London, 12 August 2025 - Keyless, the leader in privacy-preserving biometrics, has become the first and only company in the world to achieve the High-level certification for injection attack detection as defined by the European CEN/TS 18099 standard.

This certification, awarded to Keyless Anti-Inject Android mobile SDK, confirms that Keyless is the only vendor globally able to meet the injection attack requirements for Extended Level of Identity Proofing (LoIP) - a core condition for EUDI wallets looking to offer fully identity services under eIDAS 2.0.

Under the EUDI Wallet initiative, all EU citizens must be able to use a government-approved digital wallet to verify their identity online, and all wallets must become Qualified Trust Service Providers (QTSPs). 

To be able to onboard users remotely - a core aspect of any wallet - QTSPs must reach an Extended Level of Identity Proofing (LoIP) as outlined in the ETSI 119 461 standard. 

Extended LoIP can only be achieved if the wallet can detect and block injection attacks. To prove this, wallets must work with vendors that have passed a successful evaluation using the CEN/TS 18099 methodology at the High level - the most advanced form of protection available.

“If the identity proofing targets Extended LoIP, the biometric injection attack detection means shall be tested by an accredited laboratory according to TS 18099 level High (level 3) at the latest before the end of 2026.” - ETSI 119 461 p.45

Keyless Anti-Inject is now officially the first solution to pass an evaluation according to the CEN / TS 18099 at the High level.

The certification was granted by Cabinet Louis Reynaud through its certification body CLR CERT™, after a full technical audit in July 2025. During the test, Keyless Anti-Inject was subjected to a range of sophisticated injection attack scenarios. It withstood every single attempt.

“The Cabinet Louis Reynaud congratulates Keyless as the first injection attack detection product in the world to have achieved the High-level compliance against the CLR Cert™ IAD certification program using the CEN TS 18099 standard methodology,” said Stéfane Mouille, General Director of Cabinet Louis Reynaud. “This achievement is not to be taken lightly. Keyless stood up to all injection attack attempts we tested for.”

“EUDI Wallets have a long road ahead if they want to comply with eIDAS 2.0” said Andrea Carmignani, Co-Founder and CEO of Keyless. “They need Extended LoIP, and that means passing High-level injection attack testing. We’re proud that Keyless Anti-Inject is currently the only solution in the world that can help them get there.”

 

‍CLR Cert® is the conformity assessment body (CAB) of the Cabinet Louis Reynaud group, specializing in digital-era certification in the fields of digital identity, biometrics, cybersecurity for products and information systems, artificial intelligence, and trusted service providers. Based in La Ciotat, France, Cabinet Louis Reynaud is the editor of the European standard on biometric injection attacks, an associate member (shareholder) of France's CYBER CAMPUS, and an ANSSI-accredited evaluation center authorized to conduct biometric tests (PAD and IAD) under the certification framework for remote identity verification service providers (PVID).

Keyless is the leader in privacy-preserving biometric authentication, trusted by banks, fintechs, enterprises and governments to reduce account takeovers, secure high-risk actions, and improve operational efficiency. Available via app and web, its unique Zero-Knowledge Biometrics™ technology delivers multi-factor authentication in one glance in 300 milliseconds without storing biometric data anywhere. Keyless is ISO 27001, ISO 9001, and ISO 30107-3 accredited, and is the only company to hold both FIDO Biometrics and FIDO2 certifications. The company also meets the requirements of ETSI TS 119 461 and 319 401 standards for digital identity and trust services in Europe. Keyless operates globally across four offices in the UK, Italy, Singapore and the US.