In recent months, you’ve probably heard about Mexico’s biometric CURP, a government project aiming to modernize citizen identification. The idea is to integrate biometric data like facial recognition, fingerprints, iris scans, and signatures into a single ID key—promising faster, more secure identity verification for millions.
But what seemed like a decisive step toward national digitalization has just hit a major bump: the first public tender to hire the cloud services that would support the system has been declared void.
At TecnetOne, we break down what this failure means, the risks involved, and the potential scenarios going forward.
The Ministry of the Interior (Segob) issued a call for comprehensive cloud computing services to support Renapo (National Population Registry), a key component of the biometric CURP infrastructure.
The budget wasn’t small—up to 520 million pesos over multiple years to ensure computing power, storage, networking, and above all, high cybersecurity standards.
Two consortiums submitted bids:
The problem: neither met the technical requirements.
The consequence: the tender was declared void on September 3, 2025.
This delays cloud infrastructure consolidation and puts the project timeline at risk. A pilot program is already running voluntarily in Mexico City, but mass rollout was set for January 2026, with mandatory adoption in February.
This isn’t a minor delay—CURP biométrica is on a tight schedule. If the next bidding process fails again, Segob could face:
A third failed attempt could lead to audits by the Federal Audit Office (ASF) and discourage vendors from participating in future tenders.
Learn nore: Ransomware in Mexico: Cyberattacks Cause Major IT Sector Losses
If public bidding continues to fail, Mexican law offers a few fallback options:
Beyond technicalities, the greatest risk lies in lack of transparency. Experts warn that any prior relationships between officials and bidding companies could result in serious conflicts of interest.
Mexico’s track record with tech projects shows that direct awards often lead to public distrust, especially when managing sensitive data from millions of citizens.
Concentrating biometric data in one system makes it an attractive target for cybercriminals. Recent cyberattacks on utilities and federal agencies show how exposed the government can be.
What’s more, the dismantling of INAI, Mexico’s independent data watchdog, raises the question: who will oversee data protection?
The government has hinted at using blockchain for transparency, but even that carries its own risks:
One relevant example is the digital ID project in Monterrey, implemented via direct award. While it addressed urgent needs, it also revealed flaws:
This reinforces that transparency isn’t optional—it’s essential for national ID systems.
Similar titles: Mexican Water Infrastructure Under Fire: Rising Cyberattacks
Experts like SILIKN suggest several steps to restore trust:
The biometric CURP isn’t just a tech project—it’s a national identity system that will affect millions.
If done right, it could streamline public services. If done poorly, it could become a tool for cyberattacks, fraud, and privacy violations.
At TecnetOne, we believe the challenge is not just technical—it’s ethical, legal, and political. Security, transparency, and inclusion must guide every decision moving forward.