November 2025: Major Information Technology Standards Released

The Information Technology sector marked a significant advancement this November 2025, with the publication of five influential international standards. These updates span digital identity, data integration, cybersecurity competence, online gambling risk management, and health informatics. As organizations worldwide grapple with heightened digital transformation, these standards set new expectations for compliance, security, and interoperability. This article—part 1 of a 6-part deep-dive—explores the latest releases and their industry-wide implications.

Overview

The Information Technology sector underpins every modern enterprise, facilitating secure transactions, data-driven decision-making, and digital services across industries. Globally recognized standards are essential in this field: they harmonize requirements, promote cross-border trust, and ensure robust security and interoperability.

Why do standards matter?

• They serve as benchmarks for quality, security, and efficiency.
• Help organizations comply with regulatory frameworks.
• Foster innovation through common technical language and structure.

In this article, you'll discover:

• The scope and requirements of five newly published standards
• Key application areas and compliance needs
• Practical recommendations for implementation and compliance

Detailed Standards Coverage

ISO/IEC TS 18013-6:2025 – mDL Test Methods

Personal identification – ISO-compliant driving licence – Part 6: mDL test methods

This technical specification delivers a structured suite of test methods for verifying the conformity of mobile driving licences (mDL) and mDL readers with the ISO/IEC 18013-5 standard. As mobile IDs gain traction globally, this standard ensures that both mDL apps and verification devices rigorously meet secure, interoperable expectations.

Scope and key requirements:

• Covers test cases for mDL-to-reader and reader-to-mDL interfaces, including optional interfaces to issuing authority infrastructure
• Specifies interface testing only: internal implementations and non-specified interfaces (e.g., data provisioning) are excluded
• Test design adheres to ISO/IEC 9646 conformance testing methodology
• Provides industry-accepted procedures for reporting, conformance statements (ICS), and test certificates

Who should comply:

• Developers of mDL apps
• mDL reader device manufacturers
• Issuing authorities adopting mDL tech

Practical implications:

• Streamlined interoperability for international driving licence validation
• Reduces legal/exchange risk at border and law enforcement checkpoints
• Enhances citizen trust with proven security compliance

What’s new?

• Revised and expanded test cases, especially for updated Bluetooth, NFC, and WebAPI protocols
• Updated implementation conformance statements (ICS)

Key highlights:

• Comprehensive, appendix-based test suites for interface conformance
• Applicability matrix enables tailored testing to each implementation
• Strengthens global reliability of digital driver identification

Access the full standard:View ISO/IEC TS 18013-6:2025 on iTeh Standards

ISO/TS 19166:2025 – BIM-GIS Conceptual Mapping

Geographic information – Building information modelling (BIM) to geographic information systems (GIS) conceptual mapping (B2GM)

Bridging the data divide between Building Information Modelling (BIM) and Geographic Information Systems (GIS) is critical for digital twins, urban planning, and facility management. ISO/TS 19166:2025 establishes a conceptual framework for mapping BIM information to GIS, leveraging three key mechanisms:

• Perspective Definition (B2G PD)
• Element Mapping (B2G EM)
• Level of Detail (B2G LM) mapping

Scope and requirements:

• Enables export and alignment of information from BIM to GIS, not limited to buildings—supports infrastructure, facility management, and smart city use cases
• Focuses on conceptual (not physical or schema-based) mapping, avoiding ambiguities from direct schema-to-schema integrations
• Excludes coordinate, relationship, and schema mapping—those require separate standards

Who should comply:

• Software developers in BIM/GIS integration
• Urban and infrastructure data managers
• Smart city and digital twin solution architects

Practical implications:

• Simplifies cross-domain workflows; reduces errors in data transfer between design, construction, and operation stakeholders
• Supports advanced indoor/outdoor navigation, asset management, and emergency planning

What’s new?

• Revised definitions, enhanced mapping mechanisms, and improved conceptual diagrams over 2021 edition

Key highlights:

• Three adaptable conceptual mapping mechanisms
• Supports LOD (Level of Detail) for tailored GIS visualization
• Directly addresses facility and environmental data transfer needs

Access the full standard:View ISO/TS 19166:2025 on iTeh Standards

EN 18144:2025 – Markers of Harm in Online Gambling

Online gambling – Markers of harm in support of identification and prevention of risky and problem gambling behaviour

Online gambling operators now have a standardized, minimum set of "markers of harm" to identify and detect risky or problematic gambling behaviors. EN 18144:2025 is Europe’s response to the growing need for proactive player risk detection and responsible gaming policies.

Scope and requirements:

• Defines essential behavioral markers such as volume of stakes, speed of play, depositing behavior, and session duration
• Allows analysis over varied time spans and supports addition of custom markers
• Enables jurisdictional flexibility: omitted markers are allowed if local laws restrict data collection
• Does not prescribe thresholds or intervention actions

Who should comply:

• Online gambling platforms and operators
• Compliance managers in regulated gaming markets
• Gambling analytics and harm prevention program leaders

Practical implications:

• Provides a data-driven foundation for risk identification, regulatory audit, and improved consumer protection
• Supports both in-house analytics and use of external service providers for early harm detection

What’s new?

• First European standard defining objective, trackable harm markers for digital gambling
• Designed for broad jurisdictional adaptation

Key highlights:

• Explicitly lists and details each marker
• Flexible for evolving regulatory requirements
• Forms baseline for responsible gaming tech integrations

Access the full standard:View EN 18144:2025 on iTeh Standards

EN ISO/IEC 19896-3:2025 – Competence Requirements for IT Security Conformance

Information security, cybersecurity and privacy protection – Requirements for the competence of IT security conformance assessment body personnel – Part 3: Knowledge and skills requirements for evaluators and reviewers according to the ISO/IEC 15408 series and ISO/IEC 18045

Under increasing regulatory scrutiny, organizations require confidence that IT security evaluations are credible, consistent, and recognized internationally. EN ISO/IEC 19896-3:2025 specifies the precise knowledge and skill set required for personnel engaged in assessing IT product security conformance under the globally adopted ISO/IEC 15408 (Common Criteria) and ISO/IEC 18045 methodologies.

Scope and requirements:

• Distinguishes knowledge and skill requirements for both evaluators (typically working in ISO/IEC 17025 labs) and reviewers (in ISO/IEC 17065 certification bodies)
• Includes in-depth coverage of functional and assurance classes in IT security evaluation
• Details evaluation skills, testing methodology, and technology awareness

Who should comply:

• IT product certification bodies and security testing labs
• IT security evaluators, certifiers, and assessors
• Organizations pursuing Common Criteria certification for products

Practical implications:

• Ensures uniformity of security evaluations
• Strengthens trust among buyers, certification bodies, and regulators
• Supports international recognition and mutual acceptance of security certificates

What’s new?

• Unique focus on knowledge/skills profiles for security certification roles
• Reinforces standardized training and qualification pathways

Key highlights:

• Baseline competence specifications for IT security assessment professionals
• Supports both technology-specific and broad IT security skill sets
• Guidance for training, credentialing, and professional development

Access the full standard:View EN ISO/IEC 19896-3:2025 on iTeh Standards

ISO 17117-1:2025 – Health Informatics Terminological Resources

Health informatics – Terminological resources – Part 1: Characteristics

Effective health data exchange, analysis, and population health management depend on standardized terminological resources. ISO 17117-1:2025 provides a detailed framework for evaluating the fitness of healthcare terminologies (such as vocabularies, coding systems, and classification schemes) by defining essential characteristics—supporting patient care documentation, analysis, and interoperability.

Scope and requirements:

• Identifies universal and specialized characteristics making a health terminological resource fit for clinical concept representation
• Focus on terminologies for health-related applications: excludes mapping quality between different terminologies or versions
• Outlines functions such as data capture, aggregation, reasoning, and maintenance

Who should comply:

• Hospitals and healthcare providers selecting EHR or coding systems
• Health informatics standards developers
• Health IT procurement and evaluation teams

Practical implications:

• Facilitates transparent evaluation, selection, and deployment of terminological systems in patient care and analytics
• Promotes semantic interoperability—essential for health data exchange and research

What’s new?

• Updates to reflect latest medical and informatics practice
• Enhanced focus on characteristics directly relevant to data quality and interoperability

Key highlights:

• Criteria for assessment and categorization of terminological resources
• Addressed to a broad spectrum of stakeholders: developers, evaluators, and end users
• Foundations for further requirements in future health informatics standards

Access the full standard:View ISO 17117-1:2025 on iTeh Standards

Industry Impact & Compliance

Adopting these new Information Technology standards is more than an act of regulation—it's a strategic move to protect your organization, boost trust, and gain a competitive edge.

Key compliance considerations:

• Timelines: Early engagement with the standards shortens compliance cycles and avoids last-minute disruptions.
• Sector-specific impacts:
  • mDL conformance: mandated in travel, law enforcement, and DMV applications
  • BIM-GIS integration: vital for digital twin and facility management projects
  • Online gambling: required for operators in regulated markets—under scrutiny for player protection and anti-money-laundering
  • IT security assessments: necessary for vendors seeking global certification
  • Health informatics: foundational for hospitals, health IT vendors, and insurers

Risks of non-compliance:

• Regulatory penalties and failed audits
• Market access barriers
• Reputational harm from security breaches or poor quality

Benefits of adoption:

• Demonstrates global best practice adherence
• Easier vendor/client onboarding, cross-border transactions
• Enhanced data integrity, security, and service quality

Technical Insights

These November 2025 standards showcase technical convergence:

• Interface conformance testing (ISO/IEC TS 18013-6): Modularity and test coverage for secure identity
• Conceptual mapping frameworks (ISO/TS 19166): Decoupling data from schema for flexibility
• Behavioral analytics (EN 18144): Objective markers, scalable data analysis for risk management
• Competence frameworks (EN ISO/IEC 19896-3): Elevating professionalism in IT security evaluation
• Terminology characterization (ISO 17117-1): Comprehensive, function-driven evaluation

Best practices for implementation:

1. Assign compliance leads for each standard area
2. Conduct gap analyses against new requirements
3. Update policies, workflows, and technical architecture
4. Seek certified training for evaluators/reviewers where required
5. Leverage software tools—testing suites, data analytics, mapping engines

Testing and certification tips:

• Early integration of automated tests (where applicable) ensures smoother deployment
• Maintain thorough documentation for future audits
• Leverage published implementation conformance statements (ICS) and checklists

Conclusion & Next Steps

The new Information Technology standards published in November 2025 raise the bar for compliance, security, and technical clarity. Organizations operating in digital identity, GIS/BIM, online gambling, IT security certification, and health data management should:

• Stay informed: Regularly monitor updates at iTeh Standards
• Evaluate impact: Assess processes and technology stacks against new requirements
• Engage with standards bodies: Participate in working groups for ongoing improvement
• Act now: Early adoption ensures better compliance positioning and industry leadership

Explore the full texts and future updates for these standards on iTeh Standards. Subscribe to alerts and stay ahead in IT compliance and innovation.