The Recommendation on the Governance of Digital Identity was adopted by the OECD Council meeting at Ministerial level on 8 June 2023 on the proposal of the Public Governance Committee (PGC). The Recommendation aims to guide Adherents in their efforts to successfully establish domestic approaches to digital identity that are user-centred, trusted and well-governed and in so doing create the conditions for achieving the ambition of full international interoperability to realise the value of digital identity across geography, technology and sectors.
The need for a standard on digital identity
Identity verification is essential for the functioning and resilience of societies, economies, and political systems. While physical documents such as ID cards and passports have enabled individuals to access essential services and cross borders, they are not adequate to meet the opportunities and challenges of the digital age. To ensure the long-term sustainability of digital identity, governments need to establish robust governance foundations and treat digital identity as critical digital public infrastructure.
Governments are working to ensure reliable and trusted access to a digital identity for natural and legal persons that is portable across platforms, sectors, and borders. However, challenges exist both at national and international level to implement this ambition, including public perception, user experience and adoption, digital inclusion, data sharing, interoperability, liability, data privacy and security. Often these challenges are shaped by technology and underpinned by foundational questions of governance that include strategy, public-private collaboration, regulation, and international cooperation. Developing a strategic and systematic approach is necessary to create a trustworthy and robust digital identity system that accounts for the emergence and management of new models and technologies. To achieve this, governments need to balance different goals depending on their national context. This requires a governance framework that is flexible, adaptable and promotes interoperability across borders.
The Recommendation builds on the work of the Working Party of Senior Digital Government Officials (E-Leaders Working Party, under the PGC), complementing initiatives undertaken by the OECD Committee on Digital Economy Policy as well as other international organisations and fora. It provides a standard for the governance of digital identity in line with OECD values, enabling accessible, userfriendly, highly trusted, secure, and equitable approaches to digital identity that will simplify and accelerate interactions, achieve more proactive and personalised services, and reduce the opportunities for error, fraud and other illicit activities.
Process for developing the Recommendation
The development of the Recommendation involved extensive consultations both within and outside the OECD. Based on responses from 30 OECD Members and non-Members to the OECD Survey on Digital Identity and extensive interviews with government representatives and units responsible for digital identity, the E-Leaders Working Party started to discuss the findings and identified priority policy issues for the development of an OECD Recommendation in 2022.
Expert stakeholders from the digital identity ecosystem were engaged to provide their views on the draft of the Recommendation. The draft was also submitted to public consultation and distributed widely among relevant OECD bodies. To finalise the text of the Recommendation, multiple rounds of comments were held on the draft text in the E-Leaders Working Party and the PGC.
Scope of the Recommendation
The Recommendation is structured around three pillars:
- The first pillar emphasises the importance of developing user-centred and inclusive digital identity systems. This involves designing and implementing digital identity systems that are effective, usable and respond to the needs of users and service providers. This pillar also highlights the need for digital identity systems to prioritise inclusion and minimise barriers to access, while preserving non-digital ways to prove identity.
- The second pillar focuses on strengthening the governance of digital identity. This requires taking a strategic approach to digital identity and defining roles and responsibilities across the digital identity ecosystem. It also emphasises the importance of protecting privacy and prioritising security to ensure trust in digital identity systems. Additionally, it concentrates on the need to align legal and regulatory frameworks, and provide resources to enable interoperability across different systems and services.
- The third pillar is dedicated to the cross-border use of digital identity. This requires identifying evolving needs of users and service providers in different cross-border scenarios and cooperating internationally to establish the basis for trust in other jurisdictions’ digital identity systems and issued identities. Achieving cross-jurisdictional portability of digital identity is complex, but international collaboration and the development of international instruments can help set expectations, create consensus, and build trust.
Overall, the Recommendation provides a framework that promotes the development of reliable and trusted access to digital identity for natural and legal persons that is portable across platforms, sectors, and borders. It addresses challenges at national and international levels to implement this ambition, including public perception, user experience and adoption, data sharing, interoperability, liability, data privacy and security, governance, and international cooperation. The Recommendation does not focus on technical aspects or imply changes to the nature of any domestic identity systems.
Next steps
The PGC, through the E-Leaders Working Party, will serve as a forum for exchanging information and fostering multi-stakeholder dialogue on user-centred and inclusive digital identity systems, governance, and cross-border use. The discussions will support peer learning and propagate good implementation practices among Adherents.
The PGC will monitor activities and emerging trends around digital identity, provide guidance and tools to support implementation, and report to Council on the implementation, dissemination, and continued relevance of the Recommendation in 2028.
Source: OECD