May 2026: New Information Technology Standards Advance Digital Identity, IoT, and Health Data

In May 2026, five pivotal standards were published in the field of Information Technology and Office Equipment, marking significant progress in digital identity, IoT system evaluation, health data exchange, and manufacturing automation. These standards address both foundational architecture and advanced implementation challenges, empowering industry leaders to foster trust, security, and efficiency across digital ecosystems. In Part 5 of our seven-part series, we detail the latest technical specifications, practical requirements, and key implications for professionals navigating the evolving digital technology landscape.

Overview / Introduction

Information Technology and Office Equipment is a rapidly advancing domain, underpinning secure communication, industrial automation, and healthcare innovation across the globe. Standards in this area are essential for ensuring interoperability, regulatory compliance, and consistent implementation of cutting-edge digital solutions. As digital identity, IoT, and health informatics solutions mature, new standards define the frameworks and technical criteria necessary for safe, compliant, and high-performing operations.

This article will guide you through the substance, requirements, and business impact of five newly released standards for May 2026. Each standard addresses a key area:

• OpenID identity assurance for verified digital identity
• Generic schema definitions enabling flexible verified claims
• Use of digital twins for advanced robotic manufacturing
• Unique identification and data structure for medicinal products in health informatics
• Evaluation indicators for IoT system performance

For each, we outline the scope, core specifications, compliance targets, implementation strategies, and how you can access further details directly on iTeh Standards.

Detailed Standards Coverage

ISO/IEC 25831-1:2026 - OpenID Identity Assurance 1.0: General

Information technology — OpenID identity assurance 1.0 — Part 1: General

ISO/IEC 25831-1:2026 sets out the general technical mechanism for enabling a relying party—such as a service provider or application—to request, and securely receive, verified claims about an end-user from an OpenID provider. Rather than focusing on legal, contractual, or trust frameworks, this standard provides the technical 'tools' to request and deliver identity data with assurance metadata.

Scope and Key Requirements:

• Defines processes for a relying party (RP) to request only the minimal necessary identity data (data minimization) with specific verification requirements.
• Introduces the verified_claims container in OpenID Connect responses, grouping verified attributes with metadata on how/who verified them.
• Allows OpenID providers (OPs) to include assurance details such as trust framework used, evidence, and fulfillment of regulatory obligations (e.g., eIDAS, anti-money laundering laws).
• Supports both OPs operating under strong regulation (where evidence may not need to be shared) and those in less regulated contexts (where additional process/evidence metadata is required).
• Flexible integration with existing OpenID Connect claims and schemas.

Who Should Comply:

• Identity providers, relying parties, application developers, compliance managers, digital identity solution architects, and organizations handling high-assurance digital identity management.

Practical Implementation:

• Enables compliance with jurisdictional and sector-specific requirements for digital identity assurance, including health and finance.
• Facilitates higher assurance levels essential for applications like e-Government, banking, and access to sensitive data sets.

Key highlights:

• Modular structure for requesting and delivering verified claims
• Extensible for a range of trust frameworks and evidence types
• Designed for global, multi-jurisdictional interoperability

Access the full standard:View ISO/IEC 25831-1:2026 on iTeh Standards

ISO/IEC 25831-2:2026 - OpenID Identity Assurance 1.0: Schema Definition

Information technology — OpenID identity assurance 1.0 — Part 2: Schema definition

Complementing Part 1, ISO/IEC 25831-2:2026 defines the JSON schema for describing assured identity claims relating to a natural person. At its core is the new verified_claims claim and the accompanying verification element, registered with the IANA "JSON Web Token Claims Registry." This schema enables precise structuring and syntactic validation of asserted identity data, supporting data minimization and extensibility.

Scope and Key Requirements:

• Structures verified_claims as a container for verified attributes and metadata describing the verification process.
• Mandates strict adherence to the schema for interoperability, while allowing for extensions by implementers or specific regulatory frameworks.
• Specifies fields such as trust_framework, assurance_level, assurance_process, evidence, and more within the verification object.
• Enables machine-readable requests and validation using provided JSON schema definitions.

Who Should Comply:

• Identity system developers, OpenID Connect implementers, cybersecurity architects, trust framework operators, and software engineers designing authentication, authorization, or identity assurance solutions.

Practical Implementation:

• Ensures claim recipients and service providers do not mix verified and unverified claims.
• Enables jurisdiction-specific assurance profiles and evidence requirements while maintaining syntactic and semantic clarity.

Key highlights:

• Clear, machine-readable schema for robust assurance
• Supports a broad suite of identity attributes (e.g., name, birthdate, address)
• Critical for high-stakes trust transactions and regulatory reporting

Access the full standard:View ISO/IEC 25831-2:2026 on iTeh Standards

ISO/TR 23247-101:2026 - Digital Twin for Manufacturing: Welding Use Case

Automation systems and integration — Digital twin framework for manufacturing — Part 101: Use case on management of robotic multilayer and multipass gas-shielded metal arc welding process

This technical report describes a digital twin system optimized for robotic multilayer and multipass gas-shielded metal arc welding, a critical process in large-scale metal structure fabrication (e.g., tunnel boring machines, ships, engineering equipment). The report details how digital twins—virtual representations of welding operations—improve efficiency, precision, quality, and proactive maintenance within highly customized manufacturing.

Scope and Key Requirements:

• Models operational sequences from process design, preparation, and live operation to real-time monitoring, inspection, and documentation.
• Utilizes a digital twin to simulate, monitor, and dynamically adjust welding parameters (current, voltage, travel speed, etc.), optimizing quality and process stability.
• Introduces predictive maintenance capabilities by monitoring equipment health and triggering early interventions.
• Enables virtual training and skill-building for operators through realistic simulations.

Who Should Comply:

• Manufacturing IT teams, automation engineers, digital transformation leads, production managers, and industrial IoT system integrators in heavy industry.

Practical Implementation:

• Reduces reliance on manual intervention and parameter optimization.
• Facilitates optimal welding sequence planning, predictive defect correction, and process simulation.
• Increases uptime, quality control, and flexible adaptation to custom workpieces.

Key highlights:

• Real-time digital twin monitoring and early warning
• Process and parameter optimization for welding automation
• Predictive maintenance and operator training simulation

Access the full standard:View ISO/TR 23247-101:2026 on iTeh Standards

CEN ISO/TS 20451:2026 - Health Informatics: Medicinal Product Identification

Health informatics - Identification of medicinal products - Implementation for ISO 11616 data elements and structures for the unique identification and exchange of regulated pharmaceutical product information (ISO/TS 20451:2026)

This technical specification delivers a detailed framework for representing regulated pharmaceutical product information. Building on ISO 11616, it provides clear requirements for associating pharmaceutical products and groups with appropriate pharmaceutical product identifiers (PhPIDs), critical for regulatory authorities, drug traceability, and data exchange.

Scope and Key Requirements:

• Standardizes the implementation of ISO 11616 data elements/structures—including identifiers, substances, strengths, adjuvants, and devices—needed for unique identification and exchange of product data.
• Aligns closely with related standards: ISO 11238, ISO 11239, ISO 11240, ISO 11615, and international messaging standards like HL7.
• Enables precise, regulated data transmission of pharmaceutical information across jurisdictions and IT systems.
• Excludes off-label product usage but allows application alongside a range of existing health data models and regulatory messaging platforms.

Who Should Comply:

• Pharmaceutical regulators, informatics system developers, electronic health record vendors, healthcare IT managers, and drug manufacturers processing or exchanging product information.

Practical Implementation:

• Facilitates end-to-end traceability and unambiguous identification of medicines
• Supports data harmonization in diverse regulatory environments
• Enhances pharmacovigilance, recalls, and supply chain transparency

Key highlights:

• Unified schema for product identifiers and attributes
• Direct alignment with international health IT messaging and terminology
• Supports global compliance and national regulatory mandates

Access the full standard:View CEN ISO/TS 20451:2026 on iTeh Standards

ISO/IEC 30187:2026 - Evaluation Indicators for IoT Systems

Internet of Things (IoT) - Evaluation indicators for IoT systems

ISO/IEC 30187:2026 introduces a standardized set of evaluation indicators for Internet of Things (IoT) systems, providing a comprehensive foundation for system assessment across operational, architectural, and quality dimensions. The standard establishes profiles that serve as reference models, adaptable across vertical sectors or specialized IoT deployments.

Scope and Key Requirements:

• Categorizes indicators into three main areas: system architecture, system functionality, and system quality.
• Defines subcategories such as system management, compatibility/interoperability, sensing control, service support, trustworthiness, security, privacy, reliability, resilience, and physical security.
• Provides measurable guidelines and criteria to assess current or planned IoT systems, including checklists and evaluation methods.
• Emphasizes use-case adaptability—indicators may be extended or tailored for applications in healthcare, manufacturing, energy, and more.

Who Should Comply:

• IoT platform developers, solution architects, digital transformation strategists, IT auditors, and businesses deploying or managing IoT infrastructure.

Practical Implementation:

• Delivers a clear framework for benchmarking, gap analysis, and vendor/system selection
• Facilitates objective evaluation during system planning, deployment, and real-time monitoring
• Enhances cross-domain interoperability and compliance readiness

Key highlights:

• Structured evaluation model applicable across industry sectors
• Enables reliable, consistent measurement of IoT performance and security
• Supports ongoing system optimization and compliance assurance

Access the full standard:View ISO/IEC 30187:2026 on iTeh Standards

Industry Impact & Compliance

These May 2026 standards are transformative for organizations seeking trusted digital identity, robust automation, compliant pharmaceutical data management, and reliable IoT deployment:

• Business Value: Increased assurance in identity data, streamlined compliance with regulatory requirements (e.g., health, finance), streamlined industrial automation, trustworthy IoT adoption, and global harmonization of pharmaceutical product data.
• Compliance Considerations: Adopting these standards can smooth audits, accelerate regulatory approval processes, and provide clear benchmarks for data quality, privacy, and system resilience.
• Timelines: As these are newly published, organizations should begin evaluating implementation readiness, system changes, and supply chain adjustments now, as adoption requirements may become mandatory in future legislative updates or sectoral best practices.
• Risks of Non-Compliance: Delayed or incomplete implementation could lead to audit failures, interoperability breakdowns, regulatory sanctions, or reputational damage—especially where digital identity, health data, and IoT reliability are mission-critical.

Technical Insights

Common Technical Requirements:

• Standardized schemas (JSON, ID mappings) for data exchange and process representation
• Support for extensibility and interoperability across platforms and jurisdictions
• Strong focus on evidence-based assurance, data minimization, and measurable indicators
• Requirements for machine-readable requests, structured evidence, and trust frameworks
• Emphasis on security, privacy, and resilience (especially in IoT and identity contexts)

Implementation Best Practices:

1. Early Gap Analysis: Map your current systems against new standard requirements—especially schema elements and assurance processes.
2. Stakeholder Engagement: Work with compliance, IT, and operational teams to plan migration and training for updated processes and workflows.
3. Vendor Alignment: Ensure technology partners and vendors are following up-to-date specifications, particularly for new deployments or upgrades.
4. Certification and Auditing: Pursue independent certification (where available) and build in continuous monitoring systems for ongoing compliance.
5. Documentation and Traceability: Rigorously document data flows, verification processes, and evidence chains to facilitate effective auditing and troubleshooting.

Testing and Certification:

• Run full system and integration testing for OpenID assurance flows, digital twin implementations, IoT system architectures, and health data interchanges using provided guidelines and schemas.
• Validate real-world operations against measurable indicators to ensure performance and compliance.
• Pursue certification audits once standards are fully implemented, leveraging supporting annexes and checklists from each publication.

Conclusion / Next Steps

These five Information Technology standards, published in May 2026, set ambitious new benchmarks for identity assurance, healthcare data integrity, IoT system performance, and digital manufacturing. By adopting these standards, organizations can:

• Strengthen digital trust and compliance posture
• Optimize performance in manufacturing, health IT, and IoT
• Future-proof their operations against rapidly evolving regulatory and technical demands

Recommendations:

• Review each full standard to understand detailed requirements relevant to your business and regulatory context.
• Initiate cross-functional planning to prioritize adoption and system upgrades.
• Monitor the iTeh Standards platform for future parts in this series and ongoing updates.

Stay ahead of compliance and innovation curves—explore, implement, and lead with the latest Information Technology standards from May 2026.