VVEREID Docs
concepts

Verification tiers (T0–T6)

Exactly what each VEREID verification badge proves — and equally important, what it does not prove. Read this before any user-facing copy.

Last updated 2026-05-20

VEREID's verification ladder is intentionally honest. Every competitor we benchmarked overclaims at least one tier — usually conflating "the document chip is internally consistent" with "the issuing government has confirmed this is a real person". We refuse to do that. The wording below is what your UI is allowed to say. Diverging from it puts you in breach of the Acceptable Use Policy.

The ladder at a glance

TierOne-line meaningWhat it does not prove
T0Anonymous account, no checks.Nothing.
T1Selfie matches an ID document photo; document fields are internally consistent.The document is real.
T2T1 plus the selfie was captured live (not a photo or video replay).The document is real.
T3T2 plus the name is not on any consolidated public sanctions or PEP list.Reliable PEP coverage in some jurisdictions.
T4T3 plus the affiliated business legally exists in a public registry.The user is authorised by that business.
T5T1 plus the document's chip signature is internally consistent per ICAO 9303 Passive Authentication.The issuing government has confirmed authenticity.
T6A direct, per-country government-record lookup matched the user.Coverage outside the integrated country list.

T0 — Anonymous

The default. You may follow, post, and read. You may not unlock any badge or appear in search results that filter on verification.

T1 — Photo verified

We run AWS Rekognition CompareFaces between the user's selfie and the photo extracted from a submitted ID document by AWS Textract AnalyzeID. We also run our own OpenCV-based tamper checks (EXIF analysis, error-level analysis, copy-move detection) and the Goat-Nano anti-spoof model from AIARCO_AI/lite. A pass means the face on the document matches the live face, and the document is internally consistent. It does not mean the document is real. A high-quality printed forgery with a real face on it will pass T1.

Allowed copy: "Photo verified". "Selfie matches the photo on a submitted ID."

T2 — Liveness verified

T1 plus a randomised challenge-response liveness probe — head turn, blink, or randomised spoken phrase — verified by Rekognition Video plus our anti-spoof model. This defeats photo replay, video replay, deepfake-on-recording, and most printed-mask attacks. It still does not prove the document is real.

Allowed copy: "Liveness verified". "Live human, not a replay."

T3 — Sanctions clear

The submitted name (with optional DOB and nationality) is run against our in-house consolidator over primary-source free sanctions and PEP feeds: OFAC SDN, EU CFSP, UK HMT OFSI, UN Consolidated, AU DFAT. We use Damerau-Levenshtein fuzzy matching with a tunable threshold and surface confidence plus reasons.

Allowed copy: "Sanctions clear (T3)". "Not present on the major public sanctions and PEP lists at the time of verification."

PEP coverage is intentionally less aggressive than commercial bureaux — we only include officials named in the primary-source lists above, not third-party aggregated PEP databases.

T4 — Business verified

The user has claimed affiliation with a business that legally exists in a public registry. We currently consume GLEIF (global LEI), SEC EDGAR (US), UK Companies House, and AU ABN Lookup. Additional registries land country by country.

Allowed copy: "Affiliated business exists". Not "User is an authorised representative of the business" — that requires a separate signed-authority workflow on our roadmap.

T5 — Chip authenticated (ICAO 9303 Passive Authentication)

The user's passport NFC chip was read by our mobile SDK (iOS CoreNFC, Android android.nfc). We verified that the chip's internal cryptographic signature is consistent: the Document Security Object's hash matches the hashes of the Data Groups, and the Document Security Object is self-consistent. This means the document is genuine per ICAO 9303 Passive Authentication — it does NOT verify the holder against any government database.

That sentence — verbatim — is the only wording you may use to describe a T5 result to an end user or a customer. We deliberately do not have access to the ICAO PKD (Public Key Directory), so we cannot prove the issuing-state Document Signing Certificate is genuine — only that the document is internally consistent. A state that wanted to forge a passport with a fake DSC could pass T5. That is rare, but it is the honest limit.

T6 — Government-record matched

Per-country direct lookup against an authoritative register. Estonia e-ID (free OIDC), India Aadhaar OKYC (licensed partner), and others land country-by-country as Workstream L's research turns into integrations. T6 is the strongest tier we offer and the only one that is permitted to use the word "government-verified" in marketing copy — and even then only for the specific country whose adapter ran.

How tiers compose

Tiers are additive — every higher tier includes the lower tier as a precondition. The exception is T5, which only requires T1 (since chip-auth itself proves the photo on the chip matches the document; liveness is independent of chip presence). T6 always requires T2.

Where this matters

  • Marketing copy — never use "government-verified" for T1–T5.
  • API responsesverification.badges[] is the source of truth; the singular tier is the highest contiguous tier the user has unlocked, not a god-given trust score.
  • Webhooksverification.completed always carries the full signals[] array so you can build your own composite score.