Compliance Frameworks
BaseID supports 7 compliance frameworks covering digital identity regulations across North America, Europe, Asia-Pacific, Africa, and the UK.
Framework overview
Section titled “Framework overview”| Framework | Region | Regulator | Key focus |
|---|---|---|---|
| PCTF | Canada | DIACC | Identity assurance (Level 1-3), consent, bilingual EN/FR, audit trails |
| eIDAS 2.0 | EU | European Commission | EUDI Wallets, PID, QEAA, Level of Assurance, mandatory by Dec 2026 |
| HAIP | Global | OpenID Foundation | High Assurance Interoperability Profile for OpenID4VC — format + algorithm constraints |
| NIST 800-63 | US | NIST | Identity Assurance Levels (IAL1-3), Authentication Assurance Levels (AAL1-3) |
| TDIF | Australia | DTA | Trusted Digital Identity Framework, Identity Proofing (IP1-3), accreditation |
| MOSIP | Africa/Asia | MOSIP Foundation | Open-source identity platform, offline QR, low-connectivity, 9+ country deployments |
| DIATF | UK | DSIT | Digital Identity and Attributes Trust Framework, 5 service roles, ISO 17065 certification |
Assurance level cross-mapping
Section titled “Assurance level cross-mapping”All frameworks define assurance levels that map to each other:
| Level | PCTF | eIDAS | NIST | TDIF | DIATF | Meaning |
|---|---|---|---|---|---|---|
| Low | Level 1 | Low | IAL1 | IP1 | Low | Self-declared identity. Minimal verification. |
| Substantial | Level 2 | Substantial | IAL2 | IP2 | Medium | Government-issued ID verified. Database checks. |
| High | Level 3 | High | IAL3 | IP3 | High | In-person or biometric verification. Highest confidence. |
What each level requires
Section titled “What each level requires”| Level | Typical evidence | Verification method |
|---|---|---|
| Low | Email, phone, self-declared name | Possession check (email link, SMS code) |
| Substantial | Government photo ID | Remote document verification, database check |
| High | Government photo ID + biometrics | In-person proofing, biometric match, supervised video |
PCTF (Pan-Canadian Trust Framework)
Section titled “PCTF (Pan-Canadian Trust Framework)”Canada’s framework for digital identity, published by DIACC.
Key requirements
Section titled “Key requirements”- Identity Assurance: Levels 1-3 aligned with evidence strength
- Consent Management: Explicit consent lifecycle — record, query, revoke
- Audit Trail: Tamper-evident hash-chained logs
- Bilingual: All outputs available in English and French
- Privacy: Data minimization principles
BaseID coverage
Section titled “BaseID coverage”baseid-pctfcrate:AssuranceLevelEvaluator,ConsentManager,AuditLog,PctfValidator,ReportBuilder(58 tests)- Cloud API:
GET /v1/compliance/report?framework=pctf
eIDAS 2.0 (EU Digital Identity)
Section titled “eIDAS 2.0 (EU Digital Identity)”The EU regulation mandating EUDI Wallets for all member states by December 2026.
Key requirements
Section titled “Key requirements”- PID (Person Identification Data): Mandatory attributes — family_name, given_name, birth_date
- QEAA: Qualified Electronic Attestation of Attributes
- Level of Assurance: Low, Substantial, High
- Trust Lists: Trusted issuer registries per member state
- Formats: SD-JWT VC and mso_mdoc (via HAIP)
BaseID coverage
Section titled “BaseID coverage”baseid-eidascrate:EuPid,LoaMapping,QeaaValidator,TrustList(14 tests)- Cloud API:
GET /v1/compliance/report?framework=eidas
HAIP (High Assurance Interoperability Profile)
Section titled “HAIP (High Assurance Interoperability Profile)”OpenID Foundation’s profile constraining OID4VCI/VP for high-assurance use cases.
Constraints
Section titled “Constraints”| Parameter | Allowed values |
|---|---|
| Credential formats | dc+sd-jwt (SD-JWT VC), mso_mdoc (mDL) |
| Signing algorithms | ES256, ES384, ES512, EdDSA |
| Client ID schemes | x509_san_dns, x509_san_uri, verifier_attestation |
| Response modes | direct_post |
| Proof types | jwt |
BaseID coverage
Section titled “BaseID coverage”baseid-haipcrate:HaipProfile::v1(), format/algorithm/scheme validators (12 tests)- Cloud API:
POST /v1/compliance/haip/validate
NIST 800-63 (US Federal Identity)
Section titled “NIST 800-63 (US Federal Identity)”US federal standard for digital identity proofing and authentication.
Levels
Section titled “Levels”| Level | Identity proofing | Authentication |
|---|---|---|
| IAL1 | Self-asserted | AAL1 — single factor |
| IAL2 | Remote or in-person with evidence | AAL2 — multi-factor |
| IAL3 | In-person with biometrics | AAL3 — hardware-bound MFA |
MOSIP (Modular Open Source Identity Platform)
Section titled “MOSIP (Modular Open Source Identity Platform)”Open-source identity platform deployed in 9+ countries across Africa and Asia.
Key features
Section titled “Key features”- Offline QR: Credential verification without internet
- Low connectivity: Designed for limited network environments
- Biometric binding: Optional face data in credentials
- Data sovereignty: Country-hosted deployments
BaseID coverage
Section titled “BaseID coverage”baseid-mosipcrate:OfflineCredential, QR encode/decode,verify_offline(16 tests)
See also
Section titled “See also”- Cloud: Compliance API — generate reports, manage consent
- Cloud: Console Compliance — dashboard guide
- Credential Formats — formats required by each framework
- Security Model — encryption and audit architecture