ETSI 119 461: A European Specification Shaping the Future of Remote Identity Verification

As digital services continue to expand rapidly, remote identity verification has become a strategic necessity — not only for businesses but also for public institutions. But how can we ensure that these verification processes are secure, trustworthy, and recognized across the entire European Union? Enter ETSI 119 461 — a little-known specification today, but one that’s set to become a cornerstone of digital trust in Europe.

What does “ETSI” stand for?

The European Telecommunications Standards Institute (ETSI) is an independent standards body officially recognized by the European Union. It develops technical standards in areas such as telecommunications, cybersecurity, information systems, and, more recently, digital identity.

Its mission is to provide a shared framework for European stakeholders — from governments to technology providers — ensuring interoperability, security, and regulatory alignment across digital systems.

Why the ETSI 119 461 specification might be necessary?

Back in 2014, the EU introduced eIDAS a regulation designed to provide a legal framework for electronic identification and trust services across member states. 

While this regulation aimed to facilitate secure cross-border transactions, it lacked specific criteria for evaluating the assurance levels of remote identity verification services. As a result, several countries created their own national standards — France with its PVID framework, and Romania with ADR, for example. While innovative, these country-specific approaches led to significant inconsistencies in the level of scrutiny applied to identity verification systems across Europe.

ETSI 119 461 was developed to bridge these gaps, offering a common baseline for assessing remote identity verification solutions. It is also expected to serve as a foundation for an implementing act under eIDAS 2, currently under discussion.

Find out why France’s national cybersecurity agency (ANSSI) is already considering aligning its own PVID standard with ETSI 119 461 in the near future.

What does ETSI 119 461 define?

Initially published in 2021 and updated in 2025, this specification outlines a set of requirements for trust service providers and remote identity solution vendors.

To comply with ETSI 119 461, providers must meet rigorous criteria in several key areas:

- Identity verification process:

At the heart of the specification is the identity verification process itself — including identification data  (via photo, NFC scan, or live video), biometric analysis, and automated checks. Depending on the assurance level and the type of identity document presented, manual review may also be required. The specification brings clarity to the role of facial biometrics in this process, detailing what level of reliability is expected based on the use case.

- Technical Robustness of Biometric Solutions

Two certifications are particularly emphasized in the latest version of the specification: ISO/IEC 30107-3, which addresses presentation attacks, and CEN/TS 18099, which concerns injection attacks. These certifications ensure that the facial biometric technologies used cover all types of attacks, including deepfakes. Non-certified technologies can present a real pitfall, as even if the provider implements manual review, their operators would have no way of detecting a video injection attack through a simple manual check. In the context of guaranteeing a substantial or high level of assurance, the use of certified services therefore becomes almost mandatory.

Why ETSI 119 461 is a game changer for Europe?

One of the most significant contributions of ETSI 119 461 is its potential to harmonize remote identity verification practices across the EU. This means fewer regulatory discrepancies between countries and a smoother path for businesses looking to expand across borders.

It also plays a pivotal role in enabling the European Digital Identity Wallet (EUDI Wallet) — a key initiative under eIDAS 2 aimed at empowering citizens and businesses to authenticate and transact securely and seamlessly across the continent.

Finally, as identity fraud continues to rise — costing hundreds of millions of euros each year — ETSI 119 461 strengthens defenses by demanding robust, attack-resistant solutions.

‍

Conclusion

ETSI 119 461 represents a major step forward in building a trusted digital environment in Europe. It elevates the standard for remote identity verification, aligns with regulatory expectations, and paves the way for a unified European approach to digital identity.

‍