arXiv: BlowLive: Blow-Based Multi-Factor Biometrics with Liveness Detection and Revocability

A new research paper, BlowLive, has been published on arXiv proposing a biometric authentication system that uses breath patterns as a multi-factor identifier, combined with liveness detection and the ability to revoke or reset the biometric template. While this is not a regulatory text or binding legal change, it signals a significant technological advancement in the field of AI-driven biometrics. Under the EU AI Safety framework, systems that process biometric data for identity verification are considered high-risk, and this publication highlights emerging capabilities that may soon be deployed in commercial or public sector applications.

Organizations in the financial services, border control, healthcare, and critical infrastructure sectors should take note, as these are areas where biometric authentication is already regulated under the GDPR and the proposed EU AI Act. Any deployment of blow-based biometrics would require compliance with data protection impact assessments, transparency obligations, and the right to erasure, especially given the paper’s claim of revocability. Vendors developing such systems will need to ensure their liveness detection mechanisms meet the robustness and fairness standards expected by regulators.

Compliance teams should monitor this publication as an early indicator of a new biometric modality that may enter the market. They should update their technology watch lists and begin preliminary risk assessments for any future procurement or integration of breath-based authentication. It is also advisable to engage with data protection officers and AI ethics boards to evaluate whether such systems could introduce novel privacy or security risks, particularly around the storage and processing of respiratory biometric data.