ETSI TS 119 461 has evolved with the introduction of version v2.1.1. For Qualified Trust Service Providers (QTSPs), the key question is how and when this version applies in practice.
ETSI TS 119 461 v2.1.1 will become mandatory in August 2027. Until then, existing ETSI-certified frameworks remain fully valid, allowing organizations to continue operating in compliance while planning the transition in a controlled and predictable way.
This article explains what ETSI TS 119 461 regulates, what the new version introduces, when it will become mandatory, and how Veridas is already aligning its services to ensure continuity and compliance.
When ETSI TS 119 461 v2.1.1 Will Become Mandatory
One of the most relevant aspects of the new version is the enforcement timeline.
- ETSI TS 119 461 v2.1.1 becomes mandatory in August 2027.
- Until that date, QTSPs may continue to operate using:
- Previous versions of ETSI TS 119 461, or
- Recognized national certification schemes.
This means there is no immediate obligation to adopt v2.1.1. The transition has been designed to be gradual and aligned with standard regulatory adaptation cycles, allowing organizations to plan changes without disruption.
Although ETSI TS 119 461 v2.1.1 does not become mandatory until August 2027, QTSPs are not entirely unaffected before that date.
In particular, existing QTSPs are required in 2026 to submit a compliance report under Article 24 eIDAS, demonstrating continued conformity of their identity proofing processes. The table below summarises how these transitional obligations apply over time.
The Evolution of the Standard: ETSI TS 119 461 v2.1.1
Like any technical and regulatory standard, ETSI TS 119 461 evolves to address new risks, technologies, and operational realities.
Version v2.1.1 strengthens certain controls and requirements, particularly in areas related to attack detection and resilience against emerging forms of fraud.
This update should be understood as a continuation of the existing framework, not a break from it. The regulatory foundations and core principles of identity proofing remain unchanged, while incremental improvements are introduced to reflect the current threat landscape.
What Is ETSI TS 119 461 and Why Is It Key for Identity Proofing
ETSI TS 119 461 defines the technical and organizational requirements that identity proofing services must meet to reliably verify a person’s identity, especially in remote and digital scenarios.
Among other aspects, the standard specifies:
- How identity evidence must be captured and validated.
- The use of biometrics and liveness detection controls.
- Fraud prevention and impersonation mitigation measures.
- Security, data protection, and access control requirements.
- Levels of assurance aligned with eIDAS.
Together with ETSI EN 319 401, which reinforces risk management, information security, and service continuity, ETSI TS 119 461 provides a robust and consistent framework for remote identity verification across Europe.
Identity Proofing: Establishing Trust from the First Interaction
Identity proofing solutions are designed to confirm that a real person corresponds to a claimed identity. They typically combine document verification, data validation, and, at more advanced levels, biometric verification.
This process is essential to:
- Prevent identity fraud and impersonation.
- Meet Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations.
- Ensure that access to digital services is granted only to legitimate users.
Regulatory Continuity and Preparation for the Next Version
Veridas is compliant with ETSI TS 119 461 v1.1.1 requirements and operates under an active ETSI-certified framework. The company is already aligning its identity proofing processes with the changes introduced in version v2.1.1, ensuring continuity as the standard evolves.
The update to ETSI TS 119 461 v2.1.1 represents a natural evolution of the European identity proofing framework, not a disruptive change. QTSPs can continue to operate using certified solutions while planning their transition in line with the established regulatory timelines.
As a result, when v2.1.1 becomes mandatory, Veridas’ services will already meet the required criteria, without requiring disruptive changes for its clients.
