The 5 Main Questions about Machine-Readable Passports

In 2025, as many countries roll out Digital ID systems, the machine-readable passport feels like a classic in identity verification. However, its introduction and global adoption tell a story worth revisiting.

A machine-readable passport (MRP) holds personal data formatted according to global standards set by the International Civil Aviation Organization (ICAO) in Doc 9303: Machine Readable Travel Documents, currently in its eighth version. The machine-readable passport specifications are detailed in Part 4 of this document.

According to Doc 9303, every machine-readable passport has the following features:

• A booklet of TD3 size (125 x 88 mm, height x width) with at least eight pages, including a data page.

• A data page layout defined by inner and outer rectangles: personal information must stay within the inner rectangle, with blank margins at the edges. The standardized layout supports both visual and machine reading, using hardware or software-based document readers.

• Seven mandatory zones on the data page, including the visual inspection zone (VIZ) with the holder’s portrait and personal details, and the machine-readable zone (MRZ) for automated reading.

• VIZ data must use Latin alphabet characters and Arabic numerals, with transcription or transliteration when other scripts or number systems are used.

• Optional data fields should appear in both the national or working language, and in English, French, or Spanish.

• Recommended validity: up to five years for minors and up to ten years for adults. 

The MRZ encodes the VIZ data—such as name, date of birth, and nationality—interspersed with check digits to help detect errors or fraudulent alterations. During verification, IDV software compares MRZ and VIZ data, flagging any inconsistencies. 

Previously, the document code used only the letter “P” to indicate a passport. Under the latest edition of Doc 9303, effective January 1, 2026, the type of machine-readable passport must be specified in more detail in both the MRZ and VIZ. This update requires a second letter in the document code—such as “PP” for ordinary passports, “PE” for emergency passports, and so on.

All these design rules make passports suitable for machine reading, mainly through optical character recognition (OCR). OCR converts scanned text from digital images into machine-readable data, enabling fast and accurate passport verification. This is why MRPs are sometimes called optical passports.

The development of machine-readable travel documents began back in 1968, when ICAO’s Air Transport Committee established the Panel on Passport Cards. The goal was to speed up passenger clearance at border control—a growing challenge as international travel surged. Standardized, interoperable passport formats were seen as a solution.

Before the machine-readable era, passports varied widely between countries. Layouts, typefaces, and data fields differed greatly, similar to what we see today in domestic identity cards. Pre-Doc 9303 passports also had inconsistent expiry dates. This lack of uniformity forced border officers to examine documents with different appearances and security features, increasing the risk of overlooking fraudulent changes and making counterfeiting easier.

The first edition of Doc 9303 was published in 1980. Australia, Canada, and the United States were pioneers in issuing machine-readable passports following its guidelines. For the rest of the world, this became common only in the late 2000s, spurred by ICAO’s mandate that all member states begin issuing MRPs by April 1, 2010. Human-readable passports remained valid until November 24, 2015, though a few countries continued to use them past that date.  

The events of 9/11 brought increased attention to passport security and accurate identity verification. In the early 2000s, many countries began adding contactless chips and biometric features to their passports, boosting their integrity.

Biometric passports—officially called electronic machine-readable travel documents (eMRTDs)—are an advanced version of traditional machine-readable passports. They include an embedded RFID chip that stores both the holder’s VIZ data and biometric information, usually a facial image, protected by strong encryption and security protocols.

According to Doc 9303 updates for biometric passports, they must include the following additional elements:

• A “chip inside” symbol on the front cover to indicate compliance with ICAO’s standards for electronic and globally interoperable travel documents. Many countries also place this symbol on the data page.

• A warning message reminding the holder that the passport contains sensitive electronics. The page with the chip, as well as corresponding pages, often carries the note “Do not stamp here.”

• A facial image as the required biometric, with fingerprints and iris scans as optional features, all encoded according to the ISO/IEC 39794 standard.

To support biometric passports, a dedicated Public Key Infrastructure (PKI) was introduced. PKI ensures that the data stored on the chip is authentic and hasn’t been changed. Here’s how it works:

• Each state has a Country Signing Certification Authority (CSCA) that issues Document Signer Certificates (DSCs).

• These DSCs are used to digitally sign the Security Object (SOD) stored on the passport chip. 

• When another country scans the passport, it uses the CSCA’s public key to verify the digital signature and confirm data integrity.

The integration of RFID chips and PKI revolutionized identity verification. It enabled online document authentication using NFC-enabled mobile devices and advanced tools like Regula Document Reader SDK. To securely access and read the chip, the system uses BAC/BAP (Basic Access Control/Protection), PACE (Password Authenticated Connection Establishment), or EAC/EAP (Extended Access Control/Protection) mechanisms with a password obtained from the MRZ or CAN.

Biometric verification—typically through facial matching—also plays a crucial role in confirming that the person presenting the e-passport is its rightful owner.

Did machine-readable passports make life easier for border officers and carriers? Absolutely. But they still come with exceptions and challenges that automated systems must consider. 

Even when passports follow the international standard, they can vary in design, data fields, and security features. The reason is that Doc 9303 provides recommendations, not legal requirements, allowing countries to apply its guidelines with flexibility. 

Here are some examples in the VIZ:

Fields like Name may have a variable number of characters compared to the MRZ, which has strict character limitations. As a result, long names may appear full in the VIZ but be truncated in the MRZ. Verification systems must recognize this to avoid false mismatches.

Best practices suggest using uppercase letters (except for name prefixes), and a type size that fits about 10 characters per inch, with 15 per inch as the maximum. But issuing authorities can customize:

• Typeface

• Font 

• Type size

• Horizontal printing density 

• Vertical line spacing 

Such variations can complicate automated text recognition.

In addition to mandatory information, machine-readable passports may include optional data fields such as the holder’s fingerprints, profession, or place of birth. These features vary by country and are seen in passports from Argentina, Sri Lanka, and Egypt, among others.

A comprehensive document template database can help overcome all the challenges mentioned above. Regula offers both on-site and online solutions for passport verification.

While border officers may rely on Information Reference Systems (IRS)—collections of travel documents with detailed descriptions and security features—businesses can verify both optical and biometric machine-readable passports using Regula Document Reader SDK. This tool is backed by a library of over 15,000 ID templates from 252 countries and territories, ensuring accurate and reliable document authentication across the globe.

Machine-readable passports were first introduced back in the 1980s, but it took nearly two decades for them to become widespread. Even today, their successors—biometric passports—are still being adopted in many countries. For instance, India only began issuing biometric passports in November 2024.

This slow rollout reflects a broader truth: changes in interoperable travel documents take time. Updating passport systems is costly and complex, often requiring countries to upgrade their entire identity verification infrastructure, including biometric data collection and storage. 

The next step in passport evolution is the introduction of digital identities stored on mobile devices. In 2020, ICAO presented the concept of Digital Travel Credentials (DTCs), a hybrid model combining a physical passport with a digital copy stored in a mobile app. Like biometric passports, DTCs rely on PKI-based security. 

However, early tests of DTCs revealed technical and interoperability issues. There is still no universally accepted framework for a worldwide launch, and much of the world’s travel infrastructure isn’t yet ready to support it. 

If past transitions are any indicator, moving to fully digital identities will take at least several more years, if not longer. Compared to the shift from paper to machine-readable or biometric passports, digitalization demands far deeper system-wide upgrades. 

As a result, physical MRPs will continue to be a standard method of identity verification for at least the next decade.

With over 30 years of experience in identity verification, Regula has been part of every stage in passport evolution—from handwritten booklets to chip-embedded biometrics.

We combine this deep expertise with advanced technology to offer best-in-class verification tools for all types of identity documents.

Got questions? Book a call with our experts and let us help you find the right solution.