ISO/DIS 25500-3:2026(en)

ISO TC 184/SC 5

Secretariat: ANSI

Date: 2025-11-17

Supply chain interoperability and integration – Part 3: Verification of trading entity identity

© ISO 2026

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: +41 22 749 01 11

Email: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents

Foreword 2

Introduction 3

1 Scope 5

2 Normative references 5

3 Terms and definitions 5

3.1 authoritative legal entity identifier 6

3.2 authoritative identifier 6

3.3 authoritative source 6

3.4 callback security 6

3.5 citizenship type 6

3.6 concept encoding 6

3.7 dataset 6

3.8 date of origin 7

3.9 identifier 7

3.10 identifier issuer 7

3.11 industrial internet 7

3.12 international business identifier 7

3.13 international business registration number 8

3.14 jurisdiction 8

3.15 jurisdiction of domestic registration 8

3.16 know your customer 8

3.17 know your supplier 8

3.18 legal entity 8

3.19 legal form 8

3.20 legal name 9

3.21 legal status 9

3.22 prefix name server 9

3.23 proxy identifier 9

3.24 quality identifier 9

3.25 register 9

3.26 service address 9

3.27 trading entity 9

4 Trading entity identity verification and other data: Requesting data from an authoritative legal entity register 10

4.1 General 10

4.2 Verify: Request and reply for IBID verification 10

4.2.1 Request for IBID verification 10

4.2.2 Reply to request for IBID verification 10

4.3 Resolve: Request and reply to the request for resolution of an IBID or IBRN to other data associated with the trading entity 10

4.3.1 Request for IBID or IBRN resolution 10

4.3.2 Reply to request for IBID or IBRN resolution 11

4.4 Search: Request and reply for IBID or IBRN or ALEI search through legal name 11

4.4.1 Request for IBID, IBRN, or ALEI through legal name search 11

4.4.2 Reply to request for IBID, IBRN, or ALEI through legal name search 11

5 Conformance 11

Annex A (informative) Document identification 12

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 184, Automation systems and integration, Subcommittee SC 5, Interoperability, integration, and architectures for enterprise systems and automation applications.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

The effectiveness, efficiency, and security of a supply chain can be increased with standards to create greater interoperability and integration across applications, facilities, companies, and borders. At each step of the supply chain from planning, sourcing, making, delivering, and returning, buyers and suppliers need a standard way to quickly identify and verify legal trading entities to limit corporate identity theft and potentially fraudulent transactions.

A legal entity is created when it is formally recognized by the governing body of a nation, state or community that has the authority to set and enforce laws relating to property and trade. The most common way for a business to obtain legal status is through registration of its legal name in an authoritative business register. The business register creates a record and assigns a local record number; this is the authoritative legal entity identifier (ALEI). A business formed in one jurisdiction, the domestic registration, may also need to register as a legal entity in another jurisdiction where it regularly conducts business, which is called a foreign registration. Some legal entities, like government agencies are typically formed through legal actions such as proclamations, regulations, and acts and are not typically referred to by an identifier within those acts. Thus, a government agency’s legal name is its ALEI.

Some legal entities attain proxy identifiers (identifiers issued by an organization that is not the originator of the legal entity or object identified) through various sources and there are no requirements for proxy identifier issuers for the assignment of and access to the proxy legal entity identifiers (or the datasets they represent) that they control. However, every legal entity has a government issued, verifiable authoritative identifier, an ALEI, issued at its formation by the governing body under which it was created and that maintains its legal existence; this governing body is the authoritative source of data on that legal entity. As part of the supply chain meeting know your customer (KYC) and know your supplier (KYS) demands, each legal entity can be verified with the authoritative source. This verification is typically done by either searching its online database, with its own structure and terminology, or asking (via phone call, email, fax, or postal mail) an employee of the governing body to search its paper or electronic documents to verify the entity’s details. These methods are not suited for automated processing and add time and cost to the verification process, especially for buyers or suppliers looking to verify a large number of current or potential trading partners or government agencies looking to verify the identities of a large number of entities or which wish to do so as part of regular verification processes of any legal entities for which or on which they process data.

What is needed is a reliable and low-cost process for stating and verifying the identity, legal status, and other data of trading entities, both for individual trading entities as well as lists of hundreds or thousands of them. This is needed in the supply chain and for government agency operations such as to implement regulations or for business registers to verify the domestic registrations of businesses seeking to attain or renew foreign registrations in their jurisdictions.

ISO 8000-116 is the international standard for formatting a local ALEI as a globally unique international business registration number (IBRN) by adding a prefix that identifies the issuing authoritative government register. ISO 8000-116 describes how to create a prefix for a register in an internationally recognized jurisdiction. The ISO 25500 international business identifier (IBID) combines the three essential data elements for definitive identity verification – the IBRN, legal name, and date of origin as eight numeric characters (YYYYMMDD) – into a simple verifiable string of characters with a pipe character (U+0007C) as a separator between each data element; the IBID is presented as an ISO 8000-115 quality identifier that has ISO.IBID as the prefix, followed by a colon, followed by the string of characters. This document provides methods to verify trading entity identity data from the authoritative source, specifically the format of and automated request types (verify, resolve, and search) and replies.

It is recommended to use the industrial internet (see ISO 25500-1 and ISO 25500-100) to implement this document; the industrial internet is an efficient and trusted environment for data sharing to occur that uses callback security where the legal identity of the party requesting data verification and the legal identity of the party replying to the request are verified. This is achieved by using registered ISO 8000-115 compliant prefixes for both parties and routing the requests and the replies through a prefix name server (PNS). The prefix records in the PNS make publicly visible only the verified IBID of the prefix owner; this enables both parties to know the sending or responding entity’s verified legal identity at the same time as it protects their privacy by keeping confidential their electronic address information used for the exchange of verified data.

Supply chain interoperability and integration – Part 3: Verification of trading entity identity

To verify trading entity identity data with the authoritative source, this document specifies the requirements for formatting requests and replies to request types: verify, resolve, and search. The following are within the scope of this document:

— terms related to international business registration numbers (IBRNs) and international business identifiers (IBIDs) and the dataset used for verification of trading entities

— the syntax requirements and application protocol interface (API) for a request and response to a request for the verification of an IBID to verify trading entity identity data (verify)

— the syntax requirements and API for a request and reply to the request for resolution of an IBID or IBRN to other data associated with the trading entity (resolve)

— the syntax requirements and API for a request and response to a request to search for an IBID, IBRN, or authoritative legal entity identifier (ALEI) given a legal name (search)

The following are outside the scope of this document:

— the methods used for the resolution of IBIDs and IBRNs by the register that issued the ALEI

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 8000‑114, Data quality — Part 114: Master data: Application of ISO/IEC 21778 and ISO 8000-115 to portable data

ISO 8000‑115, Data quality — Part 115: Master data: Exchange of quality identifiers: Syntactic, semantic and resolution requirements

ISO 8000‑116, Data quality — Part 116: Master data: Exchange of quality identifiers: Application of ISO 8000-115 to authoritative legal entity identifiers

ISO 8601‑1, Date and time — Representations for information interchange — Part 1: Basic rules

ISO/DIS 25500‑1, Supply chain interoperability and integration — Part 1: Overview and principles of the industrial internet

ISO/DIS 25500‑2, Supply chain interoperability and integration — Part 2: Vocabulary

ISO/DIS 25500‑100, Supply chain interoperability and integration — Part 100: Verification of supply chain data

For the purposes of this document, the terms and definitions given in ISO 25500-2 and the following apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at https://www.electropedia.org/

NOTE Prior to publication of this document as an International Standard, the following terms and definitions will be published in ISO 25500-2 and removed from this document.

3.1

authoritative legal entity identifier

ALEI

identifier assigned by the government agency that has granted and maintains an entity’s legal existence including its right to enter into legally binding contracts

EXAMPLE An identifier assigned by a government business register to reference a registered business.

Note 1 to entry: Government agencies are typically formed through legal actions such as proclamations, regulations, and acts and are not typically referred to by an identifier within those acts. Thus, a government agency’s legal name is its ALEI.

Note 2 to entry: ISO 8000-116 specifies how to represent the ALEI as an ISO 8000-115 compliant quality identifier making it an international business registration number (IBRN) while the ISO 25500-3 formatted international business identifier (IBID) includes the IBRN as part of a string that is used to definitively identify a legal entity

3.2

authoritative identifier

identifier issued by an entity that is the originator of the legal entity or object identified or that is a legal authority

EXAMPLE The original part manufacturer issues the authoritative identifier for that part. Distributors can also assign identifiers, which are proxy identifiers (not authoritative identifiers).

Note 1 to entry: An authoritative legal entity identifier is an authoritative identifier issued by a governing authority that granted and maintains its legal existence

[SOURCE adapted from ISO 8000-2]

3.3

authoritative source

originator of the legal entity or object identified

3.4

callback security

system used for protecting a computer network and its users, in which a user calls into a computer, which checks the person's username and password, ends the call, and then calls back the number or other form of address connected with that username and password

3.5

citizenship type

jurisdictional authority of legal entity’s registration

Note 1 to entry: Registrations that have their initial formation within the jurisdictional authority are domestic registrations; registrations that are granted to an entity that has a domestic registration outside of the jurisdictional authority are foreign registrations

3.6

concept encoding

technique of replacing natural language terms in a message with quality identifiers that reference data dictionary entries

3.7

dataset

characteristic data that describes the object or legal entity identified

3.8

date of origin

date of creation of a legal subject or object

3.9

identifier

string of characters created by an organization to reference a data set

[SOURCE: ISO 8000-2]

3.10

identifier issuer

legal entity that issued the identifier referenced and so can resolve the identifier to the dataset it represents

Note 1 to entry: ISO 8000-115 specifies how a globally unique, registered prefix placed before an identifier indicates the identifier owner or issuer

Note 2 to entry: ISO 8000-116 specifies how to identify a legal entity through an international business registration number (IBRN) and ISO 25500-1 describes how to construct an international business identifier (IBID) to definitively identify a legal entity

3.11

industrial internet

efficient and trusted environment for sharing industrial data using callback security where the legal identity of the party requesting data verification and the legal identity of the party replying to the request are verified

Note 1 to entry: This is achieved by using registered ISO 8000-115 compliant prefixes where each prefix owner is identified with an ISO 25500-3 international business identifier, IBID. The IBID can be verified with the authoritative source as an active registration of a legal business. Routing the requests and the replies through an ISO 8000 prefix name server maintains the confidential electronic address information used for the exchange of verified data between known, verified legal entities.

Note 2 to entry: Adoption of the ISO 25500-1 supply chain data formatting contract clause supports the implementation of the industrial internet.

3.12

international business identifier

IBID

String of characters consisting of the three fields separated by the vertical line or pipe character (U+0007C) that uniquely identify a trading entity: the ISO 8000-116 formatted International Business Registration Number (IBRN), the legal name, and the date of origin as eight numeric characters (YYYYMMDD). This is presented as an ISO 8000-115 quality identifier that has ISO.IBID as the prefix, followed by a colon, followed by the string of characters.

Note 1 to entry: Some legal entities, such as government entities, gain and maintain their legal status through an act, proclamation, or regulation, and are not entered with an identifier at time of formation by the government authority that has originated them. For legal entities without a government issued identifier granted and entered into a register at time of formation, their legal name serves as their identifier. For these entities, the IBID consists of two fields separated by the vertical line or pipe character (U+0007C) that uniquely identify a trading entity: the ISO 8000-116 formatted International Business Registration Number (IBRN) and the date of origin as eight numeric characters (YYYYMMDD).

EXAMPLE 1 A corporation entered under the file number 3031657 and legal name Code Management Association into the business entity register of the United States’ state of Delaware on 1999-04-20 has an IBID of ISO.IBID:US-DE.BER:3031657|Code Management Association|19990420

EXAMPLE 2 An individual born 1922-01-17 and entered under the sequential number 54 and legal name Betty Marion White into the vital records register of the United States’ state of Illinois has an IBID of ISO.IBID:US-IL.VR:54|Betty Marion White|19220117

EXAMPLE 3 A government entity formed by the United States, through being signed into law on 1789-09-02, under the legal name of the Department of the Treasury has an IBID of ISO.IBID:US.GOV:Department of the Treasury|17890902

3.13

international business registration number

IBRN

ISO 8000-116 formatted identifier assigned to reference a legally authorised trading entity by a register maintained by the administrative agency for a governing body of the nation, state, or community with the authority to grant or terminate legal status to an entity including the entity’s legal right to enter legally binding contracts within a jurisdiction

Note 1 to entry: Businesses typically gain, preserve, and lose their legal status through entrance and maintenance in a government business register but not all entities receive legal status through inclusion in such a register database. For legal entities that are not added to a register database, one refers to the documents of formation that granted the entity its legal status such as proclamations, acts, or regulations for government entities. For such government entities, the legal entity may not be referred to by an identifier so its legal name also serves as its identifier with .GOV as the prefix subdomain element.

EXAMPLE 1 Code Management Association was formed in and is a registered corporation in the US state of Delaware (jurisdiction code: US-DE) where the Business Entity Register (register reference: BER) is maintained by the Division of Corporations. The business registration number for Code Management Association inside the Delaware Business Entity Register is 3031657. Code Management Association's IBRN is US-DE.BER:3031657.

EXAMPLE 2 The IBRN for the United States Department of the Treasury is “US.GOV:Department of the Treasury” as it is a government entity (.GOV) formed when a congressional act was signed into law by President George Washington on 1789-09-02, in the legal jurisdiction is the United States (US) and its legal name is Department of the Treasury.

3.14

jurisdiction

territory within which a court of law exercises its authority

Note 1 to entry: ISO 8000-116 defines how a jurisdiction prefix is created using ISO 3166-1 and ISO 3166-2 (country and subdivision codes)

3.15

jurisdiction of domestic registration

jurisdiction where a legal entity has its registration for its initial formation

Note 1 to entry: foreign registrations (see Note 1 under citizenship type) are dependent on domestic registrations so any legal entity with a foreign registration should have its registration verified with the authoritative source in its jurisdiction of domestic registration

3.16

know your customer

KYC

process to verify the identity of a customer to prevent fraud, financial crime, money laundering, terrorism financing, sanctions’ and other violations, and sale of items (for example, pharmaceuticals or other controlled goods) to inappropriate buyers, as well as to facilitate corporate social responsibility policies

3.17

know your supplier

KYS

process to verify the identity of a supplier to facilitate strategic sourcing, corporate social responsibility policies, risk reduction, fraud prevention, or the completion of other commitments, requirements, or goals

3.18

legal entity

physical or juridical person granted legal status by the governing body of a nation, state or community

[SOURCE ISO 8000-2]

3.19

legal form

legal structure that an organization is within the legal or regulatory system under which it is formed

Note 1 to entry: It includes, but is not limited to, both unincorporated forms and incorporated forms.

3.20

legal name

name of the organization as recorded in the authoritative legal entity registry where the organization was formed

3.21

legal status

code representing standing of registration

Note 1 to entry: active or inactive are common status codes

3.22

prefix name server

PNS

ISO 8000-115 compliant register of prefixes with globally unique prefix records that contain the legal owner of any identifier with that prefix and provides an electronic address to resolve the identifier to the data set it represents as well as any use restrictions.

3.23

proxy identifier

value-added identifier

identifier issued by an organization that is not the originator of the legal entity or object identified

[SOURCE adapted from ISO 8000-2]

3.24

quality identifier

ISO 8000-115 compliant identifier where a registered and globally unique prefix is used to identify the legal owner of the identifier and provides an electronic address to resolve the identifier to the dataset it represents as well as any use restrictions.

3.25

register

business register

register maintained by the administrative agency for a governing body of the nation, state, or community with the authority to grant or terminate legal status to an entity including the entity’s legal right to enter legally binding contracts within a jurisdiction

EXAMPLE In the state of Delaware (in the United States), the Division of Corporations is the administrative agency that issues identifiers for juridical persons represented on documents of formation. This agency maintains the authoritative legal entity register for corporations in the state of Delaware.

Note 1 to entry: For legal entities that are not added to a register database, one refers to the documents of formation that granted the entity its legal status such as acts or regulations for government entities.

3.26

service address

legal service address

official address for directors and company secretaries, which is publicly available in the business register and used for official correspondence including sending legal documents, contracts, and court proceedings

3.27

trading entity

contracting entity

legal entity (such as an individual, business, government agency), involved in buying or selling in the supply chain, which has been granted legal existence and right to enter into a legally binding contract and be a party in court through its creation and maintenance of active legal status by a government agency

Note 1 to entry: ISO 8000-116 specifies how to identify a trading entity, or any legal entity, through an authoritative legal entity identifier, identifier issued by government authority originating it, formatted as an international business registration number (IBRN); ISO 25500-3 describes how to construct an international business identifier (IBID) to definitively identify a trading entity or any legal entity with ISO 8000-115 compliant prefix of ISO.NLI and the entity’s IBRN, legal name, and date of origin; and ISO 25500-3 describes how to verify trading entity data with the authoritative source through an automated process.

For verifying trading entity identity data from the authoritative source, 4.2 – 4.4 provide the implementation information for three types of requests - verify, resolve, and search - and replies to these three requests.

A request for IBID verification is the simplest, fastest way to verify trading entity identity.

A request to resolve an IBID or IBRN is a request to the register to provide the complete dataset it is willing to share to verify what the identifier represents.

A request to search is a request to the register with the requestor sending the trading entity’s legal name and the register reply is the possible matching ISO 25500-3 formatted IBID (first preference) or ISO 8000-116 formatted IBRN (second preference) or ALEI (third preference), which may then be resolved (4.3.1 and 4.3.2).

NOTE If the industrial internet (as described in ISO 25500-1 and ISO 25500-100) is used, the requestor would include its ISO 8000-115 prefix in its requests (4.2.1, 4.3.1, and 4.4.1).

A request for IBID verification shall be sent to the register identified by its ISO 8000-116 prefix and shall contain:

— The ISO 25500-3 formatted IBID of the requestor

— The ISO 8000-116 prefix for the respondent (jurisdiction where the entity to be verified is registered)

— The ISO 25500-3 formatted IBID for which verification is requested

A reply to a request for identifier verification shall be sent to the requestor and contain one of the following:

— IBID syntax (formatting) error

— IBID data error

— Request denied

— Timed out

— IBID verified correct

A request for IBID or IBRN resolution shall be sent to the register identified by its ISO 8000-116 prefix and shall contain:

— The ISO 25500-3 formatted IBID of the requestor

— The ISO 8000-116 prefix for the respondent (jurisdiction where the entity to be verified is registered)

— The ISO 25500-3 formatted IBID or ISO 8000-116 formatted IBRN for which data is requested

A reply to a request for other trading entity data shall be sent in ISO 8000-114 interoperable data format (.idf) to the requestor and consist of one of the following:

— IBID syntax (formatting) error

— IBID data error

— Request denied

— Timed out

— Data (in .idf format)

NOTE A recommended minimum dataset contains legal name, ALEI or ISO 8000-116 formatted IBRN, date of origin, legal status, citizenship type, jurisdiction of domestic registration, legal form, and legal service address

A request for identifier shall be sent to the register identified by its ISO 8000-116 prefix and shall contain:

— The registered ISO 25500-3 formatted IBID of the requestor

— The ISO 8000-116 prefix for the respondent (jurisdiction where the entity to be verified is registered)

— The legal name of the trading entity to be searched

A reply to a request for identifier shall be sent to the requestor and contain one of the following:

— Legal name not found in this jurisdiction

— Request denied

— Timed out

— ISO 25500-3 formatted IBID

— ISO 8000-116 formatted IBRN and legal name

— ALEI and legal name

Trading entity data verification conforms to this document when 4.2.1, 4.2.2, 4.3.1, 4.3.2, 4.4.1, and 4.4.2 are applied.

1. 
   (informative)
   
   Document identification

To provide for unambiguous identification of an information object in an open system, the following object identifier is assigned to this document. The meaning of this value is defined in ISO 10303-1.

{ iso standard 25500-3 version(1) }