By Juliana Cafik, Independent Identity Standards & Solutions Architect. Juliana is also a contributor to the OIDF NIST NCCoE Project for mDL and Lead Editor of an extension to the OpenID Foundation’s OIDC4IDA Claims Registration.  

The NIST NCCoE Mobile Driver’s Licenses (mDL) Project (Special Publication 1800-42) marks a watershed moment for financial sector security, replacing passive data collection with a definitive roadmap for verifiable identity.

By illustrating how mDL-based processes align with existing compliance requirements, the guidance shifts the narrative from ‘reactive’ audit defense to ‘proactive’ confidence in the Customer Identification Program (CIP). This approach emphasizes trust and strength at the “front door” minimizing risk during digital onboarding. Grounded in a government-backed trust anchor and based on NIST 800-63-4 identity assurance, the NIST architecture provides the machine-readable evidence to streamline digital onboarding, power risk-based decisions and meet evolving regulatory requirements.

We are at a critical juncture where financial institutions face an unprecedented escalation in synthetic identity fraud, sophisticated deepfakes, and automated, agentic AI attacks that render traditional image-based verification obsolete. mDLs are cryptographically verifiable identity evidence that is signed by the authoritative source – State Department of Motor Vehicles (DMV) – and verified by financial institution relying parties. The framework in NIST SP 1800-42 provides the foundation for the transparency and accountability essential for widespread mDL adoption and modern oversight.

NIST SP 1800-42A is now open for public comment until May 8th, and NIST will host a webinar April 23rd. OpenID Foundation community members wishing to submit feedback via the Foundation can do so by contacting director@oidf.org.  

This practice guide represents nearly two years of dedicated collaboration among NIST experts, leading financial institutions, state DMVs, non-profits, the OpenID Foundation,  major technology companies and wallet providers. Together, this cross-industry collaboration is working “to help FIs implement standards and best practices using commercially available technology and realize the security, privacy, usability, reliability and compliance benefits that can result from the FI mDL deployment,” as stated in the report’s Executive Summary.

The OpenID Foundation is proud not only to have participated in the NIST NCCoE Project and contributed to the report, but to have co-hosted several interoperability events with NIST and industry partners. By testing the standards against real-world digital wallets and enterprise infrastructures, we are maturing the underlying specifications, proving out interoperability, and identifying gaps in knowledge, specifications, security, privacy and assurance in implementation. It is the collaboration across government, finance, standards and technology that will help unblock and secure financial industry adoption of high assurance digital identity credentials in the US and globally.  

OpenID Foundation standards included in the report   

Central to the architecture defined by the NIST NCCoE are several protocols that support the framework:

• OpenID for Verifiable Presentation 1.0
• High Assurance Interoperability Profile 1.0 
• OpenID Connect. 

These standards were validated through interoperability events and NIST technical evaluations, using OpenID Connect to facilitate the asynchronous processes required for financial institution account onboarding. 

Guided by its Board and expert contributors, the OpenID Foundation is building on the groundwork established by the NIST NCCoE project and SP 1800-42A. The objective is to define the identity claims and values required to support sector and jurisdictionally independent high-assurance KYC processes. This aligns directly with NCCoE participant feedback, which highlighted a critical need to convey identity proofing assurance from issuers to Relying Parties (RPs). By extending the OpenID Identity Assurance Schema Definition 1.0 and OpenID Connect for Identity Assurance Claims Registration 1.0, this framework will help establish a defensible "reasonable belief" of a customer's identity.

This new work item is officially hosted in the eKYC & IDA Working Group. This effort incorporates preliminary engagement with other Standards Development Organizations (SDOs) at the Internet Identity Workshop (IIW) Conference, with future alignment planned alongside ISO/IEC SC17 WG10. Individuals, governments, and organizations are highly encouraged to join the Foundation’s eKYC & IDA WG to collaborate globally in pressure-testing this framework and expressing it as a formal specification. Participation is open to all. Anyone can contribute at no cost by signing a Contribution Agreement, which ensures contributions are covered by the appropriate legal protections for the benefit of the wider community.

Global relevance  

As Dima Postnikov, Vice Chair of the OpenID Foundation said, “Globally, many financial institutions, telecommunications providers, and companies in other regulated industries are preparing to begin accepting MDLs. For them to start relying on this document, they need additional information to ensure they are compliant with their obligations. This report from NIST and a new work item in the eKYC working group are important pieces of work, not just for MDL adoption but for any credential and for digital identity reliance in general.” We anticipate that other jurisdictions are rapidly reaching similar conclusions. 

Based on initial consultation with four jurisdictions on the new work item in the eKYC and IDA WG, there is clear interest in how protocols can support FIs, and other critical sectors, in their markets and in pursuing a global standards approach that can support local and cross-border goals.  

The OpenID Foundation and its peer co-organizers identified the importance of the “open a bank account” use case with digital credentials  as a co-organizer of SIDI Hub. SIDI Hub convened 45+ countries in 7 summits over 2 years on 4 continents. One of the findings was a strong appetite for domestic and cross-border interoperability of digital identity to deliver champion use cases like “opening a bank account” but key stumbling blocks were what banks globally needed, and how to convey that information at the protocol level. The combination of the NIST report and the new OIDF work item provides a pathway forward. 

At the regional level, the EU is seeking to enable all FIs in Europe to accept verifiable credentials from EU Digital Identity Wallets (EUDIW) by the end of 2027, enabling regional interoperability, so this work is especially well timed for their regional objectives.

The benefits of using verifiable digital credentials are becoming increasingly clear to jurisdictions pursuing digital wallet and verifiable digital credentials (VDC) architecture. As they do, we anticipate wider appreciation of how FIs and consumers can benefit from streamlined and more inclusive use cases like account opening, but also higher potential to mitigate new threats posed by AI cyberattacks.  

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 - the FAPI standard for interoperable, high security - has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.