Ireland National Children's Hospital Chooses Hikvision End-to-End With Facial Recognition

By Charles Rollet, Published Dec 05, 2019, 07:23am EST

The world's most expensive hospital project ever, the New Children's Hospital in Ireland, has chosen an all-Hikvision surveillance system including specialized facial recognition cameras, IPVM has found.

IPVM Image

Privacy experts and an Irish politician raised serious concerns about this to IPVM, due to the sensitivity of deploying facial recognition in a children's hospital and the use of Hikvision cameras given its recent human rights sanctions and China government control.

The NCH, which is currently under construction in Dublin, has already attracted controversy for its spiraling price tag which now stands at $2 billion.

In this report, IPVM examines:

  • NCH Background/Scope
  • Ireland Hikvision Scrutiny On Parliament Cameras
  • FOI Request Reveals Hikvision Cameras/Equipment
  • Integrator: Stanley Security
  • No Further Contract Details
  • NCH Says Face Rec Details "Not Yet Been Decided"
  • "Less than 3%" of Cameras Face Rec Model"
  • Privacy Experts: Facial Recognition Cameras in Children's Hospital "Alarming"
  • Concerns Over Using Hikvision Given Recent Human Rights Sanctions

NCH Background

The NCH, planned for decades, is meant to centralize Ireland's three main children's hospitals into one.

IPVM Image

It is mostly known for huge cost overrun issues, with costs almost tripling to about $2 billion, as the video below shows:

Project Scope

The NCH will be "one of the largest buildings in Ireland" according to its builder, with seven stories, 470 beds, and 1,000 parking spaces. The full complex, including 4 acres of gardens, will total around 1.7m square feet (160,000 square meters).

Prior Hikvision Scrutiny on Parliament Cameras

There are no restrictions to using Hikvision equipment in Ireland, however, Hikvision cameras have raised concerns chiefly due to their use in Irish parliament (Leinster House):

  • In June 2018, as the US NDAA ban was set to pass, the Irish Sun reported that Leinster House and Garda (police) stations were using Hikvision cameras.
  • In April 2019, a member of Ireland's parliament, James Lawless, raised concerns about potential espionage over the Hikvision cameras in Leinster House.

IPVM Image

Generally speaking, however, Ireland has not seen anywhere near the level of Hikvision scrutiny seen in the US or even the UK and Australia.

FOI Request Reveals Hikvision Cameras

IPVM made a Freedom of Information request about the NCH's video surveillance system, and we received one detailing all the "equipment brand and models being used on the NCH project":

IPVM Image

The FOI consisted entirely of Hikvision spec sheets for the following products, notably the Dual Lens face recognition camera which was recently tested by IPVM:

IPVM Image

  • iDS-2CD8426G0/F-I DeepinView Dual-Lens Face Recognition Camera
  • DS-2CD2755FWD-IZS 5 MP WDR Vari-focal Network Dome Camera
  • DS-2TD2136T-10 Thermal Network Bullet Camera
  • iDS-2CD6810F/C Indoor Dual-Lens People Counting Camera
  • DS-2DE4A425IW-DE 4 MP 25× Network IR PTZ Camera
  • DS-2DF8425IX-AEL(W) (C) 4MP 25× Network IR Speed Dome
  • DS-2CD63C2F-I (V) (S) 12 MP Network Fisheye Camera
  • DS-2CD4A26FWD-IZ(H)(S)/P 2MP Low Light ANPR IR Camera
  • DS-2CD6D54FWD-(I)Z(H)(S)(/NFC) EXIR Flexible PanoVu Network Camera
  • DS-2CD2555FWD-I(W)(S) 5 MP EXIR Fixed Mini Dome Network Camera

As well as various servers including Hikvision's AI recorder:

  • DS-96000NI-I16/H SERIES NVR
  • iDS-96000NXI-I16/I24 DeepinMind Series NVR
  • DS-6900UD Series Decoder

And managing the entire system, Hikvision's proprietary VMS / CMS:

  • HikCentral V1.2 Central Management System

Hundreds of Cameras or More, IPVM Estimates

While NCH would not disclose the camera counts or pricing, we estimate in the range of a million Euros for the project including at least hundreds of cameras. Given the size of the hospital campus, the variety of high-end models selected (facial recognition, ANPR, PTZs, people-counting, etc.), this is a large project.

Stanley Security Integrator

The FOI request also named Stanley Security as the integrator:

IPVM Image

Stanley Security, despite its parent company Stanley Black & Decker touting its all-American history, is a major Hikvision camera buyer and even boasted of making a "multi-million dollar investment" into Hikvision products just days before the USA NDAA ban.

No Further Details

IPVM requested full contract details, including price, but these were not granted to us as this was deemed "commercially sensitive" information.

NCH No Comment on Hikvision Use/Human Rights Concerns

IPVM asked about Hikvision's Xinjiang sanctions and we received a generic response ignoring this question:

The safety of patients, visitors and staff at the new children’s hospital is of paramount importance to everyone working on the new children’s hospital project.

Stanley Security Systems, who have been working in this area for more than 25 years, were successful in the competitive procurement process for the installation of the security systems at the new children’s hospital.

NCH Says Face Rec Details "Not Yet Been Decided"

Using facial recognition on children is highly sensitive; in both Sweden and France, schools that attempted to use facial recognition were banned from doing so by data regulators due to the GDPR, which Ireland is also subject to.

IPVM Image

IPVM asked the NCH directly why it had specified facial recognition cameras and we received this response:

It has not yet been decided which aspect of this technology’s many capabilities will be used in the new children’s hospital. This decision will be taken nearer the opening of the hospital by Children’s Health Ireland and will be in line with Irish and European data protection and privacy legislation and in such a way as to ensure that the occupants of the hospital have the right protections afforded to them, in line with their privacy rights.

The claim of 'not yet been decided' is questionable since specifying these specialized cameras that cost 5 to 10 times what a conventional Hikvision camera costs for the express purpose of delivering facial recognition indicates a decision to deploy facial recognition.

"Less than 3%" of Cameras Face Rec

IPVM emphasized this to the NCH, to which they responded:

Less than 3% of the cameras procured for the new children’s hospital are the iDS-2CD8426G0/F-I [facial recognition] model. Only the hardware of the cameras have been procured at this point. The software will be procured nearer the opening of the hospital. What software is procured – and consequently what aspects of the many capabilities of the cameras is utilised – will be determined by Children’s Health Ireland and will be in line with Irish and European data protection and privacy legislation and in such a way as to ensure that the occupants of the hospital have the right protections afforded to them, in line with their privacy rights. [emphasis added]

However, the software has already been procured from Hikvision. What the NCH misunderstands is that Hikvision bundles in the facial recognition software with their cameras and recorders that they have already purchased. Someone at Stanley or the NCH knows this because that is the sole reason to pick those specific Hikvision facial recognition cameras. If they intended to procure (or not) facial recognition later, they could simply buy far less expensive conventional Hikvision cameras.

Moreover, the 3% figure implies 10 or more facial recognition cameras, based on our estimate of total system size. 10 facial recognition cameras placed at entrances or key chokepoints (as is common industry practice for such designs) would be able to capture virtually all people that come to the hospital.

Privacy Experts: Facial Recognition Cameras in Children's Hospital "Alarming"

IPVM Image

Rossa McMahon, a solicitor with PG McMahon Solicitors, told IPVM the prospect of facial recognition at the NCH was "alarming":

It is difficult to understand or accept what utility facial recognition has in a healthcare setting, or how it would be appropriate. It is important to know what the technology would be used to recognise. Any such system requires a database of faces to be effective, so we need to know whether the technology would be used for staffing purposes, patient tracking or for security reasons. All those uses raise serious issues, however, and one wonders where the hospital will obtain its database of facial scans to begin with. The fact that such technology could be used in a healthcare setting specifically constructed for children is alarming. [Emphasis Added]

IPVM Image

Katherine O'Keefe, data protection consultant at Castlebridge, had similar worries due to GDPR and the sensitivity of data of children/hospital patients:

I’d have immediate concerns about the lawfulness of using facial recognition in this context, as well as it being disproportionately invasive. The first thing I’d ask is “what is your lawful basis for using facial recognition?” and the second thing I’d ask is “where is your Data Protection Impact Assessment?” Any new installation of CCTV requires a DPIA, and potential use of facial recognition, recording information relating to people in hospital, and recording information about children are all specifically called out as higher risk operations that require extra care to avoid being unnecessarily invasive and to make sure what you are doing is lawful, necessary, and proportionate. [Emphasis Addded]

Concerns Over Using Hikvision Given Recent Human Rights Sanctions

IPVM Image

James Lawless, the member of Ireland's parliament who previously raised concerns about Hikvision cameras in Irish parliament, called out the NCH's use of Hikvision over the company's Xinjiang ties (which it was recently sanctioned over) and PRC government backing:

Yes I would have similar concerns here. Why is the state installing advanced surveillance techniques from a source that is known to be dubious in one of the largest capital projects currently underway? When we see what has happened to the Uighur Muslims recently and the type of Orwellian state system that is in force in the Xinjiang province it had to raise questions about western governments use and purchase of similar equipment. All Chinese companies have a legal obligation to the Chinese state to collaborate and divulge information if required. I understand that Hikvision is in fact a wholly owned subsidy of the Chinese government. Ireland already has a defence exposure due to a lack of investment in cyber security and now with Britain leaving the EU we may have less cover from our neighbour in terms of intelligence sharing. It is time we accustomed to modern espionage and state capitalism techniques and protected ourselves and our citizens accordingly. [Emphasis Added]

Stanley Security No Response

IPVM did not receive any response to questions we sent Stanley Security.

No Response on DPIA

IPVM asked the NCH and Ireland's data protection regulator, the DPC, whether the NCH had submitted a DPIA but we have received no response on this yet.


There are clearly serious questions being raised about the NCH's video surveillance system, but the hospital's responses provide little clarity.

On the positive side for Hikvision, this shows that large corporations like Stanley and governments like Ireland continue to stand by purchases of Hikvision.

However, privacy and political concerns, especially over GDPR and human rights concerns, portends increased scrutiny over Hikvision's use in high-security projects.

1 report cite this report:

2020 Video Surveillance Cameras State Of The Market on Jan 03, 2020
Each year, IPVM explains the main advances and changes for video surveillance...

Comments (40)

Only IPVM Members may comment. Login or Join.

Am I wrong or is Anyvision an Irish technology?

I believe Anyvision started off in Israel, but given the great tax shelters offered in Ireland, they may have immigrated...

Irish technology?

That's right at least partially. Their CTO, Neil Robertson, and a lot of their research is from Queen's University Belfast, Ireland. Correction: Northern Ireland, UK.

Belfast is in Northern Ireland which is part of the UK, not Ireland.

Never let the truth get in the way of a good IPVM story….

Never let the truth get in the way of a good IPVM story….

The truth of what? I made a mistake saying Belfast was in Ireland, instead of Northern Ireland. It's a mistake, which was corrected, but it's immaterial to the 'story' here that has made a half dozen newspapers across Ireland and the UK.

Would it not also be considered on the island of Ireland?

It is difficult to understand or accept what utility facial recognition has in a healthcare setting...

perhaps Mr. McMahon is anti-face recognition in general, since the utility to healthcare seems obvious:

Hmmm....there might be a case for facial recognition as regards infant kidnapping.

"difficult to understand or accept what utility facial recognition has in a healthcare setting, or how it would be appropriate"

The alternative is what - photocopied pictures of known suspects taped to the wall of the security hut?

It seems only automated facial recognition is a problem.

It definitely would be on a system consisting of over 1000 Hik cameras I'd say, it would not make for a nice and efficient control room environment.

I have couple hospitals using face rec. Hospitals are very vulnerable and so are the employees, patients, and visitors. Hospitals are using face rec to be aware of people who have caused problems in the past. This includes robberies, fights, etc.

The NCH is a typical project for Ireland; way over budget creating many Millionaires in the supply chain and with politicians sitting on their hands watching it all happen. As they have gone over budget in the most ridiculous way corners are now being cut. I know that various proposals were submitted for CCTV which were based on reputable non Chinese brands but in the end it was all down to saving as much money as possible. At the time the specification for the CCTV system was released Hikvision didn't even have the products that could match the requirements, but when money becomes the key factor those requirements were easily forgotten about.

At the time the specification for the CCTV system was released

Do you have a copy of the original specification you could share with us? if so email me /

As with all large projects and when consultants are involved with the large M&E firm the products and specifications being recommended are usually because the consultant has some ties/ relationships with a particular distributor/ manufacturer. In the case of the NCH, the rumors would suggest a HIK distributor being connected with the security consultant.

It appears to me from the original comment that Hikvision was not included in the original specification. Sounds like it may have been value engineered into the project by a 'connected' distributor or integrator (Stanley). Either way it would be interesting to find out who shoe horned them into this project.

Agree, this is how it goes. An uneducated consultant being educated by an uneducated distributer being educated by a sales person from a company that doesnt give a s**t! Likely a copy and paste A&E specification job as usual.

Agreed, unless Hikvision was included during VE, then the consultant typical has very little say on who get included in the specification.

The specification wasn't at fault here, although it went out the window with the baby and the bath water fairly quickly. Money spoke in the end, not the interest of the NCH or anybody else for that matter. The specification asked for features which a Hikvision only solution could not produce at the time and I highly doubt if it would be able to do it now, a year down the line.

Curious, what actual features on the original specification for NCH from a video surveillance prospective is not possible on a end-2-end HIK solution?

HIK, Dahua etc. don't exactly fail on features, they fail on other aspects that aren't directly obvious on a spec. sheet usually...

HIK, Dahua etc. don't exactly fail on features, they fail on other aspects that aren't directly obvious on a spec. sheet usually...

Well on the CMS / VMS side, HikCentral is fairly new and limited compared to 20-year-old VMSes providers like Milestone and Genetec. I have not examined the details of the Hospital spec but that is potentially a risk, more so than cameras.

There is a core business principle of fitness for purpose at minimum cost. OJEU tenders are generally awarded on a commercial bias, so the tax payers euro is better focussed at point of health service delivery than an more expensive camera that does exactly the same job. Whilst there is a clear argument against the use of Hikvision on the grounds of domestic Chinese policies, virtually everyone you speak to says the same thing "This is all part of Trumps trade war and is just a bargaining chip". the US may have a different take on it - but at this article is EU based, its only fair to give an EU perspective.

I agree with you that if the cameras do the same thing at a lower price then there is no issue and maybe thats the case. The VMS doesnt do the same thing though, no way. For any large system installed into a project that is likely to be expanded and reconfigured through its lifecycle (assuming 10 years before a significant refit) you have to have an open platform VMS. What happens in 18 months when they add 20 more cameras? Can they add Bosch or Axis or anything else for that matter? What if a camera is released to market next year with some new technology or feature that they think they need, can they add it?

That's a fair comment. But we'd really need to drill into what is expected of the VMS. Certainly IVMS is not great, and early centrals were not much better - but I know its been significantly improved. There is an argument also against the like of Genetic - in that they may pull the plug on integration with your preferred camera manufacturer, giving further strength for an end to end solution. the hospital security environment varies massively from systems only used for parking revenue generation, to a fully configured 24/7 manned control room hosting fully integrated EACS/IDS/CCTV/Intercom etc....

So it really is horses for courses - or put better - fitness for purpose.

I would have to say though, based on my experience of the UK Hospitals, the reality is that although facial recognition may have been sold and 'bigged-up', the reality of the situation is that it is unlikely to be deployed. The Mk 1 eyeball is better that an AI I've used and is invariably what the security personnel use.

The facts are simple. The whole hospital project is massively over budget (nearly double the original Euro 983m) and frankly, pragmatism takes precedent over any moral objections to a country of origin for a consumable piece of equipment.

On a technical point, Hik are usually at the cutting edge (often bleeding edge!) of technology release - so the chance of Bosch bringing anything out that would beat Hik are not high (although the price tag would be). as I say - as an end to end solution on a project where the costs are out of control - this seems an entirely logical decision and will be based upon a performance specification and value engineering - like 90% of open tenders in the EU.

Unfortunately the 'cutting edge' technology has been going hand in hand with many issues varying from Cyber Security and hacking as well as the Chinese State controlled stake in Hikvision. Then of course there is the political side of things with the human rights disaster that is Xinjiang and Hikvision's contribution there. Not something you want to get involved in as the Irish Government.

And if the 'cutting edge' technology is no longer ONVIF compliant what good is it in 5 years time. Sure Genetec can pull the pin on an integration but they normally do it for a very good reason.

Value engineering is a big issue and normally boils down to matching the camera count at the lowest possible price making huge sacrifices when it comes to functionality and often leaves end users with systems that are not fit for purpose, that's my experience. Scaling down on CCTV to save costs on a project that has gone more than a Billion Euro over budget is ridiculous. This is all about main contractors maximizing their margins, the budgetary damage on the NCH is already done. Cutting the back side out of the CCTV will make no difference...

Let's not forget the cyber security issues which came along well before the problems in Xinjiang were highlighted. Issues that were denied by Hikvision for a very long time until it was that clear that they were lying they had to start admitting to them. They even had to hire crisis writers and other PR people trying to manage the fall out. On top of that the fact that the brand was expelled from ONVIF surely should be taken in to consideration as well. A camera might be cheaper to buy now and be may be deemed to 'do the same thing' compared to a more expensive version but what is the cost of long term ownership to the NCH. Buy cheap buy twice sounds anecdotal but most professionals in our industry know there's a truth in this as well. Total cost of ownership over time as well as usability should way very heavy in the decision making on any system over 1000 cameras.

Update: Charle's report has now been picked by The Sunday Times:

Their report does not meaningfully add much to ours but it certainly gives it a broader local audience inside Ireland and the UK.

The Business Post (the biggest business newspaper in Ireland) also published similar article in there printed Sunday newspaper in Ireland and online here.

There will be several more twists and turns in this project as it keeps going further over budget. Some have mentioned the total project costs to go close to 3 Billion Euro, yes 3 Billion Euro for a Children's Hospital. This for an Island nation with a population of 4.5 Million, absolutely ridiculous. Another one of these projects where the government took their eye off the ball and let incompetency run riot. This is the same government that recently ordered a printer worth 1 Million that had to be sent back as it did not fit in to the building it was meant to go in. Many Contractors are already standing to make millions out of their share and try to further increase their margins by cutting corners including CCTV.

The CCTV tender process is now beyond a joke and has fallen victim to the famous race to the bottom, a race of which we know will have no winners.

A very substantial CCTV system comprising of, going by the time scale, non ONVIF compliant equipment if it all goes ahead.

This for me shows the state of the market in Europe in general. You have a 'high end' building of national significance with an end to end low rent CCTV solution. 5 years ago a project of this size and significance would be something like Bosch or Axis cameras connected to a Milestone or Genetec VMS type solution (mid - high end cameras and enterprise VMS). I'd assume this system is in the 500 - 1000 camera count connected to embedded NVR's. I wonder what network the cameras and NVR's are connected to probably an enterprise solution like Cisco (managed by the It dept and noting to do with the security dept) or have they kept the cheapest hardware we can find mentality throughout? Do China make cheapest price medical equipment?

For me the facial recegnition is a non event, childrens hospitals are sensative and if you have a solution that can attempt to detect faces from a known blacklist for example then that is no bad thing (I know GDPR rules dont agree with my opinion!).

What is important for me is how the information/data is managed by the facial system. Who has access to the system? What is the process for requesting data by third parties or the Police? What is the data retention policy? Are the servers secure and installed in a secure envoirnment? What is the process for an employee or contractor to access that secure area? Is there remote access to the network\servers? Who has remote access? is it secure?

Storing sensative data is something that the IT industry has done for years. Mostly very sucessfully at the top end such as banks and governments (not prefect I know). When sensative data is managed by incompetent designers and operators bad things can happen, there have been many exampels over the years.

I have yet to meet a security consultant or mainstream security integrator that has even the slightest clue how to manage and protect sensative data like that generated by facial recegnition systems. End users buy a system like this because their consultancy team tells them to, the consultancy teams are being 'educated' by the manufacturers and in my expierence most of them are way behind the curve.

In allot of cases our industry has become a lowest price war with blatent disreguard for standards or practices that have existed in the IT space for years. This is maybe okay in a shopping mall or a hotel but its happening in hospitals and government\military projects now also.

It appears Hikvision may not have been in the original specification as was mentioned above. Therefore it was probably VE'd into the project by others. GC, Integrator (Stanley), and/or connected distributor are probably the culprits.

“I understand that Hikvision is in fact a wholly owned subsidy of the Chinese government.“

I thought the Chinese governments’ stake was 40%? Has this changed?

That quote is from the Ireland Parliment Member in the post. No, it's not 'wholly owned', the Chinese government is the controlling shareholder of Hikvision.

UPDATE: Our story has now been covered by numerous Irish/UK newspapers, including:

Most notably, Ireland's main civil liberties organization, the Irish Council for Civil Liberties (ICCL), issued a strong statement against the use of face rec at the NCH:

The New Children’s Hospital contracting face surveillance technology for children accessing medical care would be incredibly invasive. Children are afforded enhanced personal data protections under the law. Deploying this tech in this manner would run afoul of those protections. It’s expensive, inaccurate, discriminatory, and in this situation, likely unlawful. [emphasis added]

The ICCL also called out Hikvision's human rights track record:

To protect everyone’s rights, including children’s, the state should not install these face surveillance systems in hospitals in the first instance, and certainly not in cooperation with private surveillance companies with controversial rights track records. A data protection impact assessment would demonstrate the risks. Has the New Children’s Hospital conducted one?

Ireland's data regulator, the DPC, also reacted to this news, telling the Irish Examiner that a DPIA is "likely to be mandatory" for such a case:

We would also advise that conducting a Data Protection Impact Assessment is likely to be mandatory in these cases, given that the processing would possibly involve new technologies, children’s data, and special category data as defined in Article 9 of the GDPR as well as large scale processing in a publicly accessible area.

Update: The Sunday Times has a letter from the Irish Council for Civil Liberties declaring:

It is all coming together now. As Face Recognition was never part of the specification, probably for a good reason, it must have been thrown in to the mix by someone as 'a good idea' without giving the legalities much thought and probably proof that those who were making the decisions were not up to speed with what's legal and what isn't in Ireland.

Update: This story is now getting a second series of news coverage in Ireland, with the Irish Times saying: Controversial cameras needed at children’s hospital ‘to prevent babies being taken’, quote:

Controversial facial recognition technology is being installed in the new national children’s hospital in order to prevent babies being snatched, local politicians in Dublin has been told....

Eilísh Hardiman said the hospital’s CCTV system has a built-in capacity to control access by way of facial recognition technology, but that no decision had yet been made to use such technology.

This is both factually wrong and difficult to accomplish.

One, the Hikvision equipment they bought for facial recognition is not for access control but for alarming on watchlists. Hikvision has other products designed for facial recognition access control (i.e., each person presents their face to be allowed in) but this is not the correct product for that.

Moreover, this will only even theoretically attempt to alert on babies been snatched if the person doing the snatching is already on the watchlist.

Justifying this with 'baby snatching' has strong emotional appeal but the reality is that what they bought and what they are trying to do here is not going stop baby-snatching.

Has anybody personally witnessed a camera jump off a wall to save a baby from being taken?

John there are too many people involved in this project who lack all knowledge about what's technically possible and what not when it comes to AI and they simply go by what they were told/sold. No kit has been bought or ordered yet if my info is correct and I for one highly doubt that this will actually happen anytime soon.

There are elections coming up in Ireland on February 8th and I think we might see some changes after that. There is already some significant push back from politicians and as we know various other groups and organizations.

Update: although not directly related, the Dublin City Council has confirmed that it has replaced four Hikvision cameras on a soccer pitch with "conventional CCTV cameras" after local media raised privacy concerns about the system, chiefly the fact that it was connected to Hikvision DeepInMind NVR (which is capable of face rec.)

A DCC spokeswoman told national outlet The Business Post that it doesn't plan to use Hikvision cameras anywhere else, either:

Hikvision cameras were not installed in any other projects, only conventional CCTV cameras. DCC does not propose to use Hikvision cameras [at any other location]

One of Ireland's main civil liberties organizations, the Irish Council for Civil Liberties, tweeted that Hikvision's cameras are "used in China's re-education camps" (as IPVM has reported) and urged the National Children's Hospital follow the DCC's lead:

IPVM Image

Loading Related Reports