ISO/IEC 18013-5 is an international standard, formally titled "Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application," that specifies the technical requirements for issuing and verifying a driving license using a mobile device. It defines a cryptographically secure data structure and a standardized communication protocol, enabling a holder's smartphone to present verifiable credential data to a relying party, such as a police officer or a merchant, without revealing unnecessary personal information. This standard is pivotal for creating interoperable digital driver's licenses that can be recognized and trusted across different jurisdictions and verification systems.
LABS
Glossary
ISO/IEC 18013-5
ISO/IEC 18013-5 is an international standard that defines the technical specifications for issuing, storing, and presenting mobile driver's licenses (mDLs) and similar credentials using verifiable credential principles.
Chainscore © 2026
definition
INTERNATIONAL STANDARD
What is ISO/IEC 18013-5?
ISO/IEC 18013-5 is the technical standard that defines the mobile driving license (mDL) data model and communication protocols for secure digital identity verification.
The core innovation of the standard is its focus on privacy-by-design and user consent. It employs a selective disclosure model, allowing the mDL holder to reveal only specific data attributes (e.g., "over 21") instead of the entire document. Communication typically occurs via proximity technologies like Bluetooth or NFC using a QR code initiation process, ensuring the verifier never directly accesses the holder's device. The data is signed by the issuing authority (e.g., a state's Department of Motor Vehicles) using Public Key Infrastructure (PKI), allowing the verifier to cryptographically authenticate the data's origin and integrity without an online connection.
For implementation, the standard details two primary operational models: the Device Retrieval model, where the verifier's device reads data directly from the holder's device, and the Holder Presented model, where the holder transfers data via a visual code. It specifies the mandatory and optional data elements (from the ISO/IEC 18013-1 physical card standard), cryptographic suites, and the structure of the Mobile Security Object (MSO), which contains the signed data. This technical rigor ensures that an mDL is as legally and functionally robust as its physical counterpart, while adding enhanced security against forgery and convenient portability.
The adoption of ISO/IEC 18013-5 is a significant step toward global digital identity frameworks. It is increasingly being piloted and enacted by government agencies worldwide as the foundation for official mobile driver's licenses. Furthermore, its design principles of verifiable credentials and minimal disclosure make it a influential blueprint for other forms of digital identity beyond driving permits, contributing to broader ecosystems like decentralized identity (SSI) and secure age verification.
etymology
ISO/IEC 18013-5
Origin and Standardization
The technical foundation for mobile driver's licenses (mDLs) is established by a formal international standard, ensuring global interoperability and security.
ISO/IEC 18013-5 is an international technical standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that defines the requirements for a mobile driving license (mDL). It specifies the data structure, security mechanisms, and communication protocols that allow a driver's license to be securely stored and presented from a mobile device. The standard's primary goal is to enable interoperability, ensuring an mDL issued in one jurisdiction can be reliably verified by a relying party (e.g., a police officer or a merchant) in another, using a standardized verification process.
The development of this standard was driven by the global need for a secure, privacy-preserving alternative to physical plastic cards. It builds upon the data elements defined in its predecessor, ISO/IEC 18013-2, which outlines the physical driver's license specifications. A core innovation of Part 5 is its support for selective disclosure, allowing the mDL holder to reveal only specific, necessary attributes (like age verification) without exposing their entire license data. This is achieved through cryptographic techniques, enhancing user privacy and data minimization.
The standard defines two primary operational models: the proximity model, which uses near-field communication (NFC) or Bluetooth for device-to-device data transfer, and the remote model for online verification. It meticulously details the mDL data format, the mDL reader requirements, and the authentication protocols that prevent forgery and replay attacks. By providing this common technical blueprint, ISO/IEC 18013-5 has become the foundational document guiding government implementations, technology vendors, and verifier ecosystems worldwide, moving digital identity credentials from proprietary solutions to a unified, global framework.
key-features
MOBILE DRIVER'S LICENSE STANDARD
Key Features of ISO/IEC 18013-5
ISO/IEC 18013-5 is the international technical standard that defines the data model and security mechanisms for a Mobile Driving License (mDL). It enables a driver's license to be stored and presented digitally from a smartphone.
01
Device-Centric Data Presentation
The core principle of ISO/IEC 18013-5 is that the user's mobile device is the primary Data Holder. The standard defines a secure, standardized method for the device to present verified identity data to a Verifier (e.g., a police officer or a kiosk) without the data passing through a central server. This preserves user privacy and control.
02
Selective Disclosure & Data Minimization
A key privacy feature is the ability for the user to share only the specific data elements required by the Verifier. For example, a user can prove they are over 21 by cryptographically revealing only their Date of Birth and Portrait, without disclosing their full name or address. This is enforced through the standard's data structures and cryptographic protocols.
03
Barcode (QR/NFC) & Bluetooth LE Protocols
The standard specifies two primary communication protocols for data transfer between the mDL device and the Verifier:
- Barcode (QR Code): A visual, proximity-based method where the Verifier scans a dynamically generated QR code.
- Near Field Communication (NFC) & Bluetooth Low Energy (BLE): Wireless methods for contactless, peer-to-peer data exchange, offering higher data capacity and more interactive sessions.
04
Cryptographic Integrity & Authenticity
Every data presentation is cryptographically signed. The mDL device generates a Device Authentication signature, proving the data came from a genuine, unaltered mDL instance. For higher assurance, the standard also supports Issuer Authentication, where the issuing authority (e.g., the DMV) signs the core data, allowing the Verifier to cryptographically verify its authenticity offline.
05
Mandatory & Optional Data Elements
The standard defines a precise data model. Mandatory elements include:
- Portrait (facial image)
- Family name, Given name(s)
- Date of birth, Date of expiry
- Issuing country, Document number
Optional elements can include address, driving privileges (vehicle categories), and restrictions, allowing jurisdictions to implement their specific requirements within the global framework.
06
Offline-First Verification
ISO/IEC 18013-5 is designed for offline-capable verification. A Verifier does not need a live internet connection to validate the cryptographic proofs of an mDL presentation. This is critical for use cases like traffic stops or age verification in areas with poor connectivity. Online status checks can be an optional supplemental feature.
how-it-works
INTERNATIONAL STANDARD
How ISO/IEC 18013-5 Works
ISO/IEC 18013-5 is the technical standard that defines the data structure and communication protocols for mobile driver's licenses (mDLs), enabling secure digital identity verification using smartphones.
The standard specifies how an mDL (mobile driver's license) is created, stored, and presented. It defines a standardized data model for identity attributes—such as name, date of birth, and portrait—that can be shared from a holder's device to a verifier. This is achieved through a QR code or Near Field Communication (NFC) connection, which establishes a secure, encrypted data channel. The core mechanism ensures the verifier receives only the specific data elements the holder consents to share, a principle known as data minimization.
At the heart of the protocol is the ISO mDL Data Model, which structures identity data into a machine-readable format. This model includes mandatory and optional data groups, cryptographic security elements, and device authentication mechanisms. When a verification request is initiated, the mDL app on the holder's device creates a signed data structure that includes the requested attributes and proof that the data originated from an authorized, genuine mDL. This process leverages Public Key Infrastructure (PKI) to ensure the data's integrity and authenticity, preventing tampering and forgery.
The standard supports two primary operational modes: device retrieval and proximity-based transfer. In device retrieval, the verifier scans a QR code displayed by the holder, which contains a session establishment payload. In proximity transfer, an NFC tap initiates the secure data exchange. Both methods allow for selective disclosure, where the holder can choose to share only their age category instead of their exact birth date, for example. This balances verification needs with privacy protection.
For a verification to be trusted, the Issuer (e.g., a state DMV) must digitally sign the mDL data during issuance. The verifier's system must then validate this signature against a trusted root certificate from the issuing authority. The standard also defines Device Authentication to prove the mDL is presented from a genuine, secure element on the holder's registered device, not a screenshot or copied data file. This multi-layered cryptographic verification is what makes an ISO 18013-5 mDL a reliable digital credential.
Implementation of ISO/IEC 18013-5 enables a wide range of use cases, from age verification at retail points-of-sale to streamlined airport security checks and online identity proofing. Its interoperability is key; a standard-compliant mDL issued in one jurisdiction should be verifiable by a compliant reader in another. The protocol's design aligns with broader Self-Sovereign Identity (SSI) principles by giving individuals control over their personal data while providing a high-assurance, globally recognized standard for digital identity.
examples
MOBILE DRIVER'S LICENSE (MDL) STANDARD
Examples and Implementations
ISO/IEC 18013-5 defines the technical mechanisms for a globally interoperable mobile driver's license (mDL). These cards detail its core components and real-world application scenarios.
01
Device Retrieval & Data Presentation
This is the core data exchange protocol. It defines how a Verifier (e.g., a police officer's device or a point-of-sale terminal) requests and receives specific Data Elements (name, date of birth) from a Holder's mDL. The process uses Near Field Communication (NFC) or Bluetooth Low Energy (BLE) for proximity-based, secure transfer. The Holder must explicitly consent to share each requested element.
02
Mandatory & Optional Data Elements
The standard specifies a precise schema for mDL data. Mandatory elements include the document's issuing authority, number, and expiry date. Optional elements cover a wide range, such as:
- Portrait image and biographical data (name, date of birth)
- Driving privileges (vehicle categories, restrictions)
- Additional national-specific attributes (e.g., organ donor status) This structured format ensures global interoperability while allowing regional customization.
03
Holder-Authorized Data Minimization
A key privacy feature is Selective Disclosure. The Verifier requests specific data elements, and the Holder's wallet can choose to share only what is required. For an age check, only a "Over 21" Boolean attestation might be shared, not the actual birth date. This principle of data minimization is enforced cryptographically, preventing the Verifier from extracting more information than authorized.
04
Cryptographic Security & Integrity
The mDL's authenticity and integrity are protected using ISO/IEC 18013-5 Device Authentication. This involves:
- Device Signed Objects (DSOs): Data elements are signed by the issuing authority.
- Mobile Security Object (MSO): A cryptographic container that binds the data to the specific mobile device, preventing cloning.
- Reader Authentication: Optional mutual authentication ensures the Holder's device is communicating with a legitimate Verifier.
05
Real-World Verification Scenarios
mDLs are designed for both online and offline use cases:
- Law Enforcement Traffic Stop: Officer uses an approved reader device to wirelessly verify license validity and portrait match via NFC.
- Age-Restricted Purchase (Retail): Cashier's terminal requests an "Over 18" attestation via BLE, receiving a cryptographically verified yes/no response.
- Car Rental Kiosk: The kiosk (Verifier) requests name, license number, and driving privileges to automate the rental agreement.
COMPARISON
mDL vs. Other Credential Formats
A technical comparison of the ISO/IEC 18013-5 mobile driver's license (mDL) standard against other common digital credential formats.
| Feature / Attribute | ISO/IEC 18013-5 mDL | W3C Verifiable Credentials (VCs) | Physical Credentials (e.g., Plastic ID) |
|---|---|---|---|
Primary Standardization Body | ISO/IEC (International Organization for Standardization) | W3C (World Wide Web Consortium) | National/Regional Authorities |
Cryptographic Proof Mechanism | ISO/IEC 18013-5 Device Engagement & Data Retrieval | Linked Data Proofs (e.g., JWT, Data Integrity) | Physical Security Features (Holograms, UV Ink) |
Holder's Data Control (Selective Disclosure) | |||
Offline / Proximity Verification | |||
Global Interoperability Focus | |||
Tamper-Evident Storage | |||
Hardware-Bound (e.g., Secure Element) | |||
Typical Issuance Authority | Government DMVs | Decentralized Identifiers (DIDs) or Organizations | Government DMVs |
security-considerations
ISO/IEC 18013-5
Security and Privacy Considerations
ISO/IEC 18013-5 is an international standard defining the technical requirements for mobile driver's licenses (mDLs), with a core focus on security and user privacy. It enables secure, offline verification of identity attributes without exposing unnecessary personal data.
01
Selective Disclosure
The mDL holder can choose which specific data fields to share with a verifier, rather than presenting the entire document. For example, a user could prove they are over 21 by sharing only their birth date and photo, while concealing their address and driver's license number. This is enforced cryptographically, preventing the verifier from accessing any unrequested information.
02
Device Authentication & Data Integrity
The standard uses public key cryptography to ensure the mDL data originates from a legitimate issuer and has not been tampered with. The mDL app on the holder's device signs the disclosed data. The verifier uses the issuer's public key to cryptographically verify the signature's authenticity and the integrity of every data element presented.
03
Privacy-Preserving Authentication
To prevent tracking, the standard supports mechanisms that avoid correlating multiple presentations by the same holder. Techniques like session-specific public keys or zero-knowledge proofs can be used. This ensures a user verifying their age at two different bars cannot be linked by the verifiers based on a persistent identifier from the mDL.
04
Holder Binding & Presentation Attack Detection
The standard ensures the person presenting the mDL is its legitimate holder. This is achieved through biometric verification (e.g., Face ID, fingerprint) on the holder's device before data release. For high-assurance scenarios, the verifier may also perform a liveness check or compare the holder's live photo to the portrait in the mDL data.
05
Offline-First Operation
A key security feature is the ability to verify an mDL without an internet connection. All necessary cryptographic proofs and issuer certificates are packaged with the data. This eliminates reliance on a central database query during verification, reducing attack surfaces and protecting holder privacy by not creating a verification log on a remote server.
ISO/IEC 18013-5
Frequently Asked Questions (FAQ)
Common questions about the ISO/IEC 18013-5 standard, also known as the mDL (mobile Driver's License) standard, which defines a secure, privacy-preserving method for presenting digital identity credentials.
ISO/IEC 18013-5 is an international standard that defines the technical requirements for a mobile driver's license (mDL), enabling a smartphone to securely present a digital version of a government-issued identity document. It specifies a data model, security protocols, and communication methods for mDL issuance, storage, and verification. The standard is designed to be interoperable across jurisdictions and device platforms, using Near Field Communication (NFC) and Bluetooth Low Energy (BLE) for wireless data transfer. It emphasizes user privacy through selective disclosure, where the holder can reveal only specific data attributes (e.g., age over 21) instead of the entire document.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall