Digital Identity and Assurance Levels

March 27, 2024


Understanding different standards and assessing the impact on your organization is very difficult. Therefore we give a comprehensive overview of all the assurance levels for onboarding and the means for eIDAS 1.0, eIDAS 2.0, NIST and Stork and use the reference framework from ISO 29115 to show where they match and where they are fundamentally different.

Onboarding / KYC

ISO 29115 eIDAS 1.0 eIDAS 2.0 NIST Stork
Level 1 No proofing IAL1 RP1
Level 2 Simple ID check Low Low IAL1 RP2
Level 3 NFC + photo check Substantial Substantial IAL2 RP3
Level 4 NFC + Video AI check /
In person check
High High IAL3 RP4

Means / Portable Identity

ISO 29115 eIDAS 1.0 eIDAS 2.0 NIST Stork
Level 1 Password EA1
Level 2 Single factor or minimal secondary Low Low AAL1 EA2
Level 3 Approved 2FA (Authenticator,
App, OTP token)
Substantial Substantial AAL2 EA3
Level 4 WSCD, eID High High High AAL3 EA4

Note 1: There is still no agreement if Iso level 1 is equal to eIDAS low.
Note 2: NIST IAL1, like eIDAS low, does not guarantee the user is a real person.
Note 3: NIST IAL3 requires in person, some other standards do not for the highest level.


eIDAS (EU 2014/910), Article 8, Article 24,

NIST 800-63-3,

ISO 29115,

  • trust service