Mexico Opens New Tender for Biometric CURP Infrastructure

The Ministry of the Interior, through the National Population and Identity Registry, has launched a multi-year public tender for an “integrated management and operation service for computing systems,” with a budget ceiling of MX$520 million. The resources will support the technological infrastructure needed to implement the new biometric CURP.

The process, registered as LA-04-812-004000998-N-59-2025, is a National Electronic Public Tender under an open contract scheme, valid through Feb. 29, 2028. Key dates include the clarification meeting on Aug. 22, 2025, proposal submission on Aug. 30, 2025, and the decision on Sept. 3, 2025. The contract will be awarded to a single bidder that meets both technical and financial requirements.

The rollout of this infrastructure coincides with the implementation of the biometric CURP, whose regulatory framework was published on July 16, 2025, in the Official Gazette. Mexico City is already operating a pilot module where citizens can voluntarily and free of charge obtain the biometric CURP, which captures facial, fingerprint, iris, and signature data. Authorities must accept the biometric CURP starting Oct. 16, 2025, while the nationwide platform should be ready by Oct. 15. Starting Nov. 14, 2025, biometric CURP registration will be mandatory for school enrollment of children.

The multi-year budget allocates between MX$350 million and MX$520 million across 2025–2028. Spending will be based on service demand, with payments tied to deliverables and service levels.

The technical annex requires private cloud infrastructure supporting Platform-as-a-Service (PaaS), microservices applications, high availability, load balancing, APIs, role-based authentication, monitoring tools, and compatibility with Java, Node.js, PHP, Python, and multiple databases. Suppliers must migrate existing applications to the new platform within two months of the award and ensure uninterrupted operation until February 2028, followed by a six-month transition plan.

Segob also established strict cybersecurity standards: all infrastructure must be new-generation, with redundant components, proactive monitoring, and 24/7 vendor support. Providers must offer top-ranked Gartner security solutions, including AI-enabled threat detection, container protection, CI/CD security, and resilience against denial-of-service attacks.