INTERNATIONAL DRIVING AUTHORITY
Login
Apply
  1. Homepage
    2.  / 
  2. Blog
    3.  / 
  3. From Paper IDP to Digital Future: A Phased Migration Roadmap for Cross-Border Driving Credentials
Suggested languages
EN English
AF Afrikaans AM Amharic AR Arabic AZ Azerbaijani BE Belarusian BG Bulgarian BN Bengali BS Bosnian CS Czech DA Danish DE German EL Greek ES Spanish ET Estonian FA Persian FI Finnish FIL Filipino FR French GA Irish HE Hebrew HI Hindi HR Croatian HU Hungarian ID Indonesian IT Italian JA Japanese KA Georgian KK Kazakh KM Khmer KO Korean KY Kyrgyz LO Lao LT Lithuanian LV Latvian MK Macedonian MN Mongolian MS Malay MY Burmese NE Nepali NL Dutch NO Norwegian PA Punjabi PL Polish PS Pashto PT Portuguese RO Romanian RU Russian SI Sinhala SK Slovak SL Slovenian SQ Albanian SR Serbian SW Swahili TA Tamil TG Tajik TH Thai TK Turkmen TR Turkish UK Ukrainian UR Urdu VI Vietnamese ZH Chinese

Blog languages
CA Catalan HY Armenian IS Icelandic JV Javanese MT Maltese SV Swedish UZ Uzbek
From Paper IDP to Digital Future: A Phased Migration Roadmap for Cross-Border Driving Credentials

From Paper IDP to Digital Future: A Phased Migration Roadmap for Cross-Border Driving Credentials

The shift from paper International Driving Permits (IDPs) to a future digital IDP will not arrive because one more standards body publishes one more specification. It will arrive because governments execute a careful migration path — one that keeps the legal present working while building the digital future in layers.

Why Migration, Not Architecture, Is the Real Challenge

The hardest problem in the future IDP discussion is no longer technical architecture. It is migration.

Most of the building blocks already exist:

  • ISO standards for physical and mobile driving licenses (the ISO/IEC 18013 series)
  • An internet-presentation extension for mobile driving licenses (mDLs)
  • Finalized OpenID issuance and presentation protocols (OpenID4VCI 1.0 and OpenID4VP 1.0)
  • The W3C Verifiable Credentials Data Model
  • Regional trust infrastructures
  • Active government deployments

At the same time, the global legal layer is still evolving. UNECE documents from 2025 and 2026 show ongoing work to modernize domestic and international driving permits — including mobile and digital permit concepts. The EU’s new driving-license rules entered into force on 25 November 2025 and become applicable in Member States within four years.

The real question is no longer whether a digital IDP can be built. The question is: how do governments move from paper IDP logic to a future cross-border driving-credential stack without disrupting travel, enforcement, or legal certainty along the way?

The answer is not a sudden replacement. It is a layered migration.

The Core Principle: Add First, Replace Later

The guiding rule should be simple: add new layers first, replace old ones later.

This principle is already embedded in the official materials:

  • ISO/IEC 18013-1:2018 allows a single secure license to replace two documents in many cases, but explicitly permits countries to keep their domestic design and issue a second card where needed.
  • The EU’s new rules keep physical driving licenses available on request, especially for travel to non-EU countries that do not recognize digital licenses.
  • AAMVA’s implementation guidance requires issuing authorities to continue offering physical credentials.

The standards are not asking governments to flip a switch. They are providing a gradual path.

Phase 0: Clean the Domestic Record First

Governments often want to start with the visible part of digital transformation — the application, the QR code, the wallet demonstration.

That is the wrong place to start.

A future IDP can only be as reliable as the domestic licensing record beneath it. ISO/IEC 18013-1 defines the physical characteristics and basic data set for an ISO-compliant driving license, and ISO/IEC 18013-5 defines the interfaces that allow readers and verifiers — including those in other countries — to obtain and verify mDL data. Incorrect source data does not stay local; it becomes machine-verifiable incorrect data at scale.

Phase 0 is therefore about internal data quality. Governments should normalize:

  • License category mappings
  • Restrictions and endorsements
  • Expiry and renewal rules
  • Suspensions and revocations
  • Transliteration policy
  • Issuer identifiers
  • Status definitions

They should also decide what is internationally meaningful and what is only relevant domestically. This work is invisible, but it is what turns a domestic record into something that can survive cross-border presentation.

Phase 1: Standardize the Physical Layer and Keep It Alive

A realistic migration does not begin by eliminating paper. It begins by making the physical layer more secure and more interoperable.

ISO/IEC 18013-1 is useful here precisely because it is transitional. It allows one card to replace two documents in most cases, but also permits jurisdictions that keep their own domestic design — or that do not use Latin characters on the domestic license — to issue a second card with or without ISO machine-readable technologies.

The EU’s own rules keep physical licenses available on request, particularly for:

  • Drivers who do not use a smartphone
  • Travel to countries that do not recognize digital licenses
  • Anyone who simply prefers a physical document

AAMVA likewise requires issuing authorities to continue offering physical credentials.

Phase 1 should therefore be characterized by physical continuity, improved semantics, and better machine readability — not elimination.

One critical point belongs here: AAMVA is very clear that a visual rendering of a driver’s license on a phone — used as a display-only image — does not qualify as an mDL. A screenshot, PDF scan, or static card image inside an app is not a serious migration step. It is a reduction in security presented as progress.

Phase 2: Build Domestic mDL Before International Ambition

The next step is not a global digital permit. The next step is domestic mobile parity.

ISO/IEC 18013-5 defines the interfaces between the mDL and the reader, and between the reader and the issuing-authority infrastructure. The standard enables use by verifiers in other countries, but that is a capability, not a deployment plan. Governments that move directly from paper IDP to cross-border digital claims — without first making domestic mDL work at scale — are skipping necessary intermediate steps.

A complete Phase 2 should include:

  • Domestic mDL issuance
  • Domestic reader deployment
  • Domestic roadside use cases
  • Verifier training programs
  • Continued availability of the physical license

The EU’s mobile-driving-license use-case manual notes that Member States can issue and recognize mDLs for national use earlier — even before the broader cross-EU timetable.

This phase also requires choosing the right retrieval model. AAMVA’s implementation guidance notes that ISO/IEC 18013-5 requires device retrieval support and allows server retrieval, but AAMVA itself prohibits server retrieval because of tracking and privacy concerns. Governments that want to preserve public trust should treat local, device-based presentation as the default — not real-time issuer dependence.

Phase 3: Build Trust Infrastructure Before Mass Verifier Deployment

This is the phase governments are most likely to underfund, because it is invisible to end users and therefore easy to postpone.

It is also the phase that determines whether the entire migration becomes credible.

A verifier cannot trust a mobile or cross-border driving credential just because the wallet looks official. It needs:

  • Public keys
  • Issuer metadata
  • Trust anchors
  • A reliable way to know which issuers are legitimate

AAMVA’s Digital Trust Service is a concrete example. Participating issuing authorities provide their public keys, and those keys are assembled into a downloadable list that relying parties can obtain before interacting with an mDL.

Europe takes the same direction in a different governance style. The EUDI architecture requires relying parties to register, including the attributes they intend to request. The EU mDL use-case manual adds that Member States would notify the Commission of authorized mDL issuers, and the Commission would publish a list for verification purposes.

Phase 3 is the moment governments must establish:

  • Issuer key distribution
  • Trust-anchor publication
  • Verifier registration
  • Role and purpose metadata
  • Policy versioning

Without this phase, cross-border verification is a design concept without real infrastructure.

Phase 4: Certify Readers, Not Just Wallets

Too many digital-ID deployments focus on wallet issuance and forget the reader side. But the future IDP is a verifier problem as much as a holder problem.

ISO/IEC TS 18013-6:2025 specifies test methods for mDL conformance and for reader conformance on both the mDL interface and the optional issuing-authority interface. However, ISO notes that test cases for issuing-authority infrastructure on its interface to the reader are not included. That gap matters. Governments cannot rely entirely on the standard — they still need:

  • Ecosystem testing
  • Independent audits
  • Operational certification
  • Reader governance frameworks

This is also where verifier categories must become real. The EUDI architecture requires relying-party registration to specify the attributes the relying party intends to request. Police readers, rental platforms, employer compliance systems, and insurer claim tools should not be treated as one generic reader category. They need:

  • Different registration profiles
  • Different authorized requests
  • Different retention rules
  • Different supervision regimes

Phase 4 is not about distributing reader applications. It is about creating a governed reader ecosystem.

Phase 5: Open Remote Presentation Only After In-Person Flows Are Routine

Governments are often drawn to online use cases first because they seem modern and politically appealing. That is the wrong sequence.

Remote presentation is powerful, but it becomes risky when used as a shortcut around unresolved trust and verifier problems. The protocol layer is now mature enough for controlled deployment:

  • ISO/IEC TS 18013-7:2025 adds internet presentation of an mDL
  • OpenID4VCI 1.0 and OpenID4VP 1.0 were finalized in 2025
  • W3C’s Verifiable Credentials Data Model 2.0 became a W3C Recommendation on 15 May 2025

The EU mDL use-case manual points to the right first remote scenario: car rentals. It explicitly says rental companies may check the customer’s right to drive either at pickup or by receiving driving-license information online in advance.

A government-level migration should sequence remote presentation carefully:

  1. First, make roadside and in-person checks routine.
  2. Then, open remote pre-checks and advance entitlement sharing.
  3. Only later, expand remote driving-credential use beyond the most obvious operational cases.

Phase 6: Build Corridors, Not Expectations of Immediate Global Recognition

This is the phase where migration becomes political.

A future IDP will not become globally real because one country declares it so. It will become real when recognition corridors emerge between jurisdictions that share enough standards, trust infrastructure, and governance.

The evidence is already there:

  • AAMVA’s Digital Trust Service is a regional trust infrastructure for North America.
  • The EU’s new rules create a regional digital-license path inside the Union, with digital licenses in the EU Digital Identity Wallet and physical backup for third-country use.
  • UNECE documents from 2025 and 2026 show that the broader international legal layer is still being modernized.

The realistic unit of adoption is not the entire world. It is the corridor:

  • EU-to-EU recognition
  • AAMVA-participating jurisdictions
  • Bilateral recognition pilots
  • Selected rental and roadside ecosystems with known reader deployments

This is not a lack of ambition. It is the only way to grow real trust without making unrealistic claims about immediate worldwide acceptance.

Phase 7: Make Digital the Default Only When Backup Is Real

The end state is not the disappearance of paper. The end state is paper becoming secondary.

The EU’s current timeline is useful because it is concrete:

  • The Directive that entered into force on 25 November 2025 establishes that digital licenses will be issued by default after a transition period.
  • Physical licenses remain available on request.
  • The legislation becomes applicable in Member States within four years.
  • The EU mDL use-case manual suggests transport authorities would issue driving licenses as mDLs by default from the second half of 2029 (to be confirmed), without excluding earlier national issuance and recognition.

Paper should move from primary to backup only when three conditions are met:

  1. The domestic authoritative record is sufficiently clean.
  2. The trust and verifier ecosystem is sufficiently governed.
  3. The cross-border corridor map is sufficiently wide that paper is no longer carrying the system.

Until then, governments should avoid declaring paper obsolete. If third countries still need physical backup, if verifier deployment is incomplete, or if treaty modernization is still in progress, then paper is not obsolete — it is still performing a necessary function.

Add first. Replace later

What Governments Should Not Do

Several mistakes are worth flagging explicitly:

  • Do not require wallet-only identity before reader trust exists. AAMVA’s Digital Trust Service model and EUDI’s relying-party registration model both show that trust distribution and verifier governance must be built before claims of interoperability become credible.
  • Do not treat a visual rendering as a cryptographically verifiable credential. AAMVA explicitly rejects this approach.
  • Do not use server-side issuer callbacks as the default retrieval pattern. AAMVA prohibits server retrieval in its implementation guidelines because of tracking and privacy risks.
  • Do not promise worldwide recognition before corridor-level recognition, reader deployment, conformance testing, and trust-list operations are actually working.

The Core Argument: Migrate Like Infrastructure, Not Like an App

A future IDP should be migrated like public infrastructure, not launched like a mobile application.

That means following the sequence:

  1. Clean the domestic record.
  2. Stabilize the physical layer.
  3. Deploy domestic mDL.
  4. Build trust registries and verifier governance.
  5. Certify readers.
  6. Open remote flows.
  7. Create recognition corridors.
  8. Make digital the default — with paper as backup.

That path is slower than a presentation slide. It is also much more likely to survive contact with real drivers, real police officers, real rental desks, real borders, and real law.

Apply
Please type your email in the field below and click "Subscribe"
Cancel
December 11, 2017 A car trip to Crimea: possible pitfalls A car trip to Crimea: possible pitfalls March 28, 2024 The Tesla Experience Part One: From Auction to Road The Tesla Experience Part One: From Auction to Road March 10, 2024 10 Interesting Facts About Azerbaijan 10 Interesting Facts About Azerbaijan
Subscribe and get full instructions about the obtaining and using of International Driving License, as well as advice for drivers abroad