April 2026: Major Information Technology Standards for Identity, Cloud, and Health Data Released

In April 2026, the international standards landscape for Information Technology and Office Equipment underwent substantial development, with five significant standards published—each addressing critical needs in digital identity, health informatics, and secure, interoperable cloud computing. This third installment in our four-part coverage series provides industry professionals, compliance managers, and technical decision-makers an in-depth look at this month's standards that are set to shape IT infrastructure, mobile applications, and digital health for years to come.

Overview / Introduction

Information Technology (IT) continues to transform global operations, from mobile identity management to healthcare data exchanges and cloud system design. Standards are vital to ensure interoperability, security, and best practices across distributed and evolving IT ecosystems. By establishing consistent frameworks, technical vocabulary, and clear requirements, these new April 2026 standards help organizations futureproof their digital operations and align with emerging regulatory and market needs.

In this article, we analyze:

• Mobile eID system building blocks (data models, encoding, protocols)
• Ontology frameworks for medicinal product identification in health informatics
• Core cloud computing concepts and architectural models

You'll gain actionable insights into what each standard covers, technical requirements, and how adopting these standards can mitigate risks, enhance compliance, and drive operational excellence.

Detailed Standards Coverage

ISO/IEC TS 23220-2:2026 - Data Objects and Encoding Rules for Generic eID Systems

Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 2: Data objects and encoding rules for generic eID systems

This technical specification defines how data objects are structured and encoded for generic electronic identification (eID) systems on mobile devices. ISO/IEC TS 23220-2:2026 focuses on standardizing:

• Data models for exchanging credentials and identity attributes between mobile document (mdoc) apps and verification systems
• Encoding rules, including formats for identifiers, fields, namespaces, and meta-attributes, supporting high levels of interoperability

The standard is essential for organizations that design, implement, or maintain mobile eID systems, whether for government, financial, or private-sector credentials. It covers:

• Data formats for typical attributes (name, birth date, credentials)
• Secure data element ordering and encoding (e.g., CBOR, JSON)
• Mechanisms to ensure data authenticity and trust
• Cipher suite recommendations (TLS, HMAC, signature algorithms)

Major technical updates from the previous edition include clearer specifications for complex attributes (e.g., birth dates with unknown components) and additions like the CDDL schema for relationship attributes. These changes enhance extensibility and integration with evolving mDL (mobile driving licence) solutions.

Key highlights:

• Standardized generic data models for mobile eID verification
• Detailed encoding rules for secure, interoperable exchange
• Foundation for aligning with global digital identity initiatives

Access the full standard:View ISO/IEC TS 23220-2:2026 on iTeh Standards

ISO/IEC TS 23220-4:2026 - Protocols and Services for the Operational Phase of Mobile eID

Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 4: Protocols and services for operational phase

This new release provides a comprehensive set of protocols and services needed during the operational phase of a mobile eID or mdoc system. ISO/IEC TS 23220-4:2026 addresses:

• Communication interfaces between mdoc apps, readers, and issuing authorities
• Transport protocols for both proximity (RF, NFC, BLE, Wi-Fi Aware) and remote (internet) use cases
• Request-response application layers for data retrieval and security operations
• Security mechanisms for authentication (issuer, mdoc, credential holder), integrity, and trust establishment

Organizations deploying national eID schemes, mobile driver’s licenses, or other secure mobile credentials will benefit from the interoperability and end-to-end security provisions in this standard. It helps ensure that:

• Credential data is safely retrieved and verified
• Authentication workflows resist impersonation and tampering
• Both proximity and remote engagement scenarios are covered
• Implementation profiles can be tailored but remain conformant

Exclusions include provisioning processes and storage key requirements (covered in other standards), allowing entities to focus on secure operational communication.

Key highlights:

• Protocols for secure, reliable mobile eID interaction (NFC, BLE, Wi-Fi, internet)
• Security models for multi-party authentication and credential integrity
• Operational guidance for national and international eID deployment

Access the full standard:View ISO/IEC TS 23220-4:2026 on iTeh Standards

CEN ISO/TS 21405:2026 - IDMP Ontology Methodology for Health Informatics

Health informatics — Identification of medicinal products — Methodology and framework for the development and representation of IDMP ontology (ISO/TS 21405:2026)

This specification introduces a standardized methodology to develop and represent ontologies supporting the family of ISO Identification of Medicinal Products (IDMP) standards. The goal is to enable deep, semantic interoperability across regulatory, healthcare, and pharmaceutical domains, based on FAIR (Findable, Accessible, Interoperable, Reusable) principles.

Key focus areas include:

• A framework for constructing ontologies that model IDMP data concepts, properties, and relationships
• Methodologies for governing collaborative ontology development, aligned with evolving ISO standards
• Support for unambiguous, automated reasoning about drug and medicinal product attributes
• Guidance for agile adaptation to new regulatory requirements and use cases (e.g., regional differences)

The standard is invaluable for regulatory authorities, health informatics vendors, pharmaceutical manufacturers, and healthcare data integrators seeking to harmonize drug data and enhance safety monitoring.

Unlike a technical implementation or a step-by-step guide to ontology construction, it provides the methodology and use case scenarios to support jurisdiction-agnostic, reliable medicinal product identification.

Key highlights:

• Framework for IDMP ontology supporting automated, semantic interoperability
• Aligns health IT data with global regulatory and pharmacovigilance needs
• Enabler for drug safety, supply chain, and multi-jurisdictional compliance

Access the full standard:View CEN ISO/TS 21405:2026 on iTeh Standards

EN ISO/IEC 22123-2:2026 - Cloud Computing Concepts

Information technology — Cloud computing — Part 2: Concepts (ISO/IEC 22123-2:2023)

EN ISO/IEC 22123-2:2026 collates and expands upon core concepts and terminology in cloud computing, building on the foundational vocabulary of ISO/IEC 22123-1. This makes it an essential reference for anyone designing, procuring, or managing cloud solutions.

Coverage includes:

• Foundational cloud characteristics (on-demand self-service, scalability, multi-tenancy, measured service)
• Service and deployment models (IaaS, PaaS, SaaS, and more)
• Roles and stakeholder responsibilities across the cloud lifecycle
• Cross-cutting issues: security, privacy, auditability, governance, and regulatory implications
• Data flow, virtualization, multi-provider integration

Adoption enables:

• Consistent communication and architecture documentation
• Alignment with international best practices for cloud service provisioning
• Improved cloud procurement and vendor evaluation

This standard is useful for IT architects, managers, procurement specialists, and auditors responsible for adopting public, private, hybrid, or multi-cloud environments.

Key highlights:

• Comprehensive reference for cloud computing concepts and models
• Common language to support global interoperability and integration
• Foundation for compliance and cross-border operations

Access the full standard:View EN ISO/IEC 22123-2:2026 on iTeh Standards

EN ISO/IEC 22123-3:2026 - Cloud Computing Reference Architecture

Information technology — Cloud computing — Part 3: Reference architecture (ISO/IEC 22123-3:2023)

The third part of the ISO/IEC 22123 cloud computing series provides the foundational hands-on reference architecture for cloud solutions. EN ISO/IEC 22123-3:2026 outlines:

• Cloud architecture goals and multi-viewpoint models
• User, functional, implementation, and deployment views
• Functional components and layers, including resource/service/access tiers
• Cross-cutting aspects: security, privacy, auditability, interoperability
• Roles of cloud service customers, providers, and partners

Using this standard, organizations can design and evaluate cloud computing infrastructures and services for compliance, security, and operational effectiveness. It supports:

• Solution architects and IT service designers
• Procurement and governance teams aligning requirements with global best practices
• Cloud service providers demonstrating international compliance

Key highlights:

• Architectural blueprint for designing and evaluating cloud-based systems
• Layered approach supports portability, interoperability, and scalability
• In-depth guidance for aligning technical and business objectives

Access the full standard:View EN ISO/IEC 22123-3:2026 on iTeh Standards

Industry Impact & Compliance

Business Implications

The April 2026 IT standards are more than just technical documents—they are tools for risk minimization, operational enhancement, and competitive differentiation:

• Mobile eID standards (ISO/IEC TS 23220-2 & 23220-4): Ensure robust privacy, secure user authentication, and regulatory compliance for government, transportation, financial, and healthcare sectors.
• Health informatics (CEN ISO/TS 21405): Supports safe, interoperable medicinal product data exchange, underpinning pharmacovigilance, regulatory reporting, and research.
• Cloud standards (EN ISO/IEC 22123-2 & 22123-3): Drive consistent cloud adoption frameworks, streamline multi-cloud strategies, and ensure cross-border interoperability and compliance.

Compliance Considerations

• Stakeholders should assess their current systems for alignment
• Implementation of these standards may become a mandatory requirement for public tenders, audits, and licensing in the near future
• Early adoption supports smoother certification and audit processes

Benefits

• Reduced vendor lock-in through standardized models
• Easier system integration and upgrades
• Enhanced data security and process transparency

Risks of Non-Compliance

• Increased exposure to data breaches, audit findings, or regulatory penalties
• Reduced interoperability and higher future migration costs
• Inability to meet customer, patient, or governmental expectations

Technical Insights

Common Technical Themes

• Interoperability: Standardized data models and protocols (e.g., CBOR, JSON, semantic ontologies) enable seamless connections across disparate systems and stakeholders
• Security: Each standard embeds scalable cryptographic mechanisms (TLS, signature algorithms, secure authorizations) and trust models for both device and server contexts
• Scalability and Extensibility: Modular architectures (cloud reference and eID) allow organizations to adopt, expand, and update solutions over time

Implementation Best Practices

1. Gap Analysis: Map current IT, health, or cloud architectures against new standard requirements
2. Phased Rollout: Start with core compliance features, then gradually integrate advanced capabilities
3. Training & Competence: Educate technical, compliance, and business teams on implications and processes
4. Vendor Collaboration: Ensure technology partners align with the latest standards, particularly for cloud, eID, or health IT systems

Testing and Certification

• Utilize certified test tools and frameworks to validate implementations (where available)
• Build documentation trails for auditability
• Engage with national standards bodies or accredited labs for third-party certification

Conclusion / Next Steps

The April 2026 release of these five international standards marks a pivotal moment for digital identity, cloud computing, and health informatics. By harmonizing terminology, interoperability, security, and architecture, these standards reduce operational risks, improve data quality, and prepare organizations for future innovations and compliance landscapes.

Key recommendations:

• Conduct a thorough review of how new standards affect your organization’s IT assets, compliance standing, and strategy
• Develop an action plan for adoption and staff training
• Collaborate with peers, regulators, and certification authorities to ensure smooth implementation

Stay ahead—explore these standards in detail and ensure your operations are future-ready with iTeh Standards as your trusted resource for up-to-date international best practices.