Understanding the Technical Standards Behind Digital Identity
Digital identity has become a central pillar of our everyday digital lives. Online account creation, customer onboarding, electronic signatures, KYC checks, and access to sensitive services increasingly rely on fully digital, remote processes.
While this widespread adoption delivers significant gains in speed and user experience, it also comes with a sharp rise in identity fraud. In this context, a key question emerges: how can we ensure that digital identity solutions are truly secure, trustworthy, and comparable? This is precisely where technical standards come into play.
A technical standard can be understood as a shared framework or a common language. It defines rules, requirements, and testing methods that make it possible to objectively assess a technology, a process, or a service.
In the field of digital identity, standards serve several essential purposes:
Without standards, each provider would define its own security criteria, making any meaningful comparison between solutions impossible.
The International Organization for Standardization (ISO) develops standards that are recognized worldwide, covering a wide range of technical domains, including identity and biometrics.
One key example is ISO/IEC 30107, a widely adopted reference that defines how biometric systems should be tested against presentation attacks. These attacks occur when someone attempts to fool a biometric system using a photo, a mask, or a pre-recorded video.
The European Committee for Standardization (CEN) acts as the technical arm of the European Union, developing standards tailored to the specific needs of the European market. Its goal is to ensure alignment between technologies and regulatory requirements, particularly those related to eIDAS and electronic identity.
A notable example is CEN/TS 18099, a European standard focused on detecting video and digital injection attacks (Injection Attack Detection, or IAD). It complements ISO biometric standards by addressing more modern and complex threats, such as deepfakes and manipulated video streams.
The European Telecommunications Standards Institute (ETSI) plays a key role as a bridge between technology and regulation. It publishes technical specifications that translate regulatory requirements, such as those defined under eIDAS, into concrete, operational criteria for trust services like electronic signatures, seals, and timestamps.
ETSI 119 461 specifically addresses remote identity proofing and defines technical requirements based on expected assurance levels. It directly relies on standards such as ISO/IEC 30107 and CEN/TS 18099 to define biometric security expectations. In this way, ETSI acts as the link between technological innovation and regulatory compliance.
Standards do more than define what needs to be implemented, they also help measure how secure a process actually is. In the European framework, this assessment is structured around three assurance levels: Low, Substantial, and High.
Conclusion
ISO, CEN, and ETSI standards are not merely technical constraints, they form the foundation of trust for modern digital identity.
In a context of rapidly growing fraud and widespread digitalization, these standards provide a clear, measurable, and shared framework to secure digital journeys, protect users, and enable trust at scale.
Ready to fight identity fraud?
Our facial biometrics experts are at your disposal to discuss your needs.
S’inscrire à notre newsletter
Rejoignez notre Uni-News et retrouvez les dernières nouveautés de la biométrie faciale dans votre Inbox !
Unissey, an ISO 30107-3 certified facial biometric solution to digitize, secure and streamline your remote identity verification processes.
