New Zealand is implementing a comprehensive Trust Framework for digital identity services, joining a growing number of countries adopting standardized approaches to digital identity management. The framework, which will take effect on November 8, 2024, establishes rules and standards for digital identity services that align with international best practices like the European Union’s eIDAS regulation.
Digital identity services allow individuals to prove who they are online using verified credentials, similar to showing a physical ID card. These services have become increasingly important as more government and private sector services move online.
The Trust Framework establishes several key requirements:
Service providers must implement end-to-end encryption and secure storage protocols to protect personal information. They must also obtain explicit user consent before sharing any data, following principles similar to those established in recent EU cybersecurity directives.
Digital credentials will remain under user control through a decentralized architecture, meaning the credentials are stored on users’ devices rather than in centralized databases. This approach follows the principle of self-sovereign identity, allowing individuals to maintain control over their personal information.
“There are many instances where we need to share information, such as our name, address, age or qualifications,” explained Minister for Digitising Government Judith Collins. “Using accredited digital identity services makes it easier to securely share information while helping protect against identity theft.”
The framework enables the development of various digital identity services, including digital driver licenses and professional certifications. These developments follow successful trials of digital identity technologies in other sectors, such as the recent implementation of identity verification systems in New Zealand’s retail sector.
According to the Digital Identity Agency, the framework specifically prohibits the creation of a central database or tracking system. This restriction addresses privacy concerns raised during public consultations and aligns with global best practices in digital identity management.
The Trust Framework’s implementation comes as part of New Zealand’s broader digital transformation strategy, which includes initiatives to improve online service delivery while maintaining strong privacy protections. Organizations seeking accreditation under the framework must undergo security assessments and demonstrate compliance with privacy standards before being approved as service providers.
Source: New Zealand Digital Identity Agency
—
November 6, 2024 – by Cass Kennedy
Follow Us