The Department for Digital, Culture, Media & Sport (DCMS) has published an updated governance structure, known as the trust framework, to support the proposed Digital Identity Programme.
Under the new programme, people will be able to prove their identity through the use of digital methods instead of having to rely on physical documents. The government's objective is to make these digital methods as trusted an secure as existing official documents, such as passports and driving licences. Importantly, the use of digital identity solutions will not be mandatory so those that would prefer to continue using physical documents will be able to do so.
Data Minister Julia Lopez stated, “the government is committed to unlocking the power of data to benefit people across the UK” whilst Heather Wheeler MP, Parliamentary Secretary to the Cabinet Office, described the ambitious initiative as being one of many to prepare the UK for the digital world.
What are digital identities and attributes?
The guidance defines a digital identity as a digital representation of a person acting as an individual or as a representative of an organisation. A person's digital identity will allow them to prove who they are during interactions and transactions with organisations. However, the digital identity products and services created under the new framework will differ from those centralised identity databases or digital ID cards.
Once a person has a digital identity, they will then be able to access a variety of services offered by different providers before choosing one that meets their specific needs. Notably, not all digital identities will be reusable and how many uses are available will largely be shaped by cooperation between the relevant organisations.
In addition to digital identities, attributes also fall within the scope of the framework. These are defined as pieces of information that describe something about an individual or an organisation. Attributes can be used to create digital identities or prove that a user is eligible or entitled to do something, such as completing a transaction. Much like digital identities, some attributes may only be used once whilst others will be reusable depending on the circumstances.
Who is the trust framework for?
The trust framework comprises a set of government-approved rules that will allow different organisations to follow a prescribed set of rules to deliver their services. The aim is to create trust and consistency between different organisations to further facilitate transactions and interactions between different participants. Currently, the framework is primarily targeted towards the following four groups:
- Providers: who provide digital identity or attribute service;
- Certifying bodies: who will certify services against the standards set by the DCMS;
- Schemes: that look to build on the prescribed standards in particular use cases or industries; and
- Employers, business or other bodies: that want to use digital identity services and are sometimes known as “relying parties”.
In order to meet the rules of the framework, organisations are required to prove that they can safely manage users' digital identities or attributes. However, these rules will be "outcome based" and will not prescribe specific technologies or processes, meaning that there will be minimal impact on an organisation's ability to innovate or develop its services freely.
In terms of participation in the framework, organisations can join on their own, as part of a scheme for multiple organisations, or as part of a scheme set up by another organisation. Within the framework, the rules and responsibilities applicable to an organisation will depend upon its role, for example whether it is a provider or a relying party. It is worth noting that if an organisation chooses to perform multiple roles then it must follow the rules for each role.
Additionally, a new Office for Digital Identities and Attributes (ODIA) will also be set up with the purpose of certifying digital identity organisations with a trustmark. This will allow one organisation to prove its credibility to other organisations as well as helping users have more confidence in their products or services.
Next steps
The government is currently working towards bringing forward the necessary legislation that will underpin the trust framework. Most recently, the Data Protection and Digital Information Bill had its first reading in Parliament. The Bill will allow identity and eligibility checks to be made against trusted, government-held data.
How can Burges Salmon Help?
If you have any questions about the matters discussed in this article, please contact Lucy Pegler or another member of our Technology team.
This article was written by Pooja Bokhiria.