United States of America: National Institute of Standards and Technology adopted Digital Identity Guidelines (NIST SP 800-63-4)

On 31 July 2025, the National Institute of Standards and Technology (NIST) adopted the updated version of the Digital Identity Guidelines (SP 800-63-4). The guideline applies to all organisations offering online services that require assurance in a user’s digital identity, including federal agencies, private-sector entities, and subnational governments. The guidelines introduce a risk-based, outcome-oriented framework centred on three assurance levels, particularly Identity (IAL), Authentication (AAL), and Federation (FAL), to manage identity proofing, authentication, and federation processes. Emphasising privacy, security, and user experience, the update encourages a customer-centric and flexible approach to digital identity management while aligning with the NIST Risk Management Framework. SP 800-63-4 supersedes the previous version SP 800-63-3 on Digital Identity Guidelines.