Mobai AS Achieves ISO/IEC 27001:2022 Certification: Security You Can Count On

Trust is earned, not claimed

At Mobai, we have always believed that trust is not something you claim, it is something you earn, demonstrate, and continuously prove. Today, we are proud to announce that Mobai AS has officially obtained ISO/IEC 27001:2022 certification, the world's leading standard for Information Security Management Systems (ISMS). We used DNV as our auditors and our certification came into effect from 30 march 2026. This milestone is the formal, independently verified expression of a commitment that has been at the heart of our company since day one: to make digital identity secure, private, and accessible for everyone.

What is ISO/IEC 27001 and Why does it matter?

ISO/IEC 27001 is the internationally recognised gold standard for information security management, published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It defines what it means for an organisation to systematically identify, manage, and reduce risks to the security of information it holds and processes. Critically, it is not self-declared. Achieving it requires a rigorous, independent audit by an accredited certification body. First a review of how your security management system has been designed, then a thorough assessment of whether it actually operates as documented.

With over 70,000 certificates issued across 150 countries, ISO/IEC 27001 is the benchmark that customers, regulators, and partners around the world use to judge whether a technology company can genuinely be trusted with sensitive data. For a company like Mobai, whose core technology processes facial biometrics, liveness detection signals, and digital identity proofing data. This standard is not an optional extra. It is the right thing to do.

Security has always been in our DNA

Mobai was founded as a spin-off from the Norwegian University of Science and Technology (NTNU), built on years of cutting-edge research in biometrics and information security by Prof. Chritoph Busch, Prof. Kiran Raja, and Prof. Raghavendra Ramachandra. Our technology is built by internationally recognised researchers from the Department of Information Security and Communication Technology, with deep expertise in face comparison, liveness detection, and secure biometric system design.

In other words, information security is not a compliance exercise we were brought to reluctantly. It is the intellectual foundation our company was built on. ISO/IEC 27001:2022 certification is the formal recognition of what was already true inside our walls, that we take the security of the data entrusted to us with the full seriousness it deserves.

How this reflects who we are

Our guiding principles as a company are not just motivational words on a wall. They are the operating philosophy that shapes how we build products, serve customers, and approach problems. And they map directly onto what ISO/IEC 27001 demands.

We are customer obsessed: we solve real problems that matter for our users and partners. ISO/IEC 27001 places protecting customer data at the centre of every process. Every control, every risk assessment, every documented procedure exists to ensure that the people and organisations who depend on our technology never have cause to regret that decision.
We pursue mastery: we invest in continuous learning and deep expertise, because quality matters. ISO/IEC 27001 is not a certificate you hang up and forget. It demands ongoing improvement through structured Plan-Do-Check-Act cycles, annual surveillance audits, and a full recertification every three years. The standard's own architecture mirrors our belief that excellence is a discipline, not a destination.
We get things done: we build practical, high-impact solutions and we move fast. The risk-based approach at the heart of ISO/IEC 27001 cuts through security theatre and focuses effort on what actually matters. No bureaucracy for its own sake, no controls that exist to tick boxes. Just a structured, evidence-based approach to identifying real threats and addressing them effectively.
And we are easy to work with: we value collaboration, honesty, and respect in everything we do. Certification by an accredited, independent body gives our partners and customers a clear, audited signal of how we operate. It makes due diligence faster, procurement conversations simpler, and ongoing collaboration built on a firmer foundation of verified trust.

What it means for our Customers, Partners and the World

Our customers and partners operate in some of the most stringently regulated environments in the digital economy: financial services, eGovernment, healthcare, and regulated identity proofing. Subject to GDPR, DORA, eIDAS 2.0, and a constantly evolving landscape of security requirements, they cannot afford to take a vendor's word that their data is safe. They need independently verified assurance, and ISO/IEC 27001:2022 provides exactly that.

Our certified ISMS governs the confidentiality, integrity, and availability of all information we handle, including sensitive facial biometric and liveness data. For customers navigating GDPR, the standard's close alignment with EU data protection requirements directly supports your own compliance. For partners operating under eIDAS 2.0, our certified security posture strengthens the trustworthiness of our Liveness Detection, Deepfake Detection, and Morphing Attack Detection services. For organisations subject to DORA, our risk management framework and incident response controls provide the resilience foundations modern financial regulation demands.

This certification sits alongside our broader commitment to operating at the highest standards in digital identity. Certifying our biometric technology against relevant ISO standards, publishing results through NIST, and working towards ESG compliance. These are not independent initiatives. They form a coherent whole: the posture of a company that believes its customers and partners deserve more than promises, and is willing to do the hard work of proving it.

A Milestone, Not a Finish Line

Fraud does not stand still. Cyber threats evolve. Regulations tighten. The only appropriate response is an approach to security that evolves with them, which is precisely what ISO/IEC 27001 requires and what our own culture has always demanded.

We are proud of this certification. We are also clear-eyed that it represents a beginning as much as an achievement. The annual surveillance audits, the continuous improvement obligations, the risk management cycles, these are not burdens. They are the mechanism by which we ensure that our commitment to security remains real, current, and verified, year after year.

If you are evaluating biometric identity solutions and want to understand how Mobai's certified security posture can support your compliance needs, we would be glad to talk. Because at the end of the day, our mission to rid the world of fraud and make digital identity secure, private, and accessible for everyone only means something, if the infrastructure behind it is worthy of trust.

Now, independently, it is.

‍

Curious to learn more? Let’s talk!

We’d love to hear from you! Reach out and let’s discuss how we can work together.

Frequently Asked Questions

What services does Mobai provide?

Mobai provides advanced identity verification and biometric authentication solutions designed to enhance security and streamline authentication and digital onboarding processes. Our services include AI-driven face verification, remote and physical ID document authentication, and liveness detection to prevent spoofing attempts. We also offer compliance solutions for KYC (Know Your Customer) regulations, ensuring businesses can verify identities securely and meet legal requirements. Additionally, Mobai provides easy-to-integrate APIs and SDKs, allowing companies to incorporate identity verification seamlessly into their existing platforms, whether for financial services, fintech, or other industries requiring secure user authentication.

How do I create an account on Mobai?

Feel free to contact us if you want a person to give you an introduction or learn more about our solutions.
‍
To create an account with Mobai, simply press the Get started button on our website to sign up. Once registered, you can integrate and test our solution for free, allowing you to explore its capabilities and evaluate its effectiveness. When you're ready to move to production, you'll need to contact our sales team to discuss your specific requirements and complete the onboarding process.

What programming languages and frameworks does Mobai support?

Mobai supports multiple programming languages and frameworks to ensure seamless integration across various platforms. For mobile applications, we provide SDKs for iOS (Swift), Android (Kotlin) and React Native, enabling developers to integrate identity verification into native apps efficiently. Our solutions are designed to be flexible and developer-friendly, making it easy to integrate Mobai’s identity verification technology into your existing applications. For detailed implementation guidelines, refer to our API documentation or contact our support team.

Does Mobai offer a trial period for free?

Yes, we offer a free trial period for businesses looking to test our services. The trial includes access to our key features so you can evaluate the effectiveness of our identity verification solutions. Click the "Get started" button to try it out.

How do I get in touch with Mobai's customer support?

You can reach out to our customer support team by sending an email to info@mobai.bio, and we’ll be happy to assist you with any questions or issues.