Live facial recognition (LFR), which uses cameras to scan crowds and public spaces to identify people in real-time by matching their faces to a police database, can be applied retroactively to any images already captured.

Unlike LFR which is done overtly using specially equipped cameras on top of a clearly marked police van, RFR is used much more covertly and can be used to apply to footage or images captured behind closed doors. Police Scotland has not yet deployed LFR, despite regularly using RFR search capabilities. According to a joint review of assurance published by Plastow, His Majesty’s Inspectorate of Constables in Scotland, and Plastow on 25 March 2025 Police Scotland does not collect, store or analyse specific data for assessing the effectiveness of its RFR technologies, and has “extraordinarily few data” about the system’s performance. The review stated that there was no information about how many RFR identifications resulted in successful outcomes such as arrests and resolved cases or how accurate the technology. The review states that without information on false positives and false negatives, it is impossible to assess the reliability and effectiveness of the system.

Based on the information available, it was found that between April 20,23 and March 20,24, Police Scotland conducted 3,813 RFR search of the UK Police National Database (PND) and 193 searches using the Child Abuse Image Database. In both databases, however, only 2% of the cases had a potential match.

As a comparison, the Metropolitan Police conducted 31,078 searches using the PND during the same time period, while Greater Manchester Police conducted 5,290. However, the review did contain information about what percentage of searches by these forces resulted in matches.

While Police Scotland’s use of the PND in general is audited by the force, it does not audit its RFR usage and has not conducted a post-implementation evaluation of its effectiveness. The review also found that, in addition to the complete absence of evaluation, Police Scotland does not have a roadmap or strategy defining its long-term vision for using biometric technology.

The review stated that “without an evaluation and without a strategy, it is difficult for Police Scotland know which technologies to use (or avoid) and which to invest in (or avoid).” The absence of published evaluations makes it difficult for the general public to understand if these tools are effective policing instruments.

Police Scotland currently aims to have a policy on biometrics in place by the end October 2025. The review also identified problems with the quality of custody images, whose poor resolution makes them unsuitable to be used in facial recognition searches.

The review stated that “a large portion of custody images cannot be searched under PND facial searches functionality.” “This gap could mean that people who have had their custody image previously taken are not being detected on future probe images uploaded by Police Scotland, which could lead to crimes not being detected.”

Police Scotland said a “software issue” was causing the custody images to be captured at a lower-than-recommended minimum size, which, in combination with further compression, is making them unusable.

“Extreme care must be taken with any retroactive ICT fix in order to uncompress the images.” Plastow said that if the data cannot be restored to its original format, it could be seriously compromised.

Police Scotland should make sure this issue is resolved, especially considering the adoption new systems like the UK Home Office Strategic Facial Matching Project.

The review made four recommendations for Police Scotland to alleviate the identified issues regarding its use RFR.

These include developing a policy on the use RFR to search PND or CAID, conducting a needs analysis for all staff and officers regularly working in this field, and improving the collection and evaluation of data evaluating Police Scotland’s technology.

The report also recommended that the force should improve the resolution of its custody photos before participating in the Home Office’s Strategic Facial Matching Project. Plastow said that in an increasingly digital age, the future of law-enforcement lies in finding the right balance between introducing new technologies to ensure public safety and protecting fundamental rights.

For biometrics, the public’s confidence should be maintained through transparency, robust governance, and independent oversight. This, along with issues raised in our report, should prompt reflection for policing Scotland.

In response to the review’s findings, assistant chief constable Steve Johnson stated: “We will take into consideration the Scottish biometrics commission’s recommendations, in the context of developing our biometrics policy, standard operating procedures, and strategy.”

Our Biometrics Oversight Board has already been made aware of the issue and is overseeing the work to improve the quality and accuracy of images taken during custody, as well as the collaboration with the Home Office Strategic Facial Matching Project. This mirrors the recommendations.

High Court ruling from 2012 that they must deleted.

Plastow stated in his review that the PND contained “hundreds and thousands” of images illegally retained in custody. Fraser Sampson estimated in February 2023 “there are probably many millions” of images unlawfully held in the database.

In November 2023, the National Police Chiefs’ Council confirmed to Computer Weekly that a national program between policing, the Home Office, and other agencies had been launched a week earlier to ensure consistency and coordinated use of custody images for facial recognition. The joint review acknowledged that the NPCC-led program existed, but did not provide any information on its status.

Currently, there are more than 19 million custody images stored in PND. 16 million of these are registered in the database’s search gallery for RFR. However, due to the high number of duplicates, it is not known how many individuals have been included in the data. Police Scotland’s lack management information isn’t limited to the use of RFR.

A separate review by Plastow in February 2025 into the use by Scottish policing of DNA data found that they were failing to record and publish data about the ethnicity of people arrested, meaning there was no way to establish whether minority groups were over-represented within policing database. Plastow said that during his fieldwork, the Scottish Police Authority (19459075) Forensic Services and Police Scotland could not provide any reliable management information about the ethnicity of anyone in the Scottish DNA Database. The database was nearly 30 years old and wasn’t designed to record such information.

The fact that SPA Forensic Services, and Police Scotland, are failing to record and publish data about the ethnicity of people arrested whose biometric information is then held by them is concerning. This is in light of the fact that former and current chief constabularies have publicly stated that issues of institutional racist persist within Police Scotland.

We have not been able to determine whether there are any over-representations on the basis of ethnicity, or any other protected characteristic within Scotland.

Read more about Artificial Intelligence, Automation and Robotics

• By Sebastian Klovig Skelton.

  By Sebastian Klovig Skelton.

• By Sebastian Klovig Skelton.

  by Sebastian Klovig Skelton.