Anthropic adds biometric selfie checks to Claude users, starting July 8

Anthropic just updated its privacy policy in a way that will make trust teams, legal departments, and security leaders sit up: starting July 8, some Claude users may be required to upload government-issued identification and submit selfie photos or videos for identity verification. The policy update also introduces a new category of personal data collection that includes facial geometry templates.

If you are an executive trying to decide how strict your verification should be, this is the uncomfortable part. Anthropic is effectively moving certain users from “normal account access” into a higher-sensitivity identity proof flow. It is not just collecting “more data,” it is explicitly collecting data types tied to faces, including facial geometry templates, and doing so under an updated privacy policy.

So why does this matter beyond the privacy page? Because identity verification is where product design meets regulatory scrutiny. When a company requires uploads of government-issued ID plus selfies, it is creating a process that has downstream implications for data handling, retention, access controls, and incident response. Even if the company’s intent is fraud prevention or policy compliance, the operational reality is that biometric-linked data increases the stakes if anything goes wrong. That is particularly true for AI products like Claude, where users may not expect their interactions to involve identity proofing at all.

It also signals something about incentives. Companies update privacy policies when they need legal cover to change operational workflows, often for reasons like account integrity, compliance with platform rules, or reducing abuse. The source notes that the updated policy takes effect on July 8 and “allows” the company to require this verification for some Claude users. The wording matters: it is not a universal requirement for every user, but it gives Anthropic the ability to impose it when it deems it necessary.

From a governance perspective, this kind of change is exactly the sort of item boards and executive risk committees should track. Biometric data handling typically triggers tougher internal controls and may also invite external scrutiny, depending on jurisdiction and the specific ways data is used and protected. The update introduces a new data category, facial geometry templates, which is explicitly called out in the policy as part of the personal data collection. Even though the source does not provide additional details beyond that, the key point for decision-makers is that the data taxonomy has changed.

There is also a practical product and customer-experience angle. Selfie-based identity checks can create friction, and friction can become churn if users feel singled out or coerced into providing sensitive information. Because the policy says “some Claude users,” the next question executives will ask internally is segmentation: what triggers the verification requirement, how users are notified, and whether there is a straightforward alternative. The more opaque the trigger, the higher the chance of trust erosion.

For peer companies watching this, the strategic takeaway is simple but urgent. Privacy policies are not static documents; they are a map of how a company intends to collect, process, and protect user data. Anthropic’s move to include facial geometry templates in the personal data categories it can collect, and to pair that with government ID plus selfies for identity verification, sets a new benchmark for what “acceptable” might look like in AI assistant onboarding flows. If you lead compliance, security, or product, you should treat this as a live signal: expect more identity verification pressure across the category, and plan for the operational burden biometric-linked data brings.

The stakes are not theoretical. A privacy policy update that enables biometric data collection affects how incidents would be evaluated, how audits would be conducted, and how regulators would view the company’s risk posture. Anthropic is effectively widening the boundary of user data sensitivity for certain Claude users starting July 8. For executives across the AI ecosystem, that should prompt immediate internal questions about verification triggers, safeguards, retention, and how you explain all of it to users without losing their trust.