Home Knowledge Base Digital Identity and Assurance Levels

Digital Identity and Assurance Levels

Understanding different standards and assessing the impact on your organization is very difficult. Therefore we give a comprehensive overview of all the assurance levels for onboarding and the means for eIDAS 1.0, eIDAS 2.0, NIST and Stork and use the reference framework from ISO 29115 to show where they match and where they are fundamentally different.Onboarding / KYC

ISO 29115 eIDAS 1.0eIDAS 2.0NISTStork
Level 1No proofingIAL1RP1
Level 2Simple ID checkLowLowIAL1RP2
Level 3NFC + photo checkSubstantialSubstantialIAL2RP3
Level 4NFC + Video AI check /
In person check
HighHighIAL3RP4

Means / Portable Identity

ISO 29115 eIDAS 1.0eIDAS 2.0NISTStork
Level 1PasswordEA1
Level 2Single factor or minimal secondaryLowLowAAL1EA2
Level 3Approved 2FA (Authenticator,
App, OTP token)
SubstantialSubstantialAAL2EA3
Level 4WSCD, eID HighHighHighAAL3EA4

Note 1: There is still no agreement if Iso level 1 is equal to eIDAS low.
Note 2: NIST IAL1, like eIDAS low, does not guarantee the user is a real person.
Note 3: NIST IAL3 requires in person, some other standards do not for the highest level.

References:
eIDAS (EU 2014/910), Article 8, Article 24, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG

NIST 800-63-3, https://pages.nist.gov/800-63-3/

ISO 29115, https://www.iso.org/standard/45138.html[/vc_column_text][/vc_column][/vc_row]