Papers
Topics
Authors
Recent
Search
2000 character limit reached

GLiNER2-PII: A Multilingual Model for Personally Identifiable Information Extraction

Published 11 May 2026 in cs.CL and cs.AI | (2605.09973v1)

Abstract: Reliable detection of personally identifiable information (PII) is increasingly important across modern data-processing systems, yet the task remains difficult: PII spans are heterogeneous, locale-dependent, context-sensitive, and often embedded in noisy or semi-structured documents. We present GLiNER2-PII, a small 0.3B-parameter model adapted from GLiNER2 and designed to recognize a broad taxonomy of 42 PII entity types at character-span resolution. Training such systems, however, is constrained by the scarcity of shareable annotated data and the privacy risks associated with collecting real PII at scale. To address this challenge, we construct a multilingual synthetic corpus of 4,910 annotated texts using a constraint-driven generation pipeline that produces diverse, realistic examples across languages, domains, formats, and entity distributions. On the challenging SPY benchmark, GLiNER2-PII achieves the highest span-level F1 among five compared systems, including OpenAI Privacy Filter and three GLiNER-based detectors. We publicly release the model on Hugging Face to support further research and practical deployment of open PII detection systems.

Summary

  • The paper presents a multilingual model that uses a schema-driven approach and synthetic data to extract 42 fine-grained PII types at precise character spans.
  • The paper implements a constraint-based synthetic data generation pipeline across seven languages to overcome training data scarcity and ensure diverse entity representation.
  • The paper demonstrates superior performance on the SPY benchmark, achieving higher recall and balanced precision in legal and medical domains compared to public baselines.

GLiNER2-PII: A Multilingual Model for Personally Identifiable Information Extraction

Introduction

GLiNER2-PII addresses the complex problem of detecting personally identifiable information (PII) in unstructured text. The model is designed for high-precision, multilingual extraction of PII, which is critical for compliance with privacy-centric regulatory frameworks such as GDPR and CCPA. The PII extraction challenge is characterized by highly heterogeneous and context-dependent entity types, varied across locale and format, and a scarcity of annotated, shareable training corpora due to privacy constraints. GLiNER2-PII overcomes these obstacles via a schema-driven architecture and the synthesis of a curated multilingual synthetic corpus using a constraint-based generation pipeline.

Architecture and Methodology

GLiNER2-PII is a 0.3B-parameter model derived from the GLiNER2 schema-driven information extraction framework. The model is fine-tuned for exact character-span-level extraction over a granular schema of 42 PII entity types, spanning personal identity, contact/location, government identifiers, banking/payment, digital identity, secrets/credentials, and sensitive dates. This fine-grained inventory allows for both coarse and highly specific redaction strategies, enabling downstream systems to operate at different policy granularities.

At inference, the model consumes an input text xx and a schema Y={(yi,di)}i=1M\mathcal{Y} = \{(y_i, d_i)\}_{i=1}^{M} of target entity types (with optional descriptions), and emits all matched spans with confidence scores. This schema conditioning permits zero-shot and few-shot extension to custom label sets without architectural retraining. The model supports deployment scenarios in diverse regulatory or organizational environments, where schemas are dynamic and fine distinctions between sensitive entity subtypes are necessary.

Synthetic Data Generation

Given the prohibitive challenges of collecting and sharing real-world annotated PII texts, GLiNER2-PII is trained entirely on synthetic data. The data generation pipeline, adapted from the Pioneer Agent's constraint-driven methodology, automates the production of 4,910 texts annotated for span-level PII entities across seven languages (English, French, Spanish, German, Italian, Portuguese, and Dutch). The pipeline conditions LLMs on both structural constraints—e.g., required/entity-type counts, label-exclusion constraints—and diversity constraints (document type, locale, register, tone) to simulate realistic and varied PII occurrences.

This approach enables entity nesting, so for example, a full_name span may overlap with inner first_name and last_name, and a url could encapsulate a credential token. This design supports nuanced downstream policy enforcement, from conservative over-masking to precision masking.

Evaluation Protocol

GLiNER2-PII is evaluated against four strong public baselines: OpenAI Privacy Filter (BIOES-based token classifier), NVIDIA GLiNER PII, urchade/gliner_multi_pii-v1, and knowledgator/gliner-pii-base-v1.0. All models have varying internal categorization schemas, necessitating a deterministic, unified label mapping to the SPY benchmark's seven categories: name, address, email, phone number, ID number, URL, username.

The primary metric is exact-match span-level F1, requiring both label and span boundary alignment. Recall is emphasized due to the high cost of false negatives in real redaction pipelines.

Empirical Results

GLiNER2-PII achieves the highest span-level F1 on both the legal and medical subsets of the SPY benchmark and leads in overall average F1 across the five compared models. Figure 1

Figure 1: Span-level F1 on the SPY benchmark, where GLiNER2-PII exhibits superior overall performance in both legal and medical domains.

The model attains recall scores of 0.722 (legal) and 0.681 (medical), substantially surpassing both other GLiNER variants and the OpenAI Privacy Filter baseline in recall with more balanced precision. While OpenAI Privacy Filter's recall is competitive, its low precision results in excessive over-masking. Urchade/gliner_multi_pii-v1 achieves the highest precision but at the expense of recall, reflecting a conservative extraction threshold. GLiNER2-PII achieves a more favorable balance, prioritizing high recall while maintaining reasonable precision, which is operationally desirable for privacy-preserving pipelines.

Discussion, Limitations, and Implications

A significant observation is that models trained exclusively on meticulously synthesized data from large decoder LMs can generalize effectively to naturally sampled text, even in out-of-domain (OOD) scenarios. This demonstrates the value of schema-diverse and format-varied synthetic annotation frameworks for low-resource privacy NLP. Label granularity in the training schema further assists the model in capturing broader category representations, as evidenced by notable gains in the "name" entity category.

The main persisting limitation is tendency towards false positives, particularly in name extraction, where model confusions include misclassification of organization and product names. Post-hoc techniques such as label-specific calibration or the integration of lightweight filtering modules could mitigate this, offering a pathway to improved deployment robustness.

Notably, evaluation is currently limited to legal and medical datasets, and all synthetic annotations remain unvalidated by human experts. Future directions include human-in-the-loop gold annotation, extending language/domain diversity in training, and end-to-end benchmarking in real redaction pipelines to profile both detection accuracy and inference efficiency.

The practical implication of GLiNER2-PII is the feasibility of deploying efficient, privacy-centric entity extraction components with broad schema adaptability, competitive accuracy, and the ability to plug into diverse international regulatory contexts. The public release of both model weights and codebase supports open experimentation and integration.

Conclusion

GLiNER2-PII establishes new state-of-the-art performance on multilingual span-level PII extraction, surpassing both token-classification and schema-conditioned baselines in F1 and recall. The results provide compelling evidence that synthetic training data, when generated under tightly controlled schema and diversity constraints, can support high-transfer, effective privacy-preserving NLP models. Further refinement and evaluation in broader, real-world conditions—with increased emphasis on calibration and error analysis—will elucidate remaining challenges in robust, high-stakes PII extraction.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 7 tweets with 17 likes about this paper.