ETSI TS 119 461 Certification: Security Requirements for Digital Identity Authentication

The importance of digital identity verification in the digital landscape is well established. Digital identity verification plays a key role in maintaining security, trust, and compliance across sectors and services. Organizations use identity verification to protect themselves from fraud and unauthorized access while facilitating secure digital transactions.

In July 2021, the European Telecommunications Standards Institute (ETSI) introduced technical standards in the form of the ETSI TS 119 461 certification, defining security requirements for digital identity verification services. This certification framework aims to regulate the capture, processing, and validation of identity proofs, such as documents, data, or biometrics, for the purpose of authenticating individuals.

By obtaining this certification, biometric companies can act as Identity Proof Service Providers (IPSPs) for Qualified Trust Service Providers (QTSPs) and Trust Service Providers (TSPs). It also establishes a framework for issuing qualified electronic signatures.

Requirements for obtaining ETSI TS 119 461 certificate

Certification specifies the requirements for initiating the identity verification process, collecting attributes, verifying them, connecting to the application and issuing digital identity verification results.

The system requires that the attributes presented correspond to the identification of the person. The registration officer can establish a connection to the application manually or automatically using biometric data.

Organizations must establish strong authentication measures to securely store personal biometric data. The system must be able to offer identity verification services through various methods, such as on-site, video, automated hybrid, and NFC-based solutions.

In addition, the system should meet the minimum level of identity verification (LoIP) as required by eIDAS (Electronic Identification, Authentication, and Trust Services). This standard will have an impact on future industry regulations, including the 6th European Anti-Money Laundering Act (AMLD6) and eIDAS 2.0.

ETSI TS 119 461 certification for biometric data protection

The certification focuses on protecting biometric data through rigorous standards for managing digital identity verification services. It ensures that biometric data is captured, processed, and stored using encryption protocols and secure data storage practices.

The ETSI TS 119 461 standard was developed to align with the General Data Protection Regulation (GDPR) to ensure that biometric data are processed in accordance with applicable EU data protection rules.

Industries such as financial services and government commonly use biometric authentication to verify customer identities. These services must comply with regulations such as Know Your Customer (KYC) and Anti-Money Laundering (AML), providing an additional layer of security beyond traditional authentication methods.

Why is certification important?

Companies that achieve ETSI TS 119 461 certification adhere to best practices in biometric identity verification, creating consistency and performance across vendors. This certification provides both businesses and end users with confidence in the reliability and security of the biometric process.

Some of the companies offering biometric digital identity verification services that have obtained ETSI TS 119 461 certification include Onfido, Sumsub, Veridas and IDnow.

In addition, ETSI has presented the ETSI EN 319 401 policy requirements for TSPs, emphasizing risk management and information security. The goal is to ensure that organizations protect digital identities from current threats and have contingency plans to maintain operational fluidity in the event of unforeseen events.

The certification covers various aspects of operational security, including access control, cryptographic controls, physical and environmental security, network security and incident management.

These certificates are important for biometric identity verification service providers as they help ensure the security and reliability of identity verification processes, especially in the European market.

Article Topics

biometrics | certification | data protection | digital identity | eIDAS | ETSI | ETSI TS 119 461 | GDPR | identity verification | identity verification