for how long, and who can access it? In the majority of instances, raw images or videos (highest risk) are kept as the first option or face templates/embeddings as the second one, now, which are the mathematical vectors that are also considered biometric data. If those templates are stored in the cloud, they will go across borders, which means that control will be shifted to other countries where foreign laws apply, and thus data-sovereignty exposure will be created.
Globally, the enforcement is becoming stricter. On October 28, 2025, European privacy group NOYB filed a criminal complaint in Austria against Clearview AI, alleging it scraped billions of photos to build a biometric database despite multiple EU GDPR fines and bans. This signals a move from administrative penalties to potential criminal liability for mass biometric harvesting.
The balanced path is clear as default to on-device matching for consumer authentication, minimising stored data, locking it to one purpose, enforcing hard retention limits, and disclosing storage geography plainly (‘templates stored in India/EU/US for X days’). Innovation wins only when privacy and sovereignty are designed from day one.”
On the application side of the ecosystem, we turned to Techugo to understand how digital product engineering teams are responding to rising expectations around biometric governance. As facial recognition becomes embedded across high-volume consumer and enterprise systems, Techugo’s emphasis on responsible engineering and transparent data architecture places it at the forefront of privacy-aware digital innovation.
Sharing his perspective, Ankit Singh, the COO of Techugo, said, “Facial recognition technology has progressed from being a specialized solution to an essential part of infrastructure across FinTech, retail, transport, public safety, and security. As the ecosystem matures, the issue of storage and control of face data has become critical, because unlike other personal information, facial biometrics are eternal and indisputable.
The movement of the industry is towards a privacy-centric architecture: mobile device processing, decentralized storage, and stringent data minimization, where the facial templates are retained on the user’s device rather than the central servers. The regulations, like the EU GDPR and India’s Digital Personal Data Protection Act, are forcing companies to switch to the practices of transparency, explicit consent, purpose limitation, and tighter control over the auditable trails.
The next era of facial recognition will be defined by responsible data handling. User acceptance will depend on clear visibility into how their facial data is captured, processed, and protected, making privacy and transparency the true cornerstones of biometric authentication.”
