A remote identity verification serves the same purpose as a physical face-to-face identity verification. As such, a remote identity verification service makes it possible to check that the identity document presented by the user is authentic and that the user is the legitimate holder.
The main threat during identity verification, whether face-to-face or remote, is that of identity theft. A remote identity verification service is therefore exposed to the same risks as a face-to-face identity verification, but also, by its very nature, to specific risks (digital manipulation of images (deepfakes), injection of fraudulent data, repeated and massive attempts at identity theft, use of masks, etc.).
In response to these risks, ANSSI has produced a set of rules and recommendations gathered in the remote identity verification service provider (PVID – prestataire de vérification d’identité à distance) rule set. The requirements expressed by this rule set concern the service provider and the information system security allowing the remote identity verification service to be provided. It aims to create a robust remote identity verification service offer that meets the need for trust of users, clients of such services, and regulators. This rule set certifies the implementation of the relevant fraud reduction measures by the certified services based on two assurance levels: substantial and high.
The development of this reference rule set is part of the work carried out in collaboration with the Directorate General of the Treasury (DGT) for the certification of remote business contact services under decree no. 2020-118. Beyond this specific sectoral need, this rule set constitutes the basis of the unified evaluation scheme for remote identity verification services, whatever the assurance level (substantial and high) and whatever the regulatory framework. Trust services and electronic identification means using remote identity verification will therefore have to comply with it.
The purpose of this rule set is therefore to allow:
Fully aware of the sector’s expectations in this area and of the impact of this new evaluation activity, based on the requirements of the PVID rule set, ANSSI published various documents on 1 April to enable service providers wishing to submit their services for evaluation to formalise their requests to ANSSI.
In order to be considered for certification, the service provider must submit a certification request form.
The certification request form and the associated certification process, specifying the technical procedure for the evaluation of a PVID in relation to ANSSI’s rule set, are available in the dedicated section.
For any questions relating to the PVID requirements rule set published by ANSSI, the point of contact is the one indicated in the document concerned.
Preliminary questions for a compliance or qualification certification request should be addressed to ANSSI’s Industrial Policy and Assistance office.
Compliance or qualification certification requests should be addressed to ANSSI’s Qualification and Approval office.