NIST Updates Digital Identity Standards to Confront AI-Driven Fraud and Modern Authentication Challenges

The National Institute of Standards and Technology (NIST) released its long-awaited update to federal digital identity guidelines on Friday, marking the first major overhaul since 2017. The revisions come after a four-year drafting process that included two public comment periods and more than 6,000 submissions, reflecting the growing complexity of identity verification in a digital-first world.

“These guidelines are one step in a continued evolution of how we can help organizations deploy more effective, more efficient, more secure identity technology,” said Ryan Galluzzo, NIST’s digital identity lead in the Applied Cybersecurity Division.

A notable shift in the update is the removal of the word “equity,” which appeared over 30 times in earlier drafts. While the 2017 guidance did not mention equity, the previous drafts emphasized inclusivity and usability, framing identity systems around both accessibility and fairness. In the final version, the emphasis has shifted toward “customer experience.”

“You can’t deploy technology that just will not work for your population,” Galluzzo explained. “No matter how secure and effective it seems, if no one can use it, no one can use it.”

The revision aligns with broader political dynamics; previous administrations’ priorities around diversity, equity, and inclusion (DEI) have influenced federal digital identity initiatives, with Biden-era policies favoring DEI and Trump-era directives pushing back. In June, for example, the White House rolled back aspects of a Biden-era cybersecurity executive order on digital identity, citing concerns about ID access for individuals without legal immigration status.

Beyond the ideological shifts, the update reflects substantive technological changes. The guidelines now explicitly cover mobile driver’s licenses (mDLs), detailing how they can be used for online identity verification. While mDLs are currently most commonly used for in-person identification, expanding their online applicability could significantly bolster anti-fraud measures in financial services and other sectors vulnerable to identity theft.

The revised guidance also introduces controls for emerging threats like deepfakes, which the Treasury Department’s Financial Crimes Enforcement Network flagged last fall as an escalating risk for fraud. “Criminals have used GenAI to create falsified documents, photographs and videos to circumvent financial institutions’ customer identification and verification,” the alert noted.

Philipp Pointner, Chief of Digital Identity at Jumio, framed the update as a response to the rapidly evolving fraud landscape.

“NIST’s revised guidelines address many of the digital identity challenges we face today and represent a significant leap forward in the fight against fraud,” Pointner said. “As AI tools have become increasingly accessible, the conversation around fraud and digital identity is changing — in fact, recent research found that 69% of consumers surveyed consider AI-powered fraud a greater threat to their personal security than traditional forms of identity theft. The NIST guidelines are an important step toward aligning policy frameworks with the realities businesses and consumers face on a daily basis. Using the NIST guidelines to implement the proper tools to detect and deter these fraudulent AI-driven threats will help safeguard individuals and organizations. It's important that the guidelines provide a framework for organizations as they seek to sort between legitimate customers and fraudsters, while maintaining respect for personal data.”

The new guidance is expected to influence not only federal agencies but also private sector companies that model identity verification and authentication processes on NIST standards. As digital interactions increasingly replace physical transactions, the updated framework could shape the next wave of secure, user-friendly, and AI-aware identity solutions.