Eye.D, Please

JP Morgan’s new headquarters at 270 Park Avenue, New York, have turned the lobby into a logic gate: no iris or fingerprint; no entry. What began as a voluntary programme is now the default for passing through the building’s entry points, in an emblem of converging corporate security and workplace technology. Employees will also navigate much of their day through a corporate app for services and amenities, linking identity, access and experience in one continuous system.

Why now? Security has the microphone. Following a high-profile security incident in Midtown this summer, executives across the district began reassessing their most vulnerable entrances. Biometrics raise the bar against tailgating and shared credentials, which is why they have moved from data centres and biotech labs into Class A lobbies. (Note: a badge can be read from any angle, because the system only cares about the number it contains, but an iris must be captured from roughly the same perspective each time to match. How the data are stored, and how the vendor manages the data, therefore matter more than ever.)

What it means for real estate technology
Access control grows up. The entry gate is becoming a zero trust checkpoint: verify the human, bind them to a device, and authorize their path of travel. Expect RFPs to call for biometric readers at key portals, progressive enrolment for new hires, and fallback lanes for exemptions.

But implementing biometrics is not a one-time hardware upgrade: it’s a long-term partnership. As UK regulators have noted in retail pilots, biometric systems require ongoing monitoring, algorithm updates and vendor oversight to maintain accuracy and confidence over time. The most forward-looking operators will treat these systems as living infrastructure, rather than static installations. Platforms such as LenelS2 OnGuard already support biometric workflows, promising the combination of robust assurance and high throughput that tenants increasingly expect.

The building becomes an API with windows. The employee app transforms from a mobile badge to become the day’s remote control. It books rooms, orders coffee and nudges destination dispatch. Tenant experience platforms such as HqO are building precisely this, integrating access control with the experience layer, so that a single tap unlocks doors and amenities. When executed well, it feels seamless; when done poorly, it becomes a single point of failure with release notes.

Data exhaust becomes strategic intelligence. With identity tied to rooms and retail, facilities teams can right-size cleaning, catering and staffing to real usage patterns. This is operational gold – so long as the data are minimized, encrypted and limited to legitimate security or operational purposes. Because AI-based recognition systems evolve continuously, operators must also monitor confidence levels and performance drift. Clear governance on who can see what building data, and for how long, will distinguish best-in-class portfolios from more ‘regretful’ ones.

What it means for the workplace
Return-to-office gets receipts. Biometric entry, combined with app-based services, make attendance measurable to the minute. That raises employee relations and privacy stakes, especially where works councils or unions have a voice. Leading employers will publish simple, human-readable dashboards explaining what is collected, why, and when it is deleted, and provide accommodations for those who cannot or will not enroll. Social trust is now part of the user experience.

Compliance becomes product design. In the US, state-level biometric laws around consent, retention and deletion have elevated privacy to a core product feature. In the UK and the EU – notably in Germany, where regulators and works councils take an especially strict view – biometric and facial recognition data sit in the same ‘special category’ as health records. This is particularly relevant for hospitals and care homes, where biometrics are often used alongside clinical information: operators are expected to build in explicit consent, tight retention limits and strong technical controls by default. For landlords and occupiers, this means designing clear consent flows, deletion schedules and encryption into the system from day one, rather than hiding them in the fine print. Every vendor should be vetted as if an auditor were sitting in on the RFP review.

Insurance and risk shift left. Underwriters increasingly ask where biometric templates reside (on device or in the cloud), how quickly credentials can be revoked, and how building networks are segmented. Expect your next cyber questionnaire to look a lot like your network diagram – instead of resembling a tick-box survey.

The bottom line
This is not just a sleeker entry system, but a new operating model for buildings. Eye-based access, paired with an ‘everything’ app, can create safer, smoother days if identity and privacy are treated as equal design priorities. However, success will ultimately depend on aligning what is possible (technology), what is permissible (law and regulation), and what is acceptable (social trust).