In a matter of years, no matter where you live or travel, your face will likely be your new passport.

For centuries, people have used some form of passport while moving from place to place. But the widespread standardization of passports as we know them today didn’t really begin until after World War 1, when passports were commonly used as a security measure and to deter spies entering a country. Even then, some considered passports to be an “anachronism in the modern world.”

But the use of paper passports—which were first digitized as “e-Passports” with NFC chips in 2006—is slowly undergoing one of its biggest transformations to date. The travel industry, airports, and governments are working to remove the need to show your passport while flying internationally. Eventually, you may not need to carry your passport at all.

Instead, face recognition technology and smartphones are increasingly being used to check and confirm your identity against travel details before you can fly. These systems, advocates claim, can reduce the amount of waiting time and “friction” you experience at airports. But privacy experts caution that there is little transparency about the technologies being deployed, and their proliferation could lead to data breaches and greater levels of surveillance.

The push to remove paper passports is happening worldwide. So far, airports in Finland, Canada, the Netherlands, the United Arab Emirates, the United Kingdom, Italy, the United States, India, and elsewhere have been trialing various levels of passport-free travel or the technology needed to make it happen. In October, officials in Singapore announced that its residents can fly to and from the country without using their documentation, and foreign visitors can “enjoy the convenience of passport-less clearance when they depart Singapore.” More than 1.5 million people have used the systems, officials claim.

“It’s probably going to become the mainstream way of traveling, as I understand, in the near future,” says Athina Ioannou, a lecturer in business analytics at the University of Surrey in the UK, who has researched the privacy implications that come with different types of travel. Ioannou says the Covid-19 pandemic accelerated contact-free travel, and many efforts are driven by trying to get passengers moving quickly through airports.

While trials around the world are at different stages and use different technical infrastructure, they broadly work in similar ways: Information historically stored in your passport’s NFC chip, including facial data, is instead stored digitally and linked to your phone. The EU is planning to build an official travel app for this. When you are at an airport, the phone can be shown, and a face recognition camera will try to match you to the passport photo.

One of the most commonly tested approaches is using a “digital travel credential.” A DTC, according to the United Nations’ International Civil Aviation Organization (ICAO), which is behind the approach, is made up of two parts: a virtual element, which represents the information stored on passports, and a physical part, the bit on your phone. The two are cryptographically linked to ensure they’re not forgeries. “The key feature of the ICAO DTC is that authorities can verify a digital representation of the passport data before the traveller’s arrival and confirm the data’s integrity and authenticity,” a description of the system says.

Three different approaches to the DTC exist, with two requiring you to carry (but not necessarily use) paper passports, while the third approach, which may be some years down the line, doesn’t require a passport to even be issued. Earlier this year, border officials in Finland held a small-scale trial of a DTC on 22 airline routes, using a mobile app that had been developed. While passengers still had to carry passports, the country’s Border Guard concluded that checks lasted for just eight seconds, with the technical processing happening in two seconds. “Speed is really essential here if we are talking about facilitating a huge number of people,” Mikko Väisänen, the head of the DTC pilot, says.

While ending frustrating airport lines would be welcome for many, the shift to digital travel document also raises concerns about how data is protected, a normalization of problematic surveillance technology such as face recognition, plus whether digital ID systems will be further rolled out to other parts of society and who ultimately controls or builds these pieces of infrastructure.

The ICAO’s documentation around the DTC identifies risks such as “look-alike fraud,” criminals collecting DTC data and duplicating parts of it, delays to journeys if systems face outages, and people being unable to travel if there is a “false rejection” in face-recognition systems and no fallback systems in place. Face-recognition systems have been highly controversial for years.

Multiple companies around the world are building verification systems to help people prove they are who they say, which can involve linking with official government databases or systems. Udbhav Tiwari, the director of global product policy at Mozilla, says there are “privacy by design” and data minimization efforts that are taking place with the development of these products and systems, but there are still a range of other risks.

“We don’t really know how secure these systems are,” Tiwari says, adding that there are generally concerns about the “fairness, accountability, and transparency” with AI systems that can be used. “The fact is that all of these companies develop these systems often do so in deeply proprietary manners,” Tiwari says.

On top of this, Tiwari says, countries can treat people differently. Different nations have data protection regimes of varying quality and may use different standards around how people’s information can be passed to government or law enforcement agencies or sold. “I, for example, would be much more comfortable using biometric-based travel in Germany than I would in many other countries in the world, because I trust the data-protection ecosystem and regulators in Germany and might not in other countries,” Tiwari says.

Adam Tsao, vice president of digital identity at security firm Entrust, says that people using any systems will want to know that their data is being used the way they expect it to be. For instance, he says, among other things people will want to know who has access to information, what purposes they can access it for, and what say they have in what happens to it. “You really want to get to the point where as we move in this digitized world, that you’re giving the exact right amount of information, for the exact right amount of time, for the right purpose to the right people,” Tsao says. And that may not be straightforward.

In India, the Digi Yatra face-recognition boarding system has faced multiple criticisms about how it has been introduced and how people have been signed up for the voluntary scheme, as Biometric Update has reported. “The way that it’s happening in India is no longer voluntary, and it’s no longer something we can hold the government or anybody else accountable for,” says Disha Verma, from the Internet Freedom Foundation.

The Digi Yatra system, which has been operating in 24 airports around the country, may be opening up to foreign citizens in 2025. Meanwhile, there are plans to roll out the identity technology to hotels and historical monuments. Your face could soon be your room key as well.