Egypt's Two-Track Biometric Push
In under a year, Egypt has launched two distinct biometric identity platforms aimed at transforming how 105 million citizens access public services and financial products. In November 2025, the Central Bank of Egypt introduced Haweya, a national digital identity platform combining facial recognition and fingerprint authentication, now integrated with 37 banks for remote customer onboarding. Four months later, in March 2026, the Ministry of Interior piloted MOIEG-PASS — a mobile app co-developed with the Ministry of Communications and Information Technology that requires users to scan their national identity card and complete a live facial recognition check before accessing government services online.
The dual deployment is not coincidental. Both platforms plug into the same underlying civil registry — the national database maintained under Law No. 143 of 1994, which assigns every Egyptian a unique 14-digit national number from birth. That registry is already linked, per official disclosures by the Centre for Information Technology and Communication, to databases at the Ministry of Justice, the General Organization for Social Insurance, the General Directorate of Traffic, the Administrative Control Authority, and the Ministry of Supply. The biometric layer now being added converts that existing administrative integration — what observers have termed "Takamol" (Arabic: تكامل, meaning completion or full interoperability) — into a real-time authentication network with surveillance-capable reach.
The Case for Integration
Egypt's proponents of this infrastructure have a serious argument. Financial exclusion remains a structural problem: despite a financial inclusion rate of 76 percent as of June 2024, tens of millions of Egyptians in rural areas still struggle to open bank accounts or access government cash transfer programmes. Haweya directly addresses this by enabling remote eKYC onboarding — citizens without easy access to a bank branch can authenticate their identity from a smartphone. For Egypt's Takaful and Karama social protection programmes — conditional cash transfers reaching millions of families — reliable digital identity verification reduces leakage and fraud. MOIEG-PASS similarly removes the need for in-person visits to Interior Ministry offices, cutting corruption risk at service counters.
These are real benefits that a thoughtful regulatory framework should support, not obstruct. The question is not whether Egypt should build integrated digital ID infrastructure, but whether it should build it this fast, this broadly, without concurrent governance guardrails.
The Surveillance Architecture Beneath
The concern is structural. Egypt's digital ID integration is being built atop a legal framework that has, in recent years, significantly expanded state surveillance authority rather than constrained it.
In January 2025, Egypt's parliament passed amendments to Article 79 of the proposed new Criminal Procedure Law authorising public prosecutors — with judicial sign-off — to intercept phone calls, social media messages, email, and private digital conversations. Surveillance warrants are valid for 30 days but renewable indefinitely with no statutory cap. Article 116 of the same draft law transfers additional monitoring power to prosecutors, enabling interception of online communications in a manner that Skyline International for Human Rights argues bypasses meaningful judicial oversight for offences as minor as misdemeanours punishable by three months' imprisonment.
This is not a new trajectory. Egypt's Technical Research Department (TRD), operating under the Interior Ministry, has since at least 2016 deployed Nokia Siemens deep packet inspection infrastructure covering fixed and mobile networks. French firm Nexa (formerly Amesys) installed the CEREBRO system for mass electronic surveillance. Under the 2018 Cybercrime Law, internet service providers are mandated to retain users' identification data, call records, and website browsing logs for 180 days and provide access to security agencies on demand.
Egypt's Constitution (Article 57) explicitly protects "private life" and prohibits "unauthorised surveillance." The Criminal Procedure Law amendments sit in direct tension with that guarantee — a point raised by 50 human rights organisations in a collective submission to parliament before the vote.
Biometric national ID systems, by design, make identity verification fast and frictionless — for citizens seeking services, and equally for state agencies seeking to monitor or intercept. When a facial scan authenticates a citizen for a bank loan and simultaneously links to a civil registry database visible to the Administrative Control Authority, the risk is not hypothetical: who else can query that authentication event, and under what authority?
The Data Protection Gap
Egypt does have a modern data protection framework. Law No. 151 of 2020 (the Personal Data Protection Law, PDPL) classifies biometric data as sensitive personal data requiring explicit consent and a licence from the Personal Data Protection Centre (PDPC) before collection. The law mandates purpose limitation and imposes fines of up to EGP 5 million for unlicensed processing.
But the PDPL's Executive Regulations — Minister of Telecommunications Decree No. 816 of 2025 — were only issued in late 2025, more than five years after the law was enacted. Full enforcement does not begin until October 31, 2026. The PDPC has, to date, focused primarily on business registration rather than enforcement actions. No significant public penalties have been imposed. As the Cairo Review of Global Affairs noted, "few widespread public awareness campaigns" inform citizens of their rights under the law.
This creates a window of vulnerability: two national biometric platforms are scaling rapidly while the oversight body mandated to scrutinise their data practices is not yet fully operational.
What Proportionate Governance Looks Like
Integrated digital ID infrastructure is not inherently incompatible with civil liberties. Estonia's X-Road and India's Aadhaar — however imperfect — have produced detailed access logs, independent audit mechanisms, and statutory data minimisation requirements. Egypt's civil registry integration need not replicate the surveillance excesses that have historically characterised its digital infrastructure.
Three concrete steps would shift the balance. First, the PDPC should receive expedited operational capacity ahead of October 2026, with explicit authority to audit biometric data practices at Haweya and MOIEG-PASS. Second, the Criminal Procedure Law's Article 79 amendments should be revised to impose hard caps on surveillance warrant renewal — proportionality requires a sunset, not indefinite extension. Third, the civil registry integration stack should publish a public-facing data dictionary specifying exactly which agencies can query biometric authentication logs and under what legal authority.
Egypt is building a digital ID architecture with genuine public benefits. The integration is proceeding faster than the governance that should contain it.