Information Technology Standards: Key May 2026 Updates (Part 3)

The May 2026 release of new standards for Information Technology marks a pivotal moment for professionals seeking stronger security, effective data management, and streamlined digital operations. This edition, Part 3 of 7, covers five essential standards that drive trust, operational excellence, and compliance across sectors. These newly published specifications shape the future of cybersecurity evaluation, eInvoicing interoperability, biometric product testing, and robust electronic information management—offering actionable guidance and clear criteria for compliance and innovation.

Overview

The Information Technology and Office Equipment sector is constantly evolving, shaped by advances in digital transformation and new types of risks. Standards in this field provide a foundation for building secure, reliable, and interoperable systems—from secure identity verification to managing electronically stored records.

Professionals in IT, compliance, procurement, and engineering rely on these standards to:

• Strengthen cybersecurity postures
• Assure cross-border interoperability
• Ensure regulatory and legal compliance
• Support process optimization

This article walks you through the newly published May 2026 standards, outlining what they cover, who they apply to, and how to implement them for business value and compliance.

Detailed Standards Coverage

EN ISO/IEC 18045:2026 – Evaluation Criteria for IT Security: Requirements & Methodology

Information security, cybersecurity and privacy protection – Evaluation criteria for IT security – Requirements and methodology for IT security evaluation (ISO/IEC 18045:2026)

This standard provides a comprehensive framework for the conduct of IT security evaluations based on the ISO/IEC 15408 series. It specifies the responsibilities, steps, and evidence required from evaluators, including the evaluation of Protection Profiles and Security Targets. The methodology ensures a thorough and repeatable assessment of security properties for IT products and systems.

Key requirements include:

• Clear roles and responsibilities in the evaluation process
• Step-wise evaluation input, activities, and output
• Documentation and management of evaluation evidence

Organizations such as tech manufacturers, government agencies, and certification bodies must comply when certifying IT security. EN ISO/IEC 18045:2026 is critical for maintaining trust in commercial IT security products and ensures international alignment of evaluation approaches.

Key highlights:

• Aligned with ISO/IEC 15408 evaluation criteria
• Required for IT product certifications in regulated sectors
• Facilitates mutual recognition of IT security certificates internationally

Access the full standard:View EN ISO/IEC 18045:2026 on iTeh Standards

CEN/TS 16931-13:2026 – Electronic Invoicing Registry: Functional Specification & Guidance

Electronic invoicing – Part 13: Functional specification and guidance for the eInvoice Registry of CIUS and Extensions

This technical specification sets out the structure, governance, and functional requirements for the eInvoice Registry. The registry is designed to catalog Core Invoice Usage Specifications (CIUS) and Extension Specifications, enabling transparent discovery and management of eInvoicing standards across the public and private sectors.

Key requirements include:

• A public, structured, and transparent registry service
• Governance models defining roles and submission workflows
• Functional specifications for submission, verification, and metadata management

Targeted at software vendors, public authorities, and organizations issuing or processing electronic invoices, this standard supports compliance with EU directives and enhances interoperability across national and sectoral boundaries.

Key highlights:

• Facilitates discoverability and traceability of eInvoicing artefacts
• Supports regulatory compliance for electronic invoicing in the EU
• Enhances semantic interoperability for digital trade and public procurement

Access the full standard:View CEN/TS 16931-13:2026 on iTeh Standards

CEN/TS 18212-3:2026 – Evaluation Methodology for Biometric Products

Personal identification – Requirements for biometric products – Part 3: Functionality evaluation methodology

This standard defines a generic and robust methodology for evaluating the functional performance of biometric products. It applies to all types of biometric systems and tailors requirements through detailed application profiles. The document covers evaluation processes, types of tests (including attack resistance), use of test data, and data protection measures.

Who needs to comply: Biometrics vendors, integrators, certification bodies, public sector IT leaders, and system auditors. It serves as a conformity assessment foundation for those deploying or certifying biometric authentication technologies.

Key highlights:

• Defines common, scenario-based and attack resistance evaluation processes
• Addresses machine-learning-based product assessment
• Incorporates GDPR and data protection requirements throughout evaluation

Access the full standard:View CEN/TS 18212-3:2026 on iTeh Standards

ISO 15801:2026 – Trustworthiness & Reliability for Electronically Stored Information

Document management — Electronically stored information — Requirements and guidance for trustworthiness and reliability

ISO 15801:2026 specifies the essential requirements for managing electronically stored information (ESI) in a trustworthy and reliable manner. It encompasses a wide scope: from general ESI handling, policy formulation, and risk management to detailed operational procedures—including storage, transfer, retention, and disposal. The standard is applicable to organizations across all sectors managing long-term electronic records, supporting legal and regulatory compliance.

Key requirements include:

• Implementation of policies ensuring trustworthy ESI storage and access
• Detailed controls for information classification, retention, redaction, and disposal
• Coverage of ESI processes including format conversion, metadata management, encryption, and business continuity

This standard is essential for data managers, records officers, legal and compliance professionals, and anyone responsible for maintaining the reliability of ESI.

Key highlights:

• Framework for demonstrating ESI integrity and authenticity
• Guidance supports compliance with legal obligations for electronic records
• Addresses new technologies such as blockchain and robotic process automation

Access the full standard:View ISO 15801:2026 on iTeh Standards

ISO/IEC 15408-1:2026 – IT Security Evaluation: Concepts & General Model

Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 1: Introduction and general model

As the foundational part of the ISO/IEC 15408 series (Common Criteria), this standard sets out the fundamental concepts and general model for evaluating the security of IT products and systems. It introduces the Target of Evaluation (TOE) concept, outlines types of security requirements, and maps the relationships between threats, security objectives, and system design.

Applicable to certification bodies, IT system developers, and risk owners, ISO/IEC 15408-1:2026 provides a rigorous, global benchmark for security assurance—informing both product design and third-party evaluation.

Key highlights:

• Comprehensive security evaluation model for IT products
• Defines structure and content of Protection Profiles and Security Targets
• Central reference for product assurance and procurement in high-security environments

Access the full standard:View ISO/IEC 15408-1:2026 on iTeh Standards

Industry Impact & Compliance

These new and revised standards set clear compliance benchmarks and offer substantial advantages for businesses and public sector organizations:

• Compliance-readiness: Organizations can systematically meet international certification and legal requirements by aligning internal processes and procurement to referenced standards.
• Reduced risk: Implementing robust evaluation methodologies and trusted document management frameworks mitigates the risk of data breaches, legal penalties, and operational failures.
• Facilitated trade and cross-border cooperation: EInvoicing and biometrics standards support interoperability, streamline contracts, and enable alignment with EU and global frameworks.
• Reputation and customer trust: Adoption and certification to respected IT security and information management standards demonstrates a commitment to security and quality.

Compliance considerations:

• Determine applicable standards by evaluating the scope of IT systems, products, and business flows
• Initiate internal gap analyses and align policy updates with new requirements
• Engage with accredited conformity assessment bodies for certification
• Monitor revision cycles and regulatory updates to ensure continued compliance

Timelines for implementation often depend on sector regulations (e.g. public procurement, data privacy) and can be staged to reflect risk prioritization.

Technical Insights

Several technical themes cut across these May 2026 Information Technology standards:

• Evaluation Methodology Consistency: Both EN ISO/IEC 18045 and ISO/IEC 15408-1 provide structured, repeatable methods for IT product security evaluation—ensuring clarity and comparability.
• Trustworthy Record-Keeping: ISO 15801 ensures reliable retention, integrity, and legal admissibility of electronic information.
• Interoperable Digital Transactions: CEN/TS 16931-13 elevates eInvoicing, enforcing structure, transparency, and validation for B2G and B2B transactions.
• Advanced Biometric Testing: CEN/TS 18212-3 provides for both classic and AI/ML-driven biometric authenticator evaluation, taking into account attack resistance and privacy.

Best practices for implementation:

1. Establish cross-functional teams to assess relevant requirements for your business and IT infrastructure.
2. Map standards’ requirements onto existing processes—identify gaps in documentation, controls, and technical implementations.
3. Set clear roadmaps for technology updates, staff training, and external certification where needed.
4. Leverage standard-specific resources, such as registry services, accredited laboratories, and official testing protocols.
5. Document procedures and retain evidence of compliance to support audit and certification activities.

Testing and certification considerations:

• Align with accredited labs or assessment bodies familiar with EN ISO/IEC 18045, CEN/TS 18212-x, and ISO/IEC 15408 series.
• Ensure product lifecycle processes—from design and development through deployment and retirement—reflect best practices laid out in ISO 15801 and related documents.
• Involve legal, compliance, and security teams in selection and assessment of third-party vendors and platforms.

Conclusion & Next Steps

The May 2026 series of standards introduces essential frameworks and methods to secure digital transformation, safeguard electronic transactions, and uphold the trustworthiness of critical data. Whether you are responsible for IT risk, product development, regulatory compliance, or business operations, proactive adoption of these standards will:

• Improve audit readiness
• Enhance operational reliability
• Drive international interoperability

Recommendations for organizations:

• Review and update internal policies to align with the new requirements
• Prioritize training for teams affected by changes
• Initiate necessary certification and testing steps
• Plan for the lifecycle management of compliance and continuous improvement

Stay ahead in the evolving landscape of information technology—explore these standards in full at iTeh Standards, and subscribe for timely updates as regulations and best practices evolve.