ISO/IEC 27565
ISO/IEC 27565:2026 — Information technology, cybersecurity and privacy protection — Guidelines on privacy preservation based on zero knowledge proofs
[First edition]
Abstract
ISO/IEC 27565 "provides guidelines on using zero-knowledge proofs (ZKP) to improve privacy by reducing the risks associated with the sharing or transmission of personal data between organisations and users by minimizing information disclosure. It includes several ZKP functional requirements relevant to a range of different business use cases, then describes how different ZKP models can be used to meet those functional requirements securely.”
[Source: ISO/IEC 27565:2026]
Introduction
Zero Knowledge Proofs are mathematical techniques (families of cryptographic protocols) allowing someone (the prover) to prove to someone else (the verifier) that they are in possession of a secret, without actually disclosing the secret to the verifier or to some trusted third party. The secret is often a credential used for authentication (such as a password, biometric or personally identifiable information) but could equally be some other piece of sensitive/valuable information which is to remain confidential/private during the verification process, such as the person's age.
The process involves the prover (who knows the secret) convincing the verifier (who needs to check it) that the verifier’s statement/s or assertion/s concerning the secret (e.g. “The person is older than 18 years”) are either true or false, without disclosing additional information (e.g. their birthday). At the same time, the process substantially prevents malicious interference such as replay attacks (e.g. repeating a previous age-verification sequence that applied to a different person) and collusion between the parties.
Scope
This standard principally concerns the use of ZKP for privacy protection (e.g. someone checking the claimed identity or age of a person known to an authority, without the authority having to disclose or reveal that personal information), although other use cases are noted (e.g. digital wallets). Examples in the annexes demonstrate the techniques in use.
Structure
Main clauses:
5: Introduction to zero-knowledge proofs*
6: Considerations of implementing ZKPs for attribute verification
7: Use cases of ZKPs
8: Privacy preservation using zero-knowledge proofs
9: Functional use cases
10: Business use examples
Annex A: Factors facilitating or hindering ZKP developments
Annex B: Subject binding
Annex C: Example of a consistency check between two documents
Annex D: Example of ZKP for selective disclosure
Annex E: Examples of slective disclosure without using ZKPs
Annex F: Example of secure comparison of two numbers
Annex G: Implementing digital credentials with ZKP
* Clause 5, the introduction, is included in the free sample/preview of this standard on the ISO.org website.
Status
The standard development project set out in 2021.
The first edition was published in February 2026.
Commentary
27 specialist terms are defined in the standard - a clue as to the technical complexity of ZKP. This is a cutting-edge technique of value for privacy and other purposes.