ISO/IEC 18013 & ISO/IEC 19794: Building Digital Identity with Global Standards

Pacific Certifications
5 min read
ISO/IEC 18013 & 19794

Introduction

In the digital age, the establishment of secure, reliable and interoperable digital identities has become an essential building block to guarantee trust in the services provided online. The development and management of digital identity and biometric data in a secure, smooth and globally adoptable part of the ISO/IEC 18013 and ISO/IEC 19794 family of standards is sure to be a pivotal part of all use cases associated with your digital identity, whether that is mobile driver’s licenses (mDL), biometric template protection, secure identity management systems and the like.

In this blog we will take a look at how ISO/IEC 18013, ISO/IEC 19794 and standards that also contributes to active or developing digital identity frameworks, such as ISO 27032 (cybersecurity), ISO 24745 (privacy) and similar standards, will further contribute to the secure, reliable and interoperable development of a globally digital identity framework with security and privacy to comply with globally applicable legal regulations."

Explore how ISO/IEC 18013 and 19794 fit your digital identity roadmap: Consider where mobile IDs, biometric verification, or remote onboarding already play a role in your services.

What are these standards?

Digital identity is at the core of how people engage with services in banking, health care and government. A digital identity needs to be safe, secure and easily verifiable. ISO/IEC 18013 and ISO/IEC 19794 International Standards provide a common approach to managing and protecting digital identities, including biometrics.

For example, ISO/IEC 18013 focuses on mobile driver’s licensing (mDL) use for identity verification while ISO/IEC 19794 outlines a set of biometric data formats that govern how data can be collected, stored and exchanged while protecting privacy and security. Together, this terminology and protocols form a strong suite of standards that support digital trust in global identity ecosystems when including related standards such as ISO 27032 (cybersecurity) and ISO 24745 (biometric data).

Mobile Driver’s License (mDL) Under ISO 18013‑5

ISO 18013 5 is one of several in the ISO 18013 family of standards for mobile driver's licenses (mDL) and provides a valid means of issuing and using a mobile driver’s license.  an mDL is an electronic version of a driver's license, meaning it is a version of a driver’s license that is stored and accessed via a mobile device. mDLs serve as an alternative to traditional plastic driver’s licenses and provide a more secure and convenient option for governments and citizens.

ISO 18013 5 also ensures the mDL is difficult to modified and counterfeit by offering various encryption and authentication methods. ISO 18013 5 prescribes a uniform structure for data encoded on an mDL to ensure that it is machine-readable and can be processed by compliant systems in other parts of the world.

Biometrics Data Quality Requirements with ISO/IEC 29794

ISO/IEC 29794 provides essential guidelines for ensuring the quality of biometric data used in identity verification systems. As biometric data becomes increasingly integrated into identity management, ensuring its quality is critical to maintaining both accuracy and security.

Requirements with ISO/IEC 29794

Key aspects of biometric data quality addressed by ISO/IEC 29794 include:

  1. Identifies minimum quality requirements for biometric images to be sufficiently adequate for matching and verification (e.g. fingerprints, facial images, iris scans).

  2. Describes procedures that ensure biometric data maintain their quality during collection, transmission and storage and that they are not altered or corrupted.

  3. Establishes that biometric data need to be consistent across capture devices and environments to reliability improve biometric matching.

  4. Defines performance standards for a biometric system (e.g. false match rates and false non-match rates), to account for the effectiveness and accuracy of biometric identity verification.

FIDO2 vs ISO 18013: MFA Strategies Explained

Multi-factor authentication (MFA) is a critical component of securing digital identities. Both FIDO2 and ISO 18013 provide frameworks for enhancing the security of identity verification processes, though they approach MFA in different ways.

Aspect

FIDO2

ISO 18013

Primary Use Case

Password less authentication for web applications

Digital identity management, including mDL and biometrics

Authentication Method

Public key cryptography (password less login)

Multi-factor authentication (PIN, mobile device, biometrics)

Interoperability

Cross-platform support for websites and applications

Focus on cross-border identity verification with mDLs

Security Features

Strong encryption, phishing-resistant

Secure issuance of mDLs, encrypted data storage

Target Audience

Primarily digital services and web applications

Governments, transportation agencies and  identity providers

Certification Standard

FIDO Alliance’s FIDO2 standard

ISO/IEC 18013-5 for mDLs

ISO 24745 for Biometric Template Protection

ISO 24745 is an important standard in the area of protection of biometric templates which are digital data files of someone's biometric characteristics (e.g., fingerprints, iris scan, face characteristics).  Biometric templates constitute sensitive personal information so protecting them is very important to privacy and security in a digital identity system.

ISO 24745 for Biometric Template Protection

Additionally, ISO 24745 establishes secure systems of demonstrating biometric templates and comparison matching between live biometric data and stored biometric data present during authentication so no sensitive information is reviewed or revealed. It also supports aligning with privacy regulations such as the European Union's General Data Protection Regulation (GDPR), to ensure the safe and consenting management of biometric data.

For assistance, contact us at support@pacificcert.com.

Zero Trust Architecture and ISO 27032

Zero Trust Architecture (ZTA) is a cybersecurity model that assumes no device or user is inherently trusted, even if they are inside the network. ISO 27032, which focuses on cybersecurity, complements the Zero Trust model by providing guidelines for ensuring the security of digital identities and data during interactions across various digital platforms.

Key aspects of integrating Zero Trust Architecture with ISO 27032 include:

  • In a Zero Trust model, every request for access is authenticated and authorized, ensuring that only verified users can access sensitive systems or data.

  • ISO 27032 provides best practices for managing digital identities, ensuring that access controls are enforced in line with the Zero Trust model.

  • Zero Trust requires constant monitoring of users and devices to detect suspicious behaviour. ISO 27032 helps organizations implement monitoring systems to protect digital identities and prevent unauthorized access.

  • Both Zero Trust and ISO 27032 emphasize encrypting data both in transit and at rest to prevent data breaches and unauthorized access.

Government eID Programs Using ISO 18013

Government electronic identity (eID) programs are among the most significant ways that governments can provide secure, digital access to government services such as healthcare, taxes and public records. ISO 18013 defines how to issue and manage eID systems, ensuring that digital identities used by governments are secure, interoperable and compliant with relevant privacy regulations.

Some critical components of government eID programs using ISO 18013 include; Interoperability which allows citizens to provide a single eID to multiple government services across multiple agencies or jurisdictions. Security which ensures that the eID is secured using strong encryption and multi-factor authentication which helps ensure that the citizens' personal data is protected.

Contact Us

Pacific Certifications can assist your organization in navigating the ISO/IEC 18013 and ISO/IEC 19794 certification process. Our team of experts will help you build secure, interoperable and compliant digital identity systems, ensuring that your AI and identity management systems are trustworthy and aligned with global standards.

For assistance, contact us at support@pacificcert.com.
Visit our website at www.pacificcert.com.

Author: Alina

Read more: Pacific Blogs

Pacific Certifications
ISO/IEC 18013 & ISO/IEC 19794: Building Digital Identity with Global Standards
ISO CERTIFICATIONS
ISO 9001
ISO/IEC 18013 & ISO/IEC 19794
GLOBAL ISO STANDARDS
ISO 18013
ISO 19794

Frequently Asked Questions

What is ISO/IEC 18013 in the context of digital identity?
ISO/IEC 18013 is a family of standards for driving licences, including mobile driver’s licenses, that defines how licence data is formatted, stored, and securely presented on physical cards and mobile devices for identity verification.
What does ISO/IEC 18013‑5 specify for mobile driver’s licenses (mDLs)?
ISO/IEC 18013‑5 sets the technical rules for mobile driver’s licenses, including the data model, security architecture, and protocols for sharing licence information via NFC, Bluetooth, or QR codes between a user’s device and a verifier.
How does ISO/IEC 18013 support privacy for digital identity holders?
The standard supports selective disclosure, allowing users to share only the attributes needed for a transaction—such as age or name—while keeping other personal data hidden, and it relies on strong cryptography to prevent tampering or cloning.
What is ISO/IEC 19794 and how does it relate to digital identity?
ISO/IEC 19794 is a set of biometric data format standards (for fingerprints, face, iris, etc.) that define how biometric templates are captured, stored, and exchanged so that different systems can reliably use them for identity verification.
How do ISO/IEC 18013 and ISO/IEC 19794 work together?
ISO/IEC 18013 defines how a mobile ID like an mDL is structured and presented, while ISO/IEC 19794 defines interoperable biometric formats; together they enable secure, biometric-backed digital identities that can be verified across devices and jurisdictions.
What security features are built into these digital identity standards?
They use public‑key cryptography, digital signatures, encrypted communication channels, and integrity checks so verifiers can confirm that credentials were issued by a trusted authority and have not been altered.
How do these standards help with global interoperability of digital IDs?
By defining common data structures, security mechanisms, and exchange protocols, ISO/IEC 18013 and 19794 allow digital IDs and biometric templates issued in one country to be read and verified by compliant systems in other countries.
Can ISO/IEC 18013‑based IDs be used for online verification?
Yes, newer parts of the series extend mDL use from in‑person checks to remote, online verification, allowing websites and apps to request and verify selected identity data directly from a user’s digital wallet.
How do these standards support user control over personal data?
They are designed so that the holder’s device mediates data sharing, enabling users to consent to each transaction, limit which attributes are shared, and avoid unnecessary exposure of full identity profiles.
Why are ISO/IEC 18013 and 19794 important for governments and service providers?
They provide a globally recognized blueprint for issuing secure, interoperable digital IDs and biometric records, reducing fraud, simplifying cross‑border checks, and enabling trusted digital identity ecosystems for banking, travel, healthcare, and public services.
Pacific Certifications

Pacific Certifications

Looking for ISO Certification? Get in touch now!

Pacific Certifications

Pacific Certifications is an independent, internationally recognized certification body providing third-party audit and certification services for management system standards such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 45001, and other ISO standards. We also provide product certification services and training and personnel certification programs designed to support organizational and professional competence.

Visit Site

Previous Post

Practical Guide to ISO/IEC 23894 & ISO 42001 for Responsible AI

Next Post

ISO 8000 & ISO/IEC 25012: Data Quality Standard for Digital Transformation
Pacific Certifications

Pacific Certifications

Looking for ISO Certifications? Get in touch now!