NatWest has sent the May 20 2026 alert to explain that it is changing the legal basis used to process customers’ biometric data, such as face and voice recognition. From that date, the bank will rely on “legitimate interests” instead of customer consent.
NatWest says customers do not need to take any action, and the way they use the mobile app, online banking and Telephone Banking will stay the same. The change is mainly about how the bank explains and manages biometric data under UK data protection law.
- Customers do not need to update their account or app settings
- Face ID and Voice ID will continue to work as normal
- NatWest says the change is intended to improve fraud protection
- Customers still keep their privacy rights, including the right to object
- Payments, card details, PIN access and account changes will continue to use biometric approval in the same way as before
Why Has NatWest Sent Customers an Alert About 20 May 2026?
NatWest has emailed online banking customers because the bank is changing how it legally processes biometric information from 20 May 2026.
The message is not warning customers about a new risk or technical problem. Instead, it is explaining a change to the bank’s privacy and data handling policy.
At the moment, NatWest relies on customer consent when using biometric data such as facial recognition in the mobile app or Voice ID during Telephone Banking.
From 20 May 2026, NatWest will instead rely on “legitimate interests”, which is a legal basis allowed under UK data protection rules. The bank says this gives it a clearer and more consistent way to use biometric data for security and fraud prevention.
A NatWest statement to customers said,
“We’re changing how we process biometric data on 20th May 2026.” It then reassured customers that “there’s nothing you need to do”. Finally, the bank added that it simply wanted customers to be aware of the update before it comes into effect.
What Is Changing With NatWest’s Biometric Data From 20 May 2026?
The biggest change is not how biometric approval works, but the legal reason NatWest uses to process the data. Until now, customers have given explicit consent when setting up facial recognition or Voice ID. From 20 May 2026, the bank will rely on legitimate interests instead.
NatWest says this means it can continue using biometric data because it believes the use is necessary, fair and expected by customers. The bank argues that checking a customer’s face or voice is an important part of preventing fraud and keeping accounts secure.
The following parts of the service are not changing:
- Customers will still use facial recognition in the app when needed
- Voice ID will still work for Telephone Banking
- The bank will continue storing and comparing a customer’s biometric sample
- The app and online banking experience will stay the same
- Customers will not need to register again or accept new settings
NatWest also says the update does not give the bank permission to use biometric data for unrelated purposes. The data will still only be used to confirm identity and protect accounts.
One customer reaction online reflected why some people are concerned. A NatWest customer said, “It feels like a significant thing to bury in a routine email.” They explained that biometrics are different from passwords because they cannot easily be changed. The customer added that many people want clearer explanations about why the legal basis is changing.
What Does ‘Legitimate Interests’ Mean in NatWest’s New Policy?
NatWest says that from 20 May 2026 it will process biometric data under “legitimate interests”. This is a legal term in UK data protection law. It allows an organisation to use personal information if there is a genuine business reason, provided that the use is necessary, fair and balanced against the customer’s rights.
NatWest believes using biometric information to stop fraud and confirm identity meets this requirement. The bank says customers would reasonably expect their face or voice data to be used in this way when they use mobile banking or Telephone Banking.
Why Is NatWest Moving Away From Customer Consent?
NatWest appears to be moving away from consent because consent can be withdrawn at any time. If a customer removes consent, the bank could struggle to keep offering the same fraud protection and identity checks.
By using legitimate interests, NatWest can continue operating its biometric systems more consistently. The bank says this creates a stronger legal basis for protecting customers against scams, fake accounts and unauthorised payments.
NatWest explains that biometric approval is already used as an extra security layer. Rather than relying only on passwords or PINs, the bank compares a customer’s face or voice to a stored record before allowing certain actions.
This includes situations such as:
- Sending money to a new payee
- Changing account details
- Accessing card information
- Approving higher payment limits
NatWest’s guidance says, “We’re now using legitimate interests as our legal basis.” The bank says this helps it use customer information in a “fair, necessary and expected” way. It also says the change supports important services, especially fraud prevention.
The move also reflects the wider direction of banking in the UK. NatWest has closed branches and encouraged more customers to use digital services.
As more people bank through apps and online platforms, banks increasingly rely on biometric tools to prove that the correct person is using the account.
How Does ‘Legitimate Interests’ Differ From Consent Under UK Data Protection Law?
Consent and legitimate interests are both lawful ways of using personal data, but they work differently.
With consent:
- Customers actively agree to the use of their data
- Customers can usually remove that permission at any time
- The company must stop using the data if there is no other legal reason to continue
With legitimate interests:
- The organisation decides there is a valid reason to use the data
- The company must show that the reason is necessary and fair
- The organisation must balance its own needs against the customer’s privacy rights
- Customers can still object, but the organisation may continue if it can justify the use
This is why some NatWest customers are confused or worried. They feel that moving away from consent gives the bank more control over biometric information.
A discussion among customers online highlighted this concern. One customer wrote,
“You can still object but they don’t have to listen.” They said they were worried because biometric data is permanent and more sensitive than an ordinary password. The customer also said the change was difficult to understand from the short email alone.
However, NatWest says customers still have important rights. The bank must explain how the data is used, keep it secure and allow customers to challenge the processing if they believe it is unfair.
Under UK data protection law, NatWest cannot simply use biometric data without limits. It must show that the use is proportionate, necessary and directly linked to account security.
What Is Biometric Data and How Does NatWest Use It?
Biometric data is information about a person’s unique physical characteristics. In NatWest’s case, this mainly means a customer’s face or voice. The bank uses these details to check that the person trying to access an account is really the account holder.
When a customer registers for biometric approval, NatWest stores a secure sample of their face or voice.
Later, if the customer wants to make a payment or change important details, the bank asks them to complete another face or voice check. The new sample is then compared with the stored one. If the two match, the customer can continue.
NatWest uses biometric data for security rather than convenience alone. It says this extra layer helps stop fraudsters from taking over accounts, especially when they may already know a customer’s password or personal information.
NatWest may use biometric approval when customers want to:
- Confirm a payment to a new person
- Change their home address or mobile number
- View card details or a PIN
- Increase payment limits
- Use Telephone Banking through Voice ID
The bank says the data is not used for advertising or marketing. Instead, it is only used to verify identity and reduce the risk of fraud.
Which NatWest Services Use Biometric Approval?
NatWest uses biometric approval across several parts of its mobile and telephone banking services. The purpose is to make sure that only the genuine customer can access sensitive features or authorise important actions.
Although the legal basis for processing biometric data is changing, the actual services that use face or voice checks will remain exactly the same after 20 May 2026.
Which Mobile App Actions Require Face or Voice Verification?
NatWest customers may already notice that the app sometimes asks them to look at the camera before continuing. This is called biometric approval.
The app may require face verification for actions such as:
- Making a payment to someone new
- Changing a payee reference
- Sending an international payment
- Changing a home address or contact details
- Increasing payment limits
- Viewing a card PIN
- Viewing card details
- Approving Open Banking payments to new beneficiaries
NatWest says these checks are designed to reduce fraud. For example, if someone stole a customer’s phone and password, they would still struggle to access these features without matching the customer’s face.
The bank has also confirmed that customers can continue using biometric approval as an alternative to a physical card reader when using online banking.
This is important because many customers now prefer to manage their account through the app instead of carrying extra devices.
How Does Voice ID Work for NatWest Telephone Banking?
Voice ID is NatWest’s version of biometric security for Telephone Banking. Instead of asking security questions each time, the bank can recognise a customer by the sound and pattern of their voice.
To use Voice ID, customers first record a short phrase. NatWest stores this voice pattern securely. When the customer later calls the bank, they repeat a phrase and the system compares it with the stored version.
NatWest says Voice ID can help customers access support more quickly while also improving security. It is particularly useful for people who regularly call the bank or who may find passwords and security questions difficult to remember.
The bank explains that the process works because every person’s voice is slightly different. Elements such as tone, rhythm and pronunciation create a unique pattern.
NatWest describes the process in simple terms. The bank says customers may be asked to “repeat a phrase”. It then compares the new sample with the one already stored. If the two match, the customer can continue using Telephone Banking normally.
Can Customers Still Use a Card Reader Instead of Biometrics?
Yes. NatWest has confirmed that customers who do not want to use biometric approval can still use a card reader in many situations.
This is especially important for customers who:
- Prefer not to share face or voice data
- Do not have a smartphone with facial recognition
- Are uncomfortable using biometric technology
- Need an alternative because of accessibility reasons
For example, customers making a large payment to a new payee may still be able to use a card reader rather than facial recognition. NatWest says card readers remain available for online banking and certain transactions.
However, some mobile app features may work more smoothly with biometric approval. Customers who choose not to use face or voice recognition may need to use a different method or contact the bank for help.
NatWest has said that customers are free to delete their biometric registration if they no longer want to use it. Even so, they may then lose access to some quicker app-based features.
Do NatWest Customers Need to Do Anything Before 20 May 2026?
No. NatWest has clearly said that customers do not need to take any action before 20 May 2026. There is no need to download a new app, update settings or reply to the email.
The bank says that face recognition, Voice ID and online banking will continue to work in exactly the same way as before. Customers who already use biometric approval do not need to register again.
However, customers who are worried about the change may wish to read NatWest’s privacy notice or review their biometric settings in the mobile app. They can also contact NatWest if they want more information about how their face or voice data is stored and used.
Customers who do not want to continue using biometric approval can choose to turn it off or ask about alternative methods such as a card reader. Even then, NatWest says the upcoming change does not require any immediate action from customers.
Will the NatWest App or Online Banking Change After 20 May 2026?
For most customers, there will be no visible change at all after 20 May 2026. NatWest says the update is about data processing rules rather than a redesign of the app or a change to online banking features.
Customers will still log in, make payments and manage their account in the same way. The difference is simply that NatWest will rely on legitimate interests rather than consent behind the scenes.
Will Payments, Personal Details and PIN Access Still Work the Same?
Yes. NatWest says all of the main functions that currently use biometric approval will continue exactly as they do now.
Customers will still be able to:
- Make payments to new payees
- Send international payments
- Change personal details
- Increase account limits
- View card details and PIN information
The steps involved will remain the same. For example, if the app currently asks a customer to complete a face scan before changing an address, it will continue to do so after 20 May 2026.
NatWest has stressed that there are no new restrictions and no extra checks being introduced. Customers who already use these services should not notice any difference in the day-to-day experience.
The bank says the update is only intended to make its legal position clearer. It wants to continue using biometric data to keep accounts secure and prevent fraud, without repeatedly asking customers to give consent each time.
Will Customers Notice Any Difference When Using Face or Voice ID?
Most customers are unlikely to notice any difference. The face scan in the app and the Voice ID process during Telephone Banking will still look and feel the same.
Customers will still be asked to:
- Look into the camera
- Confirm their identity with a face scan
- Repeat a phrase during a telephone call if they use Voice ID
The way NatWest stores and compares the data is also expected to remain unchanged. The only real difference is that the bank’s privacy notice and terms now describe the process using legitimate interests instead of consent.
Even though the practical experience will stay the same, some customers may still feel uneasy because the wording has changed. That is why NatWest has sent the email in advance.
The bank says, “There are no changes to how you use the app or Telephone Banking.” It also says that it will keep using biometric data “to help protect your account”. Finally, NatWest reassures customers that this protection will continue in the same way as before.
What Privacy Rights Do NatWest Customers Still Have?
NatWest says customers will keep all of their existing privacy rights after 20 May 2026. Even though the bank is changing from consent to legitimate interests, customers still have the right to know how their biometric data is being used.
Customers can ask NatWest:
- Why their biometric data is being processed
- What information the bank stores
- How long the information is kept
- Whether they can object to the processing
Customers may also have the right to object if they believe NatWest does not have a fair reason to continue using their biometric data. NatWest says these rights are explained in its privacy notice.
The bank must also continue protecting biometric information carefully because face and voice data are treated as sensitive personal information under UK law. NatWest says it will only use the data for identity checks and fraud prevention, not for wider commercial purposes.
What Is the Key Takeaway From the NatWest May 20 2026 Alert for UK Customers?
The main message is simple, NatWest is changing the legal explanation for using biometric data, but not the way customers use their account.
From 20 May 2026, the bank will rely on legitimate interests rather than consent when processing face and voice information. NatWest says this helps it continue protecting customers against fraud while keeping the app and Telephone Banking easy to use.
Customers do not need to take any action. The update is mainly an administrative and legal change rather than a practical one.
Even so, the alert matters because biometric information is highly personal. Customers should understand what is changing, why the bank is making the change and what rights they still have.
Reading NatWest’s privacy information can help customers feel more confident about what will happen after 20 May 2026.
Conclusion
The NatWest May 20 2026 alert is not a warning about account problems or a new security threat. It is a notice about how the bank will legally process biometric data in future.
NatWest says the change is designed to support fraud prevention and digital banking, while still protecting customer privacy.
Customers will continue using the app, online banking and Voice ID in the same way as before. However, because biometric data is more sensitive than passwords or PINs, it is understandable that some customers want clearer explanations.
The most important point is that customers still keep their rights and can ask questions if they are unsure. For most people, there will be no practical change after 20 May 2026, but understanding the update can help avoid confusion and unnecessary concern.
FAQs
Is the NatWest May 20 2026 alert genuine?
Yes, the alert is genuine and has been sent by NatWest to customers who use online banking, the mobile app or Telephone Banking. It explains a change to how the bank legally processes biometric data from 20 May 2026.
Will NatWest stop using customer consent completely?
NatWest will stop relying on consent as the main legal basis for biometric data and will instead use legitimate interests. However, customers will still have privacy rights and can object if they believe the use is unfair.
Does the NatWest May 20 2026 update affect passwords or PINs?
No, the update only affects biometric data such as face recognition and Voice ID. Passwords, passcodes and card PINs will continue to work in the same way as before.
Can customers still opt out of biometric approval after 20 May 2026?
Yes, customers can still turn off facial recognition or Voice ID if they no longer want to use these features. They may need to use a card reader or another security method instead.
Will the NatWest app need to be updated before 20 May 2026?
Most customers will not need to install a special update because the change is mainly legal rather than technical. The NatWest app and online banking services are expected to continue working normally.
Is NatWest using biometric data for marketing or advertising?
No, NatWest says biometric data will only be used to confirm identity and prevent fraud. The bank has stated that it will not use face or voice data for advertising or commercial targeting.
Could scammers use the NatWest May 20 2026 alert to trick customers?
Yes, scammers may try to copy the email and ask customers to click fake links or share personal details. NatWest says customers should never give passwords, full PINs or security codes in response to an unexpected message.
