Home / Resources /

Compliance

Compliant & certified solutions you can rely on

Protect your business with our complete identity verification platform, including biometric and identity document verification, connection to data sources and advanced fraud detection.

/Company & Solutions

National Institute of Standards and Technology (NIST)

NIst

Veridas has been submitting its technologies to NIST evaluations since 2018 and continues to do so with the firm belief that constant scrutiny is the only way to maintain its position as a world leader in the biometric solutions market.

We are the only company in the world to be present at the NIST 1:1 and 1:N assessments in facial, and voice recognition (1:1)

The U.S. National Institute of Standards and Technology (NIST) is the world’s most trusted institution for biometric solutions. (NIST) is the most relevant institution in the standardization of biometric technologies. NIST conducts periodic evaluations of biometric engines submitted by different vendors to assess and provide unbiased rates of accuracy and performance in different environments.

NIST participation is entirely free and open to any vendor or institution.

✔ Proven technological accuracy and reliability
#2 in Face Biometrics – NIST FRVT 1:N
#2 in Voice Biometrics – SRE 21’, NIST

ISO 30107-3 iBeta

Veridas is compliant with ISO 30107-3 from iBeta. This confirms that the liveness detection and facial biometric identity verification technology has successfully passed all the demanding requirements regarding attacks in verifying individuals’ identities.

ISO/IEC 30107 refers to the detection of presentation attacks or, in other words, the detection of attempts to impersonate or deceive the system. For this purpose, Veridas solutions have active and passive anti-spoofing mechanisms (depending on whether or not they require user action).

All Veridas systems include anti-spoofing fraud prevention techniques. In addition, Veridas’ facial recognition system (das-Face) is compliant with iBETA ISO/IEC 30107-3 Levels 1 & 2.

Age Check Certification Scheme

Certified solution for Age Verification under the Age Verification Certification Scheme (ACCS) in the UK, attaining Assessment Assurance Level 2.

ISO 27001

ISO 27001 is the highest international standard for implementing, maintaining, and improving Information Security Management Systems (ISMS).

Veridas has obtained this ISO 27001 standard certification by having a complete information security management system in continuous improvement. The scope of this certification covers all activities and services offered by Veridas.

ISO 9001

ISO 9001 is defined as the internationally recognised standard for quality management systems (QMS), which provides a framework and enables organisations to meet expectations, customers and stakeholders.

The scope of this ISO9001 certification covers all processes of the companies comprising das-Nano Group, das-Nano Tech and Veridas.

das-Nano Group considers the quality of its products as its major responsibility and continuous improvement as one of the key elements of the company.

SOC2 Type 2

The services developed by Veridas are covered by the SOC 2 report. SOC 2 is a report based on the existing Trust Services Criteria (TSC) of the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA).

This report assesses an organisation’s information systems related to security, availability, processing integrity, confidentiality and privacy. The SOC 2 report includes a detailed description of more than 100 controls in place to protect the data processed in the services offered by Veridas solutions.
We periodically undergo an external audit to verify compliance with this standard.

SOC3

SOC 3 is intended to provide assurance over the controls of service organizations. These controls are designed to assess and address the risk associated with outsourced services, ensuring the security, availability, processing integrity, confidentiality and privacy of information.

Our SOC 3 report is a publicly accessible summary of the SOC 2 type 2 attestation report.and features the services auditor’s opinion, confirming our organization’s fair statement on the effectiveness of those controls.

National Security Scheme (Spain)

Veridas has obtained the certification in the National Security Scheme, with a scope that covers all the activities and services offered by Veridas.

The National Security Scheme (ENS), initially designed for the Spanish Electronic Administration and now also applied to all service providers to public entities, establishes the security policy in the use of electronic media and the basic principles and minimum requirements for adequate protection of information. 

Qualified Products Catalog (CCN) – Vídeo-identification Tools – Spain & Europe

Veridas’ biometric digital identity verification solution has been the first to obtain the qualification of the Spanish National Cryptologic Center (CCN), by accrediting compliance with all the security requirements included in Annex F.11 of the ICT Security Guide CCN-STIC-140, with ENS High category.

This solution consists of a validation of the identity document presented, a biometric comparison between the photo included in the document and a selfie of the person carrying the process, an active proof of life and a video identification process. In addition, the solution also includes a monitoring tool that enables manual review of all processes by an agent.

For the issuance of a qualified electronic certificates, eIDAS Regulation establishes the need for qualified electronic service providers (QTSPs) to perform an identity verification of the applicant. For this purpose, eIDAS Regulation establishes several ways of performing this identity verification, and in Spain Law 6/2020 allowed it to be performed by non face-to-face means. For this purpose, QTSPs must comply with the provisions of Order ETD/465/2021 (later updated by Order ETD/743/2022). Precisely, one of the requirements is that QTSPs must use a video-identification tool that has been qualified or certified by the National Cryptologic Center, accrediting compliance with the technical requirements of Annex F.11 of its Security Guide CCN-STIC-140.

SEPBLAC Authorizations (Spain)

Veridas - SEPBLAC

Dekra Testing & Certification has evaluated Veridas’ video-call and video-identification systems based on the requirements established in the authorizations issued by SEPBLAC (Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses), concluding that its technologies allow the implementation of a procedure following the requirements of these circulars and that they can accredit a level of security in terms of reliability equivalent to physical presence.

/Regulation

General Data Protection Regulation (Europe)

GPDR

The General Data Protection Regulation (GDPR) is the European regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The GDPR includes a series of principles and requirements that determine the correct processing of personal data, leading to the establishment of multiple policies, procedures, and good practice guidelines that Veridas has implemented and reinforced by its certifications in information security.

California Consumer Privacy Act (CCPA) – USA

California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) is a privacy law that regulates any business that may process the personal information of California residents, so in practice, it can affect companies anywhere in the U.S. or the world.

Veridas complies with the requirements set forth by the CCPA, which is strengthened by the data processing policies that Veridas applies in the provision of its services (controller control of how data is processed, no storage of personal data, etc.).

Personal data protection in Mexico

Veridas - INAI - Protección de Datos México

Veridas complies with the requirements established by the Mexican regulation, partially thanks to its similarity with European data protection regulations regarding the rights of data subjects and the obligations of data controllers and data processors.

The framework for the protection of personal data in Mexico is composed of several regulations, among which we can highlight the Federal Law for the Protection of Personal Data in Possession of Private Parties (LFPDPPP) and its Regulation.

Personal data protection in Colombia

Veridas - SIC Colombia

Veridas has established security measures and privacy by default and by design principles, and complies with the obligations established for data processors, which are always regulated in a contract with its clients.

In Colombia, personal data protection is regulated by Law 1581 of 2012 and various decrees, developing the principles established by the Constitution.

Digital Pact Spanish Data Protection Agency

Veridas - Pacto Digital AEPD

The Spanish Data Protection Agency (AEPD) presented, at the beginning of 2021, a project to try to prevent and combat the different situations of digital violence that occur on the Internet. Its objective is twofold: on the one hand, to publicize the good practices to be carried out by society as a whole in order to build a healthy digital environment, and on the other, it is also intended to publicize the specific mechanism they have developed to try to remove certain sexual or violent content from the network: the Priority Channel.

Adherence to this Pact implies a public commitment, already reiterated on numerous occasions by Veridas, to comply with certain standards in terms of Data Protection, while at the same time allowing us to actively collaborate in the creation of a freer and safer Internet.

Compliance with previous regulations enables our solutions to comply with other national and international data protection regulations.

ETSI TS 119 461 & ETSI EN 319 401

Veridas has obtained the ETSI TS 119 461 and ETSI EN 319 401 certifications, recognised by the European Telecommunications Standards Institute (ETSI). These certifications set new standards for security and reliability in identity proofing and trust services, enabling us to act as an Identity Proofing Service Provider (IPSP) for Trusted Service Providers (TSP), complying with eIDAS regulations and supporting compliance needs across the EU. The documentation associated with this certification can be consulted here.

UKDIATF

Identity Verification Services to establish official identity for digital use, in accordance with the UK Digital Identity & Attributes Trust Framework. Specifically, the checking of an individual’s right to work and right to rent in the UK. We have the certification for high trust profiles H1A, H1C, and M2C.

PWC

Pioneers in the Ethical Diagnosis of our Artificial Intelligence systems. Veridas has become one of the first companies at a national level to carry out a ‘Diagnosis on the ethical principles of Artificial Intelligence’ with the support of PwC, a pioneering firm in this type of work. This diagnosis consists of analyzing the formal compliance with the ethical principles of artificial intelligence systems of companies and the ethical, legal, and technical framework on which these systems are developed.

AI Act

The EU AI Act sets clear rules for AI use, categorizing non-remote biometric systems requiring user participation as low or nonexistent risk.
All Veridas solutions fit this category.

PSD 2

Technology for reinforced customer authentication (biometric inherent element and ID document possession element).

Try a demo
Facial Parking Access

Simplify entry, save time, and manage your stadium parking more efficiently.

Quick Facial Parking Access

Enter the parking area in under 1 second with facial recognition technology.

Stress-Free Experience

Simplify the ticket purchase process and enable attendees to enjoy a hands-free experience throughout their stadium stay.

Enhanced Security

Elevate your parking security for peace of mind.

Facial Ticketing

Protect your Stadium with our end-to-end identity verification platform, featuring biometric and document verification, trusted data sources, and fraud detection.

Instant Identity Verification

Verify your attendees’ identity remotely in less than 1 minute.

Pop-up Convenience

Simplify the ticket purchase process and enable attendees to enjoy a hands-free experience throughout their stadium stay.

Maximum Security

Enhance the security of the purchase process, eliminating the possibility of fraud, resale, and unauthorized access.

Popup title

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.