Identity Proofing in the Digital Age: Challenges & Key Regulations
Author: María José Prieto
Identity verification in Europe is going through a major transformation. Since the COVID-19 pandemic outbreak, the need for identity proofing methods that can deliver the same level of assurance as face-to-face verification has exponentially increased. As online transactions have grown rapidly – whether opening bank accounts or signing contracts – the ability to establish trust remotely through identity verification methods, has become essential in the fight against fraud and misuse.
To address this challenge, the European Union (EU) comes in with the upcoming
eIDAS 2.0 Regulation
. Its goal is to strengthen trust in electronic transactions and make cross-border services more seamless and secure. At its core lies the EU Digital Identity Wallet (EUDIW), which aims to become a trusted tool for 80% of EU citizens by 2030, extending the reach of high-assurance identity verification across sectors. As sophisticated attacks continue to rise, similar initiatives around the globe are accelerating.
In this context, secure and user-friendly identity proofing isn’t just a nice-to-have, it’s indispensable. Deepfake content is expected to reach 8 million instances by 2025, with deepfake videos increasing by 550% between 2019 and 2024 [1]. Let’s explore why demand for reliable solutions is growing and how they will define the future of digital trust.
What is Identity Proofing?
The European Union Agency for Cybersecurity (ENISA) defines identity proofing as the process of establishing and verifying the authenticity of a person’s identity, whether online or in person, to build trust in digital services and transactions. In the case of remote identity proofing (RIDP), this is achieved through online methods, such as webcams and mobile devices, to authenticate and verify users’ identity. By checking their documents and biometric data, it ensures that the individual behind the screen truly matches its claimed identity.
Identity proofing serves two critical purposes:
- Building Trust in Digital Services: it’s crucial for creating trust in digital services by ensuring the correct person is accessing them, such as for banking or administrative services.
- Establish Digital Identity: it’s used to create other identifying tokens, like qualified certificates or electronic identification means, as defined in eIDAS regulation.
With this in mind, it’s important to clarify that, while identity proofing focuses on confirming that a claimed identity is legitimate, identity verification validates the authenticity of the documents and information provided by a person in a transaction or context.
As digital applications continue to fast evolve across both the public and private sectors, the need for regulatory harmonization has become increasingly urgent. While eIDAS framework introduces pioneering rules on electronic identification and trust services, technical and regulatory gaps have led to inconsistencies across EU Member states.
Identity Proofing at Risk: What are the Top Threats?
Advances in technology have enabled identity verification systems to become more sophisticated, but they have also opened the door to new types of attacks:
Presentation Attacks
These types of attacks attempt to trick biometric recognition systems during the data capture stage. Examples include using photos, masks or other elements to impersonate someone. Those are an active and evolving threat as, due to the lack of physical presence, enforcing effective controls against these attacks remains challenging.
Injection Attacks
Deepfake Attacks
Remote identity proofing plays key today in building digital trust, but it is also one of the most frequent targets to fraud. As technology evolves, the challenge is no longer about preventing attempts, but ensuring the systems remain trusted and reliable through rigorous testing and certification processes.
Key Regulations & Standards Shaping Remote ID Proofing
As the demand for secure, trustworthy, and cross-recognized digital transactions grow, a series of standards and regulations have been established to strengthen the foundations of digital identity systems, covering essential topics such as electronic certificates, person identification, signature devices, and other cybersecurity aspects:
This EU regulation provides the legal framework for secure cross-border digital interactions, building trusts in electronic identification and authentication. It also enables alternatives to in-person checks for issuing qualified certificates, paving the way for remote identity proofing. With the upcoming eIDAS 2.0, identity proofing will go further as trusted entities will issue verifiable credentials through the EUDIW, empowering citizens to authenticate themselves and share attributes with full control over what data is shared.
As a Conformity Assessment Body (CAB), DEKRA supports Trust Service Providers (TSPs) and organizations in demonstrating compliance with eIDAS 2.0 Regulation and more key regulations and standards. Through our audits, we verify that businesses meet the requirements needed for delivering qualified trust services. By combining the strength of Artificial Intelligence, Cybersecurity, and Functional Safety, we offer a holistic approach that enables our clients to confidently embrace next-generation technologies. Through our
Digital Trust Services
, we safeguard what matters most – people, organizations, and products. Let’s drive innovation together, fortified by security and safety!
References:
[1] SQ Magazine, “Deepfake Statistics 2025: The Hidden Cyber Threat”, Online: https://sqmagazine.co.uk/deepfake-statistics/
[2] ENISA, “Remote ID Proofing Good Practices", Online: https://www.enisa.europa.eu/sites/default/files/2024-11/Remote%20ID%20Proofing%20Good%20Practices_en_0.pdf
[3] ENISA, “Remote ID Proofing”, Online: https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Report%20-%20Remote%20ID%20Proofing.pdf