ISO/IEC 18013-5 is the international standard that defines the structure, security, and verification of mobile driver's licenses (mDLs) used in person. Developed collaboratively by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), it provides the technical foundation for mDLs to work consistently across states, countries, and industries.
What does the standard cover?
ISO/IEC 18013-5 defines several critical aspects of mobile driver's licenses. It specifies the data elements that every mDL must include, defines cryptographic safeguards, data minimization capabilities, and presentation protocols that can support privacy-preserving implementations when combined with appropriate program and policy choices.
The standard ensures that driver information is machine-readable and consistent. Each attribute, such as family_name, birth_date, or driving_privileges, follows a uniform naming convention, allowing any verifier, regardless of jurisdiction, to recognize and process the data correctly. Without this standardization, a system using "dob" and another using "date_of_birth" would fail to communicate.
How does in-person verification work?
The standard specifies two primary methods for presenting an mDL in person: NFC (Near Field Communication) and QR code scanning. Both enable what's called "device retrieval," verification happens directly between the holder's phone and the verifier's reader, without requiring an internet connection.
With NFC, the holder taps their phone against a reader, similar to contactless payments. With QR codes, the holder displays a code that the verifier scans. In both cases, the cryptographic signature embedded in the credential confirms authenticity. The verifier checks the signature against known public keys from the issuing authority and validates that the data hasn't been altered.
This offline capability is essential for resilience. Verification remains effective during network outages, in rural areas with limited connectivity, and even during emergencies or natural disasters.
Where is ISO 18013-5 required?
The Transportation Security Administration (TSA) commonly requires conformance to ISO/IEC 18013-5 for mobile driver's licenses to be accepted at airport checkpoints. States including California, Maryland, Arizona, and Colorado have implemented the standard in their mDL programs. TSA's Credential Authentication Technology (CAT-2) readers are deployed at more than 250 checkpoints, specifically to verify credentials that conform to this standard.
The standard has also been adopted by the American Association of Motor Vehicle Administrators (AAMVA), which provides additional guidance for U.S. implementations, including expanded mandatory fields beyond the ISO baseline.
Want to keep learning?
Subscribe to our blog.
