PVID certification
What is PVID?
The PVID (Prestataire de Vérification d'Identité à Distance) standard, published by ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), defines the security and organizational requirements to be met by service providers offering an online identity verification service. The aim is to guarantee a level of reliability equivalent to in-person identity verification, despite the specific risks associated with the digital environment (document fraud, deepfakes, presentation attacks, etc.).
PVID certification, often used to issue eIDAS-qualified certificates or as part of the certification of Means of Electronic Identification (MIE), is based on :
- Assessment of the service's compliance with the organizational and technical requirements of the standard.
- Extensive efficiency tests on biometrics and identity documents.
What are the challenges of PVID certification?
Obtaining PVID qualification is a major asset for Service Providers and their customers, offering concrete benefits:
- Proof of maximum reliability : Attest to the robustness of your identification service in the face of fraud and impersonation attempts.
- Regulatory compliance: Meet the national requirements of ANSSI, the French cybersecurity authority.
- Access to sensitive markets: Enable the use of your solution for the issuance of eIDAS-qualified electronic certificates and high warranty requirements.
- Enhanced user experience: Offer a 100% paperless customer experience without compromising security.
- Competitive advantage: Stand out in the market with an official, government-recognized qualification.
- Future interoperability: Position yourself ahead of emerging European standards for remote identity verification (e.g. ETSI TS 119 461).
How does PVID certification work?
The certification scheme for Remote Identity Verification Service Providers (PVID) was opened on April 1, 2021, following the publication by the Agence Nationale de Sécurité des Systèmes d'Information (ANSSI) of the requirements repository drawn up jointly with the Direction Générale du Trésor.
Over and above a specific sectoral need, this repository forms the basis of a unified assessment scheme for remote identity verification services, whatever the level of guarantee (substantial or high) and whatever the regulatory framework.
This certification is aimed at all types of companies or services whose activity is remote identity verification, or who plan to develop this activity in a broader context.
This certification is issued on the basis of three types of assessment work:
- Service conformity assessment
- Computer and physical testing of the service's biometric efficiency
- Tests of the service's effectiveness in terms of identity documents (carried out by the administration).
Certification attests to the service provider's compliance with :
- contractual aspects, legislation and regulations, and impartiality
- protection of information
- the quality and security of its verification processes
- The competence of its auditors for qualified activities
- the reliability of the electronic identification system used to acquire verification data.
- Certification is issued for two years, without the need for monitoring (but may be subject to ANSSI inspection). A full audit is required every two years to renew and maintain certification.
LSTI and CLR Labs, in association, offer all three types of work: conformity assessment (LSTI) and IT and physical assessment of the biometrics component's effectiveness.
Why choose LSTI?
Recognized expertise
Specialized auditors
