ICAO’s Digital Travel Credentials: An Expert Breakdown

Intended to become an electronic alternative to physical passports, DTCs are a digital representation of an individual’s identity containing an identification dataset secured with advanced cryptographic measures.

As declared in ICAO’s guiding principles, DTCs must offer the same level of security as an electronic machine-readable travel document (eMRTD) and can be validated through the issuing authority’s public key infrastructure.

Currently, e-passport verification relies on the RFID chip embedded in the document. This chip typically contains data identical to the information in the visual inspection zone, as well as additional information, such as fingerprints. The chip’s authenticity and integrity are verified using cryptographic mechanisms that match the chip data against the printed information following the specified algorithms. 

The DTC concept builds on these mechanisms, offering a hybrid approach that includes both physical and virtual components—referred to as DTC-PC and DTC-VC, respectively. A DTC-VC is a cryptographically secured file with the holder’s digital identity, while a DTC-PC serves as the medium where the DTC-VC is stored.

Beyond security mechanisms, DTCs also adopt the logical structure of the RFID chip. The data in the digital representation aligns with the data groups (DGs) in the ePassport application on the chip. 

The holder can use their DTC-VC for remote identity verification (IDV) and present their DTC-PC in person, such as at a border crossing or airport checkpoint.

ICAO’s principles define three types of DTCs, which differ in how they are generated, stored, and presented by the holder:  

• DTC Type 1 (eMRTD Bound): In this case, the DTC-VC is generated by the user via a mobile app or self-service kiosk by reading the RFID chip in their passport. The user first completes NFC verification with the physical document, confirming the authenticity of both the passport and its chip. The DTC-VC is then created and linked to the verified passport. By the way, some platforms, such as Google Wallet, already provide this option for their US users.     

• DTC Type 2 (eMRTD-PC Bound): This option involves the passport-issuing authority, which generates the DTC-VC and cryptographically links it to the DTC‐PC. The DTC-VC carries the same passport number as the physical document, which can serve as a backup during verification.

• DTC Type 3 (PC Bound): Here, the DTC-VC is generated and digitally signed by the issuing authority without relying on an e-passport. The digital identity is linked solely to a DTC-PC only, excluding the e-passport from the process entirely. 

The table below provides a detailed comparison of these three types of DTCs:

In 2024, ICAO published High‐Level Guidance: Explaining the ICAO Digital Travel Credentials, offering deeper insights into this emerging technology, including the concept’s main purpose.

According to the document, DTCs are designed to enable seamless travel through a secure and globally interoperable approach. They also serve as a solution for states “seeking to deploy a digital companion and/or digital alternative to physical passports.”

DTCs can be used at several stages of the traveler journey, including:

• Identification and authentication in travel apps—providing advance passenger information (API) 

• Buying tickets

• Check-in and boarding through passenger name record (PNR) information

• Border crossing

Additionally, DTC Type 3 can serve as an emergency travel document with a photo for citizens who lose their physical travel documents, enabling them to return home or reach a location where a new document can be issued. QR codes, currently used for this purpose, lack the holder’s photo, making them less secure compared to DTCs. 

From ICAO’s perspective, the key feature of DTCs is that authorities can verify a traveler’s passport data before arrival. This framework benefits both parties:

• Inspectors can enhance pre-arrival screening by accessing fully trusted information, including facial biometrics (DTC-VC).

• Travelers can complete airport or border formal procedures faster and more seamlessly. After presenting their DTC‐PC, they are matched to the DTC-VC using facial recognition technology. Multiple DTCs can also be stored on a single physical device—for instance, a parent could carry digital IDs for their children, making them ideal for family or group travel. 

For airlines, DTC implementation provides another significant benefit: reducing costs associated with deportation fines. DTCs function as a more efficient and interoperable version of local travel authorization programs, such as ESTA in the USA. If a passenger fails a pre-check, their entry into the host country is blocked before departure. As a result, they are not allowed to board the flight, saving the airline from potential penalties.

Another group poised to benefit from DTC implementation is identity document issuing authorities. According to ICAO, managing the lifecycle of this form of identity may not necessarily depend on the lifecycle of the eMRTD. This means DTCs could eventually become a standalone, reliable alternative to physical passports. 

Key advantages for issuing states include smoother (and potentially cheaper) processes for ID issuance, invalidation, revocation, and renewal. For example, issuing authorities can invalidate DTCs by reporting them as lost, stolen, or canceled to the appropriate domestic and international bodies. This action would automatically invalidate all DTC-VCs linked to the corresponding eMRTD. However, the physical passport may remain valid, requiring the passenger to undergo traditional verification procedures.

Although DTCs are primarily designed for border processing, their potential applications extend far beyond. They can be used in any online identity verification process. Notably, in such cases, only biographic data is shared with the entity granting access to specific goods or services. As a result, inspectors can enhance their IDV procedures by accessing not only data in the machine-readable zone (MRZ) but also the holder’s photo, enabling them to cross-check against databases of blacklisted individuals or politically exposed persons (PEPs). For businesses in countries like Chile, where access to official databases with citizens’ biometrics is restricted, DTCs offer a valuable solution, as the holder’s photo is mandatory in the dataset.

Regardless of the use case and type of DTCs, the verification of these digital identities relies on the chain of trust. This cryptographic framework links DTCs to the issuing authority and the verifier through a unique digital signature. If the DTCs are altered, the chain of trust is broken, signaling a potential issue.    

The verifier must ensure both the authenticity and integrity of the DTCs using the issuer’s digital signature as a trust anchor. This mechanism is similar to Passive Authentication during RFID chip verification, where Document Signer (DS) and Country Signing Certificate Authority (CSCA) certificates are involved. 

From the user’s perspective, verifying DTCs is quick and seamless. For example, during the ICAO DTC‐1 pilot in the Netherlands, travelers generated their credentials via a mobile app and used them to board flights and pass border control. 

Here’s how the process worked:

1. Before the flight, passengers registered in the app, completing e-passport and selfie verification. 

2. This data was securely shared with all relevant entities in the passenger journey, including the airlines and border control authorities, enabling pre-arrival checks. 

3. At the airport, passengers with DTCs used a quick facial recognition check at the gate. The scanned image was matched with the DTC data. 

4. If the match was successful, the passenger proceeded to their destination.

Despite the pilot highlighting numerous issues with implementation and interoperability among all involved parties, DTCs pave the way for a new, more secure IDV reality for carriers and other businesses relying on them during customer onboarding or authentication. 

First, all customer data is digitally signed by an official body—ensuring the information is pre-verified, error-free, and trustworthy. Second, the identification data includes biometrics, specifically the holder’s photo, adding an extra layer of security to the process.

DTC enrollment represents the third phase in the evolution of the MRTDs. Visualized as a timeline, this journey starts with non-biometric MRTDs and culminates in DTC Type 3—a fully digital identity stored on a smart device. 

However, many countries are still in the early stages of issuing biometric passports on a large scale. Additionally, several key challenges must be addressed: 

Although ICAO has released documents outlining the technical specifications for DTC creation (e.g., The Technical Report on Virtual Component Data Structure and PKI Mechanisms), the work remains incomplete. Notably, only DTC Type 1 has been tested in practice. New test implementations may introduce compatibility challenges and potential security‐related incidents, requiring further discussion by ICAO’s Technical Advisory Group as they continue to refine the project. Without a globally recognized and proven framework, DTC implementation is currently limited to agreements between specific countries and airlines that adhere to local requirements.

Large-scale DTC adoption requires comprehensive upgrades across traveler touchpoints, encompassing both hardware and software. For instance, e-gates with biometric cameras and robust identity verification software must operate seamlessly. However, most airports lack passport-free gates, and many passport-issuing authorities struggle to adopt new digital identity formats.   

Legal actors like mobile operating system vendors, as providers of mobile digital wallets for DTC storage, might gain access to detailed personal data of the global population—a scenario ripe for high box-office movie plots. The risks of massive data breaches and illegitimate data use—both of which undermine the principles of national security—are pushing states to reconsider DTC implementation approaches. These frameworks must ensure that the holder becomes a key stakeholder, deciding on DTC issuance and use while maintaining control.

Ensuring secure data storage on mobile devices and robust access management remain a significant challenge, which both Apple and Google are actively working to address. Additionally, mobile operating systems (OSs) need to be prepared to handle the task of DTC-PC verification. To achieve this, the OS must emulate the behavior of an e-passport’s RFID chip, enabling DTC verification via NFC. The entire process is regulated by the ISO/IEC 14443 protocol.

According to ICAO, DTC-PC relies on the PACE protocol for secure communication between an ID reader and the application where DTCs are stored. What’s more, an encrypted channel must be established before any data can be read.

In practice, the ID reader must identify the presence of DTCs by reading EF.CardAccess, a chip feature that defines how data is securely accessed, authenticated, and used. Importantly, EF.CardAccess is not stored in the application, causing issues for mobile OSs that start the session by selecting an application. 

However, a solution exists. EF.CardAccess data can be transmitted via a QR code formatted in accordance with the IDB (ICAO Datastructure for Barcodes), which supports this type of transmission. Additionally, the CAN or MRZ can be also stored in the same QR code to access the chip via PACE. 

The challenge lies in current mobile OS limitations. For instance, OSs must first recognize an application ID to initiate emulation. Further complicating the issue, some manufacturers impose restrictions: Apple, for example, prohibits ISO/IEC 14443 emulation on its devices by default, hindering progress in DTC implementation. 

Once this hurdle is addressed, DTC adoption is expected to spread rapidly, driven by support from digital businesses—primarily banks, which could use DTCs to onboard new customers with minimal friction.

According to ICAO’s principles, countries issuing e-passports aren't obliged to change their current process to comply with this brand-new standard unless they choose to issue DTCs. This means DTC adoption will occur voluntarily, and widespread implementation will take time.

Notably, the eMRTD Bound (Type 1) is the closest to implementation due to its simplicity and ease of generation. Meanwhile, eMRTD-PC Bound (Type 2) is likely several years away from widespread use. Given the current infrastructure, DTC Type 3 is anticipated to become viable only in the next decade.

For the foreseeable future, this reinforces the role of physical passports as the primary and most reliable verification measure.

While DTCs are still at their early stages, Regula already offers reliable NFC verification technology capable of processing electronic identity documents and supporting all DTC types.