EINSTEIN promises a set of interoperable technological applications for identity management and security in the coming age of digital borders and seamless border crossings. Equipped with a vision and novel solutions that are both defined “ground-breaking” in official project material, it aims “to significantly expand existing physical and digital identity checks” — what EINSTEIN labels “phygital” identity checks. According to the redacted Grant Agreement we received from the EU’s Research Executive Agency after a legal access to information request, this will happen through the enrolment of travellers to a framework based on “on-the-move face and iris” biometrics.
As EINSTEIN’s applications suite is explicitly tailored to the operational needs of border and police authorities, a “rapid take up” of its outcomes is expected “at the end of the project”. This could be facilitated by the fact that its solutions will “build on technologies proven in the labs but not mature for an operational usage yet”.
And yet, rather than addressing a current problem, the project is fundamentally focussed on an hypothetical issue, stemming from a border management configuration that presently only exists in the descriptions of “sister” Horizon Europe projects such as SafeTravellers, CarMen and Popeye.
In fact, EINSTEIN’s official website specifies that “In the context of future increasingly “digitalised” borders, new challenges for secure identity management and secure identity and travel documents could emerge in the coming years and decades.”
This is what motivates the project’s overarching goal of increasing “the demonstrable capabilities and performance of border and police identity checks and document security and fraud detection across a wide range of operational environments”. And this is why technological solutions for “identity verification on-the-fly” will be developed over the course of EINSTEIN.
It is expected by the Consortium that EINSTEIN solutions will be deployed “in real operational environments by border authorities and law enforcement for a wide range of use cases”.
This is supposed to fix and endemic issue with EU-funded research projects in identity management, as even though “a number of European innovation projects have tested new ways to combat fraud”, only “few of them reached an operational level”, reads the project summary section of its Grant Agreement.
The document also adds that while “the possibilities for extensive post-project market validation, exploitation routes, the investment risk/reward, the chances of success” and more will be explored after the end of the project, “patenting” and market validation will start over its course (WPs 3-5).
The adoption of EINSTEIN solutions also has an ethical side to it, writes the Grant Agreement, which is “to increase both the freedom of movement and security as well as the autonomy of EU citizens and travellers to, from, and within the EU”. This last specification (“within the EU”) allows to deduce that EINSTEIN technologies are also meant to be deployed for the supposedly temporary and last resort internal controls between Schengen countries. It is also interesting to note how EINSTEIN technologies are portrayed as tools of autonomy, rather than control.
Six novel interoperable applications are being developed by EINSTEIN. These include:
– a web application for the issuance of online documents (e.g. for the renewal of an identity or travel document)
– an application for “mobile document and identity checks” on smartphones and tablets
– an application for the authentication of travel, identity and breeder documents
– “an application to enable travellers to pre-register for (land) border crossings”, thus making “enhanced security checks” possible and improving the overall “border crossing experience for travellers and border guards”
– a kiosk application “with advanced fraud detection” capabilities to be deployed within the EU’s Entry-Exit System
– a “fast track biometric corridor”, allowing “identity verification of travellers at a border without the traveller having to stop”.
The project’s Grant Agreement, which we obtained in a redacted form from the Research Executive Agency, EINSTEIN’s applications will “also adopt new non-centralized architectures based on blockchain, federated learning and self-sovereign identity. Furthermore, as part of the EINSTEIN solutions, the various existing and future databases and systems for border security and law enforcement will be integrated”.
A promise to “exploit the latest AI” is also made in the document.
As we can read on EINSTEIN’s website, the “EINSTEIN Project is an innovation action (IA, ndr), focused on bringing solutions to a high TRL (technology readiness level, ndr). It is our expectation that project results will lead to significant real-world operational impacts.”
According to a December 2022 ‘Study on the Factors Influencing the Uptake of EU-Funded Security Research Outcomes‘ published by DG HOME, “IA projects typically” have “target TRLs between 6 and 9”, with 9 representing a “system proven in operational environment”. This is the last step before entering the market and/or being actually deployed by EU institutions and Member States. The Grant Agreement further specifies that TRL 7 is the “minimum” to be ensured by EINSTEIN solutions.
EINSTEIN already produced a “synthetic face dataset”, FLUXSynID, containing 14,889 unique, high-resolution synthetic identities, “each represented through a document-style image and three live capture variants”. The dataset was created “to support biometric research, including face recognition and morphing attack detection”.
EINSTEIN is premised on the idea that its “high TRL” applications suite is needed as “Previous European innovation projects have struggled to transition to operational effectiveness”; or, as the Objective section on Cordis puts it, “A number of European innovation projects have tested new ways to combat fraud but few of them reached an operational level.”
However, “There exist a number of previous or currently running projects which relate to EINSTEIN. EINSTEIN will directly benefit from the outcomes of these projects, and in the case of running projects, establish links for cooperation.”
While it is not yet possible to fully understand which projects failed to reach operational level, or which completed and current projects will inform EINSTEIN solutions, we do know that “related projects” include:
– D4FLY, on “document and biometric identity verification on-the-fly”
– iMARS, on “morphing attack detection and document fraud detection”
– PROTECT, concerning a “multibiometric corridor for fast, frictionless border crossings”
– SMILE, detailing a “Novel mobility concept for peoples’ flows at land border infrastructures”
– PERSONA, which “Developed integrated impact assessment method for no-gate crossing solutions”, and
– FLEXI-cross, focussed on the “Deployment & continuous validation of toolkit of innovative border-checking solutions in real operational environments”.
The project’s Grant Agreement adds that “the body of ethical work” done in projects such as iMARS and D4FLY — their “ethical assessments and recommendations” — will also be considered for its own ethical assessment, as both”concern ID fraud and verification and involve several EINSTEIN consortium partners”.
Three field tests and trials will validate and demonstrate the technologies developed by EINSTEIN. Directly supported by border and police authorities, they will be held in the Netherlands, at the Greece/Bulgaria border and in the UK. They will respectively concern the authentication of travel and breeder documents (NED), police mobile identity checks and pre-registration for travellers at land borders (BUL/GRE), online ID-document issuance and the fast track biometric corridor (UK).
In February 2025, a news item on EINSTEIN’s website claimed that the project’s applications for pre-registration and police identity checks underwent a 2-days “living lab testing”, hosted by the Centre for Research and Technology Hellas (CERTH) and with the participation of the Hellenic Police, the Border Police of Bulgaria and the General Police Inspectorate of Moldova.
On April 2, 2025, the performance of its smart corridor solution was also validated for the detection of biometric attacks such as MAD (Morphing Attack Detection) and PAD (Presentation Attack Detection, i.e. spoofing or impersonation).
Interestingly, the project’s Grant Agreement specifies that in the case of “Relevant data not (readily) available for the development and field tests”, a mitigation measure can still be adopted: “By construction of the D4FLY consortium, partners with access to the real data are on board. If real data is lacking, alternatives will be used, e.g. anonymised documents or synthetic data”. While EINSTEIN and D4FLY consortium members largely overlap, it is not clear what this reference to the latter having “access to real data” actually means and implies.
While the project has already been running for 18 months at the time of writing — half of its expected duration — none of its deliverables is publicly available.
This lack of public deliverables is all the more jarring, given that the solution promises to reach the highest technological readiness level, and should therefore be at least close to operational at the end of the project. Also, and crucially, their absence makes it impossible to provide an informed judgment on EINSTEIN’s main issues.
Obtaining the partial disclosure of the project’s Grant Agreement didn’t help. Extensive and inexplicable redactions were applied by the Research Executive Agency throughout Annex 1 of the document, which is were substantial project information and details reside. As a result, entire sections were censored, including:
– all descriptions of Working Packages
– objectives and ambition
– methodology
– impact
– quality and efficiency of implementation.
The manner in which the redactions were applied was also noticeable (and unprecedented in AlgorithmWatch’s experience), mostly happening in batches of dozens of entirely blacked out pages, and with censorship abruptly cutting disclosed parts mid-sentence and without any apparent logics.
We can however note that the project is coordinated by the Greek Ethniko Kentro Erevnas kai Technologikis Anaptyxis, which was also the coordinator of previous Horizon-funded projects, such as ROBORDER, SMILE, NADINE (to develop a platform for “intercultural labour integration”) and DARLENE (which focussed on augmented reality and machine learning-based solutions for law enforcement), and part of the NESTOR and ITFLOWS consortia.
Beside some usual suspects of European biometrics and identity verification (such as Veridos, IDEMIA and Trilateral Research) and recurrent institutions (the Fraunhofer Institute and the Kentro Meleton Asfaleias), the consortium interestingly — given that, as a Horizon Europe project, EINSTEIN should be focussed on “exclusively civilian applications” — includes the Dutch Defence Ministry.
We could also read the full “List of Deliverables” in the disclosed Grant Agreement. This revealed that out of a total of 22 expected deliverables, 13 are considered “SEN – Sensitive” (all concerning technical aspects and components), 3 are “R-UE/EU-R – EU Classified” (‘Vulnerability Assessment’, ‘Field Testing Report’, and ‘Trial Testing, pilot evaluation and lessons learnt’), and only 6 are meant to eventually be “Public” over the entire lifespan of the project.
