This document provides high level security and privacy requirements for authentication using biometrics on mobile devices, including security and privacy requirements for functional components, for communication, for storage and for remote processing. This document is applicable to remote modes, i.e., the cases that: - the biometric sample is captured through mobile devices; - the biometric data or derived biometric data are transmitted between the mobile devices and the remote services in either or both directions. The cases that the biometric data or derived biometric data never leave the mobile devices (i.e., local modes) are out of scope for this document. The preliminary steps for biometric enrolment before authentication procedure are out of scope for this document. The use of biometric identification as part of the authentication procedure is out of scope for this document.