EU CAPTCHA embodies the results of ISA² Action 2018.08 EU-Captcha . A CAPTCHA is a test intended to distinguish human from machine input. The objective of this action is to offer to the Member States a CAPTCHA solution that is maintained, secure, user friendly and multilingual. It will be delivered as a component that can be operated as a service. Next to this managed service, there is also an open source project available, which you can deploy yourself. More information can be found here

EU CAPTCHA supports three types of CAPTCHA:

Alphanumeric CAPTCHA with audio transcription;

Image rotation CAPTCHA.

EU CAPTCHA can be installed in two ways:

• by integrating with the managed service;
• by deploying the code (.WAR file) on your server/environment.

Manuals and documentation for both installation methods can be found in the respective GitLab folder .

Would you like to know more about the managed service? Please reach out to us:

• Are you working for the European Commission?
  Please send an email to EC-HELPDESK-IT@ec.europa.eu
• Are you working for a different EU Institution, Body or Agency?
  Please send an email to EC-CENTRAL-HELPDESK@ec.europa.eu

Please make sure to mention “EU CAPTCHA” in your request.

A CAPTCHA is a test intended to distinguish human from machine input in order to thwart spam and automatic submission or extraction of data. The user is typically challenged to solve a puzzle that relies on expected capacities of the human brains but whose resolution is complex to automate. Users and, in particular, disabled people are known to dislike CAPTCHAs that are perceived as hindrances. However, no better solution was found so far to protect information systems against malicious automated processes. The characteristics of a good CAPTCHA are:

• Security – The number of non-human users able to solve the puzzle and therefore wrongly identified as being human must be minimised, which implies that the puzzle should be highly complex to automate;
• User friendliness – The number of human users unable to solve the puzzle and therefore wrongly identified as being non-human must be minimised, which implies that the puzzle should be very easy to solve in a short timeframe by any human being.

Several CAPTCHA solutions exist on the market, either provided as components or as services. Unfortunately, they all have one or more of the following shortcomings:

• They provide an insufficient level of security with a high rate of false positives;
• They provide an insufficient level of user friendliness with a high rate of false negatives;
• They are not or insufficiently maintained;
• They do not support internationalisation or multilingualism and, in particular, they do not support all official languages of the European Union;
• They do not support users with disabilities;
• They do not have a licensing model that is compatible with EUPL and, in particular, they cannot be distributed as part of systems provided by public administrations;
• They raise ethical concerns because they collect private data or provide puzzles whose resolution creates commercial value.

The objective of the action is to provide a CAPTCHA service that is:

1. available as a component and operable as a service;
2. secure;
3. user friendly;
4. multilingual with support for all official languages from the European Union;
5. accessible by users with disabilities;
6. compliant with data protection rules and best practices;
7. maintained with continuous support for subsequent versions of the Java Virtual Machine.