Standards & Compliance

Why Digital Identity Standards Matter

ISO 18013-5, ISO 18013-7, and OpenID4VCI are the technical standards that make mobile IDs interoperable, secure, and privacy-preserving. Here’s why they matter for every organization that verifies identity.

Why Shared Standards Are Essential

Digital identity is only useful if it works everywhere. A mobile driver’s license issued by California should be verifiable in New York, at an airport in Texas, or by a federal agency in Washington, D.C. This kind of universal interoperability does not happen by accident. It requires shared technical standards that every participant in the ecosystem agrees to follow.

Without standards, every state would implement mobile IDs differently, every wallet would store credentials in proprietary formats, and every verifier would need custom integrations for each issuer. Standards eliminate this fragmentation by defining a common language for how credentials are structured, transmitted, and verified.

Think of It Like USB

Before USB, every device had its own proprietary connector. USB created a universal standard that made any device work with any computer. Digital identity standards do the same thing: they let any compliant mobile ID work with any compliant verifier, regardless of who issued the credential or which wallet stores it.

What Standards Enable

Digital identity standards provide four foundational guarantees that make the entire ecosystem viable.

Interoperability

A credential issued by any compliant authority can be verified by any compliant reader. No custom integrations required.

Security

Cryptographic protocols ensure credentials cannot be forged, cloned, or tampered with. Every verification is mathematically proven.

Privacy

Selective disclosure is built into the standard. Holders share only the specific data elements requested, nothing more.

Trust

IACA certificate chains create a verifiable chain of trust from the credential back to the issuing government authority.

Key Standards Powering Mobile IDs

Three core standards define how mobile credentials are issued, presented, and verified across the ecosystem.

ISO/IEC 18013-5

In-Person Mobile ID Verification

ISO/IEC 18013-5 is the foundational standard for mobile driver’s licenses. Published by the International Organization for Standardization, it defines how a mobile device presents identity credentials to a verifier in a face-to-face interaction. This is the standard that makes it possible to tap your phone on a reader at a bar, stadium, or government counter to verify your identity.

Key Technical Elements

✓NFC and QR code device engagement✓Bluetooth Low Energy data transfer✓CBOR-encoded credential data structure✓Mobile Security Object (MSO) for signing✓IACA certificate chain validation✓Selective disclosure of data elements✓Device authentication and session encryption✓Anti-relay and anti-clone protections

ISO 18013-5 is the most widely adopted mDL standard, supported by Apple Wallet, Google Wallet, Samsung Wallet, and state mobile ID apps across the United States.

ISO/IEC TS 18013-7

Online & Remote Mobile ID Presentation

While ISO 18013-5 covers face-to-face scenarios, ISO/IEC TS 18013-7 extends the framework to online and remote contexts. This standard defines how a mobile ID can be presented over the internet, enabling use cases like online age verification, remote identity proofing for financial services, and digital onboarding workflows.

How It Differs From 18013-5

✓Browser-to-wallet communication protocols✓OpenID4VP integration for presentation✓REST API-based credential exchange✓Same-device and cross-device flows✓Session binding for anti-replay✓No NFC or Bluetooth required

ISO 18013-7 is a Technical Specification (TS), reflecting its emerging status. It is being actively developed and piloted, with growing adoption expected as online identity verification demand increases.

OpenID4VCI

Standards-Based Credential Issuance

OpenID for Verifiable Credential Issuance (OpenID4VCI) is an open standard from the OpenID Foundation that defines how credentials are issued from an authority to a digital wallet. While ISO 18013-5 and 18013-7 handle the presentation and verification side, OpenID4VCI addresses the other half of the lifecycle: getting credentials into wallets in the first place.

Core Capabilities

✓OAuth 2.0 authorization framework✓Pre-authorized and authorization code flows✓Support for mDL (mdoc) and W3C VC formats✓Credential offer via URI or QR code✓Proof-of-possession binding✓Batch credential issuance

OpenID4VCI builds on the widely-deployed OAuth 2.0 protocol, making it familiar to developers and straightforward to implement alongside existing identity infrastructure.

How Standards Enable the Verification Flow

Standards define each step of the mobile ID verification process, from initial device engagement through cryptographic validation.

Step 1

Device Engagement

ISO 18013-5 / 18013-7

The standard defines how a verifier and a mobile device establish a secure connection. In person, this happens through NFC tap or QR scan (18013-5). Online, it uses browser-to-wallet communication protocols (18013-7). Both methods ensure the connection is authenticated and encrypted.

Step 2

Selective Disclosure

ISO 18013-5 Section 8

The verifier sends a request specifying which data elements are needed (e.g., over-21 status, name, photo). The holder reviews and approves the request on their device. Only approved elements are transmitted, preserving privacy by design.

Step 3

Cryptographic Validation

IACA Certificate Chain

The verifier checks the credential's Mobile Security Object (MSO) against the issuing authority's IACA certificate. This mathematical validation confirms the data is authentic, unaltered, and issued by a trusted government authority, all without contacting the issuer.

Read the Standards

For technical teams looking to dive deeper, here are the official standard documents and specifications.

ISO/IEC 18013-5:2021

Personal identification - ISO-compliant driving licence - Part 5: Mobile driving licence (mDL) application

View Specification ISO/IEC TS 18013-7

Personal identification - ISO-compliant driving licence - Part 7: Mobile driving licence (mDL) add-on functions

View Specification OpenID4VCI

OpenID for Verifiable Credential Issuance - OpenID Foundation specification

View Specification

Why This Matters for Your Organization

Choosing standards-based verification is a strategic decision that affects your organization’s long-term flexibility and readiness.

Interoperability Across States

Standards-based readers accept mobile IDs from any compliant state. As more states launch mDL programs, your verification infrastructure works with all of them without custom integrations.

Regulatory Readiness

Government procurement and compliance frameworks increasingly reference ISO 18013-5. Building on recognized standards positions your organization for regulatory alignment as digital ID mandates expand.

Vendor Independence

Standards prevent vendor lock-in. Your mobile ID verification does not depend on any single wallet platform, device manufacturer, or credential provider. Switch components without rewriting your system.

Continue Exploring

Digital Identity Guide

What Are Mobile IDs, Digital IDs, and Verifiable Credentials?

New to digital identity? Start here for a comprehensive introduction to mobile IDs, mDLs, and verifiable credentials.

Issuing State Tracker

mDL Issuing-State Tracker

See these standards in action. Track which states have launched mDLs and which wallet platforms they support.

Build on Standards-Based Verification

Credence ID’s verification platform is built on ISO 18013-5 and designed for interoperability across every major wallet and state mDL program. Future-proof your identity verification infrastructure.

Talk to Credence