The Digital Identity and Compliance Glossary

Over 50,000 regulated businesses must accept EU Digital Identity Wallets starting next year. Trinsic is the simplest way to accept them — verify EUDI credentials through the same API you already use for 50+ countries of digital IDs.

64 of 64 terms

Identity acceptance

Acceptance model

Identity acceptance is the ability of a business to take in and trust a digital ID a person already holds, instead of making them prove who they are from scratch. Verification creates a new proof; acceptance reuses an existing one, which is faster for the user and cheaper for the business.

See Trinsic coverage →

Identity acceptance network

Acceptance model

An identity acceptance network is infrastructure that connects a business to many digital ID systems at once, so one integration reaches dozens of eIDs, wallets, and credentials across countries. It solves fragmentation: without it, a company would integrate each national scheme one by one.

See the network →

Relying party (RP)

Acceptance model

A relying party is the business that needs to verify someone and therefore relies on an identity credential to do it. A bank onboarding a customer, a marketplace vetting a seller, and a retailer checking age are all relying parties. In the EUDI world, relying parties must register before requesting wallet data.

Identity verification (IDV)

Acceptance model

Identity verification confirms that a person is who they claim to be, traditionally by checking a document and matching a live selfie to it. It answers whether this is a real, valid identity and whether this is the person presenting it. Acceptance builds on top of IDV by reusing identities already verified once.

Reusable identity

Acceptance model

Reusable identity is a verified identity a person can present again and again without redoing the full check each time. Once verified, it is held in a wallet or account and reused across services, cutting onboarding friction and fraud. It is the model behind bank IDs like BankID and itsme.

See coverage →

Broker or intermediary

Acceptance model

A broker, or intermediary, sits between a relying party and an identity source, translating one request into the many protocols each source speaks. In some markets, rules require a registered intermediary to connect to a national scheme. Trinsic acts as this layer so a business does not have to.

Orchestration

Acceptance model

Orchestration is the routing logic that decides which identity method to use for a given user, country, or risk level, and falls back to another if the first is unavailable. Good orchestration lifts conversion by always offering a method the user can actually complete.

Coverage

Acceptance model

Coverage is the set of countries and identity methods a provider can actually verify against. It is the honest measure of an acceptance network: not how many logos are on the page, but how many real users in how many markets you can verify today.

Explore coverage →

Digital ID

Digital ID types

A digital ID is an electronic credential that proves attributes about a person, such as name, date of birth, or nationality, in a way a business can trust. It can live in a government app, a bank login, a mobile wallet, or a smart card, and can range from a full identity to a single attribute.

Types of digital IDs (docs) →

eID (electronic identity)

Digital ID types

An eID is a government-recognized digital identity used to log in and prove who you are online, often issued or accredited by a national scheme. Examples include Sweden BankID, Belgium itsme, and Estonia ID-kaart. Adoption is high where the private sector drives it: BankID reaches about 97 percent in Norway.

See eID coverage →

Mobile driver's license (mDL)

Digital ID types

A mobile driver's license is a driver's license issued to a phone as a cryptographically signed credential, built to ISO/IEC 18013-5. It can prove identity or a single fact like age, in person or online. US state rollouts and Apple, Google, and Samsung wallets are driving adoption.

Age assurance solution →

EUDI Wallet (European Digital Identity Wallet)

Digital ID types

The EUDI Wallet is the EU official digital identity wallet, mandated by eIDAS 2.0, that every member state must offer citizens. It holds a verified identity plus attestations like diplomas or age, presented selectively. Businesses in regulated sectors will be required to accept it as rollout proceeds through 2026 and 2027.

Understand EUDI →

Bank ID

Digital ID types

A bank ID is a digital identity issued through the banking system and reused to log in and verify identity elsewhere. Because banks already run strong know-your-customer checks, bank IDs carry high assurance and near-universal reach in some markets, such as itsme in Belgium at roughly 80 percent.

Fintech and KYC →

Government wallet

Digital ID types

A government wallet is a state-issued app that holds official credentials such as a national ID, driver's license, or residence permit. EUDI wallets, US state mDL wallets, and national apps like Singapore Singpass are examples. They matter because they carry government-level assurance.

OEM wallet

Digital ID types

An OEM wallet is a digital wallet built into a device platform, namely Apple Wallet, Google Wallet, and Samsung Wallet. OEM wallets are becoming a primary place people store mDLs and other credentials, which makes device-native acceptance a growing requirement.

National ID

Digital ID types

A national ID is the identity credential a country issues to residents, increasingly with a digital form. Coverage and openness vary widely: some national IDs can be queried by businesses, others are restricted to government use.

Verifiable credential (VC)

Digital ID types

A verifiable credential is a tamper-evident digital credential whose authenticity can be checked cryptographically, without calling back to the issuer. The W3C Verifiable Credentials data model is the common standard. VCs let a person prove a claim while the verifier trusts the signature rather than a central lookup.

Digital credential

Digital ID types

A digital credential is any signed electronic statement about a subject, from a full identity to a single attestation like a professional license or an age proof. It is the general category that verifiable credentials, mdocs, and SD-JWTs all fall under.

PID (Person Identification Data)

Digital ID types

PID is the core identity data set inside an EUDI Wallet: the attributes that establish who you are, such as name, date of birth, and a unique identifier. PID is the foundation other attestations attach to.

Understand EUDI →

mdoc

Digital ID types

An mdoc is the ISO-standard credential format used by mobile driver's licenses and related documents, defined under ISO/IEC 18013-5. It is optimized for offline, in-person presentation as well as online use under 18013-7.

eIDAS

Regulation & compliance

eIDAS is the EU regulation that gives electronic identification and trust services legal standing across member states. The original 2014 regulation created recognized national eIDs and qualified signatures. Its successor, eIDAS 2.0, introduces the EUDI Wallet.

Understand EUDI →

eIDAS 2.0

Regulation & compliance

eIDAS 2.0 is the 2024 update to eIDAS that mandates a European Digital Identity Wallet for every member state and, crucially for business, requires many private-sector relying parties to accept it. It shifts digital identity in Europe from optional to expected.

Get EUDI-ready →

AMLR (Anti-Money Laundering Regulation)

Regulation & compliance

AMLR is the EU single, directly applicable anti-money-laundering rulebook, replacing the patchwork of national transpositions with one standard. It applies from July 2027 and tightens customer due diligence for banks, fintechs, and crypto. For those firms, verifying identity to a common high bar becomes mandatory.

Fintech and KYC →

AML (anti-money laundering)

Regulation & compliance

AML is the body of law and process that stops criminals from disguising illicit funds as legitimate income. In practice it means verifying who your customers are, monitoring their transactions, and reporting suspicious activity. Identity verification is the front door of any AML program.

KYC (Know Your Customer)

Regulation & compliance

KYC is the requirement to verify a customer identity before and during a business relationship, core to financial regulation worldwide. It typically means confirming identity, screening against watchlists, and assessing risk. Strong digital IDs make KYC faster and harder to fake.

Fintech and KYC →

KYB (Know Your Business)

Regulation & compliance

KYB is KYC applied to companies: verifying that a business is real, legitimate, and controlled by the people it claims. It includes confirming registration, ownership, and the identity of beneficial owners and signatories. It is central to onboarding business customers and marketplace sellers.

CDD (customer due diligence)

Regulation & compliance

Customer due diligence is the risk-based process of identifying a customer, understanding the purpose of the relationship, and monitoring it over time. Enhanced due diligence applies to higher-risk cases. CDD is the operational heart of AML compliance.

Age assurance

Regulation & compliance

Age assurance is the umbrella term for confirming a person meets an age requirement, spanning everything from self-declaration to hard verification. Regulators increasingly demand methods that are accurate and privacy-preserving. A digital ID can prove someone is over 18 without revealing a birth date.

Age assurance solution →

Age verification

Regulation & compliance

Age verification is the stricter end of age assurance: proving a specific age or age band from a trustworthy source rather than estimating or asking. Digital IDs and mDLs suit it well because they can attest age as a single verified fact.

Age assurance solution →

Online Safety Act (UK)

Regulation & compliance

The Online Safety Act is UK law requiring platforms to protect users, including enforced age checks for services hosting adult or harmful content. Enforcement began in 2025, with the regulator Ofcom opening investigations and issuing fines. It is a live driver of age-verification demand.

UK solution →

Digital Services Act (DSA)

Regulation & compliance

The DSA is the EU law governing how online platforms handle illegal content, transparency, and user protection. For marketplaces it includes trader verification duties, which pull identity checks into e-commerce onboarding.

Marketplaces solution →

INFORM Consumers Act

Regulation & compliance

The INFORM Consumers Act is US law requiring online marketplaces to verify high-volume third-party sellers, aimed at curbing the sale of stolen and counterfeit goods. It makes seller identity verification a compliance requirement, not a choice.

Marketplaces solution →

GDPR

Regulation & compliance

GDPR is the EU data protection regulation, setting rules for how personal data is collected, used, and stored. It rewards data minimization, which is exactly what selective disclosure from a digital ID delivers: prove what is needed, share nothing more.

DORA (Digital Operational Resilience Act)

Regulation & compliance

DORA is the EU regulation requiring financial firms to withstand and recover from technology disruptions, including risks from third-party providers. It matters to identity because verification vendors become part of a regulated firm operational-resilience obligations.

PSD2 and SCA

Regulation & compliance

PSD2 is the EU payments directive, and strong customer authentication (SCA) is its requirement that certain transactions be confirmed with two independent factors. eIDs and wallets are increasingly used to satisfy SCA, tying identity and payments together.

FATF

Regulation & compliance

The Financial Action Task Force is the global body that sets anti-money-laundering and counter-terrorist-financing standards, which countries then implement. FATF guidance shapes how digital identity is accepted for KYC worldwide.

PEP (politically exposed person)

Regulation & compliance

A PEP is someone in a prominent public role, or close to one, who therefore carries higher corruption and bribery risk. AML rules require enhanced due diligence for PEPs, so screening for PEP status is a standard onboarding step.

Sanctions screening

Regulation & compliance

Sanctions screening checks a person or business against government watchlists of restricted parties, at onboarding and continuously. Reliable identity data is what makes screening accurate rather than a source of false matches.

Right to work

Regulation & compliance

Right to work is the requirement to confirm a person is legally permitted to work in a jurisdiction before employing them. In the UK it can now be satisfied through certified digital identity services, which is why employment platforms are adopting digital ID.

UK solution →

ISO/IEC 18013-5

Standards & technology

ISO/IEC 18013-5 is the international standard that defines the mobile driver's license, including how it is presented and verified in person and offline. It is why an mDL from one issuer can be read by a compliant verifier anywhere.

ISO/IEC 18013-7

Standards & technology

ISO/IEC 18013-7 extends the mDL standard to online, unattended presentation, so a mobile driver's license can verify identity over the web, not just in person.

OpenID4VP (OpenID for Verifiable Presentations)

Standards & technology

OpenID4VP is the open protocol for requesting and presenting verifiable credentials from a wallet to a verifier. It is a core building block of EUDI Wallet acceptance and of interoperable digital identity generally.

OpenID4VCI (OpenID for Verifiable Credential Issuance)

Standards & technology

OpenID4VCI is the companion protocol for issuing credentials into a wallet. Together with OpenID4VP it covers the two halves of a wallet ecosystem: getting credentials in, and presenting them out.

SD-JWT (Selective Disclosure JWT)

Standards & technology

An SD-JWT is a credential format that lets the holder reveal only chosen fields from a signed token while keeping the rest hidden, and lets the verifier still trust the signature. It is a leading format for privacy-preserving credentials, including in the EUDI ecosystem.

W3C Verifiable Credentials

Standards & technology

The W3C Verifiable Credentials data model is the open standard for expressing tamper-evident digital credentials on the web. It underpins much of the interoperable, wallet-based identity world.

Selective disclosure

Standards & technology

Selective disclosure is the ability to share only the specific facts a verifier needs, such as being over 18, without exposing the whole document. It is the mechanism behind privacy-preserving verification and a direct fit for data-minimization rules like GDPR.

Zero-knowledge proof (ZKP)

Standards & technology

A zero-knowledge proof lets someone prove a statement is true without revealing the underlying data, for example proving age is over 18 without disclosing the birth date. It is the strongest form of privacy-preserving verification.

Level of assurance (LoA)

Standards & technology

Level of assurance is the confidence that an identity is genuine and belongs to the person presenting it. eIDAS defines three levels: low, substantial, and high. Matching the assurance level to the risk of the transaction is the core design decision in any verification flow.

Assurance framework (docs) →

Biometric verification

Standards & technology

Biometric verification confirms a person by a physical trait, most commonly a face match between a live selfie and a document photo. It binds a real human to a credential, which is what stops a stolen document from being enough.

Liveness detection

Standards & technology

Liveness detection, also called presentation attack detection, checks that a biometric comes from a real, present person rather than a photo, mask, screen, or deepfake. It is what makes a selfie check trustworthy.

Presentation attack

Standards & technology

A presentation attack is an attempt to fool a biometric check with a fake artifact such as a printed photo, a replayed video, or a mask. Defending against it is the job of liveness detection.

Document verification

Standards & technology

Document verification checks that an identity document is genuine, unaltered, and valid, by inspecting security features, fonts, and data consistency. It is the traditional first step of IDV, and increasingly the fallback when a digital ID is not available.

NFC chip reading

Standards & technology

NFC chip reading verifies a passport or ID card by reading the cryptographically signed chip inside it with a phone. Because the chip data is signed by the issuing authority, it is far harder to forge than a photo of the document.

QES (Qualified Electronic Signature)

Standards & technology

A QES is the highest legal tier of electronic signature under eIDAS, carrying the same legal effect as a handwritten signature across the EU. It requires a verified identity behind it, which links signing to identity verification.

QEAA (Qualified Electronic Attestation of Attributes)

Standards & technology

A QEAA is an attestation of a specific attribute, such as a professional qualification, issued by a qualified trust service provider under eIDAS 2.0. It is how high-assurance claims beyond core identity travel inside the EUDI ecosystem.

EAA (Electronic Attestation of Attributes)

Standards & technology

An EAA is a non-qualified attestation of an attribute, the lighter-weight sibling of the QEAA. Both let a wallet carry verified facts about a person beyond their core identity.

Trust framework

Standards & technology

A trust framework is the set of rules, roles, and accreditation that lets parties who do not know each other trust the same credentials. The UK digital identity trust framework and the EUDI architecture are examples. It turns a pile of credentials into an ecosystem.

Digital Verification Services (DVS)

Standards & technology

DVS is the UK governance regime for accredited digital identity providers, giving certified services legal standing for uses like right to work and right to rent. Certification under it is what lets UK businesses rely on a digital ID.

UK solution →

Trust service provider (TSP)

Standards & technology

A trust service provider is an accredited entity that issues trust services such as qualified signatures, seals, or attestations under eIDAS. Qualified TSPs meet the highest bar and appear on national trusted lists.

Synthetic identity

Fraud & risk

A synthetic identity is a fabricated identity built by combining real and fake data, such as a real government number with an invented name. It is one of the fastest-growing fraud types because it does not map to a single real victim who would report it. Verifying against authoritative sources is the main defense.

Deepfake

Fraud & risk

A deepfake is AI-generated or AI-altered media, such as a synthetic face or voice, used to impersonate a real person or fabricate one. Deepfakes attack biometric checks directly, which is why liveness detection and government-backed credentials are becoming essential.

Account takeover (ATO)

Fraud & risk

Account takeover is fraud where an attacker gains control of a legitimate user account, usually through stolen credentials. Re-verifying identity at high-risk moments, rather than trusting a password, is the counter.

Identity fraud

Fraud & risk

Identity fraud is the use of someone else identity, or a fabricated one, to gain money, goods, or access. Stronger, government-backed digital IDs raise the cost of committing it because they are far harder to forge than documents and selfies.

Impersonation

Fraud & risk

Impersonation is pretending to be a specific real person to defeat a verification step. As generative AI makes impersonation cheap and convincing, verification is shifting toward cryptographically signed credentials that a fake face cannot satisfy.

Need more information?

Talk to Trinsic about accepting the worlds digital IDs through one API.

Contact Trinsic