DCMS releases plans for use of digital identities
The Department for Digital, Culture, Media & Sport has published the second version of its digital identity trust framework which is part of plans to make it faster and easier for people to verify themselves using modern technology through a process as trusted as using drivers licenses or passports.
These latest draft rules of the road for governing the future use of digital identities follow the publication of the first version of the trust framework in February 2021 and the consultation last month. The framework incorporates extensive feedback from an online survey and government engagement sessions with a range of external organisations.
“We are developing a new digital identity framework so people can confidently verify themselves using modern technology and organisations have the clarity they need to provide these services,” said Digital Infrastructure Minister Matt Warman. “This will make life easier and safer for people right across the country and lay the building blocks of our future digital economy.”
The framework shows how organisations can be certified to provide secure digital identity services, they will have to go through an assessment process with an independent certification body. It also states how data can be shared between organisations and announces the government will start testing the framework in partnership with service providers.
Applications have opened for organisations interested in taking part in the testing process, which will involve organisations assessing where their service meets the proposed trust framework rules and providing feedback to the government. This process will prepare organisations for full certification in the future, as well as help the government to refine trust framework rules so they work for both people and organisations.
Once finalised, the government plans to bring the framework into law and make it easier and safer for people to use digital services to prove who they are or verify something about themselves. The updated framework includes:
- Details on how organisations will become certified against the trust framework in the future, including how the independent assessment will take place. The process will involve bodies accredited by the UK Accreditation Service (UKAS) completing service audits to assess eligibility.
- New guidance on how organisations can work together to create a consistent approach, which delivers a better user experience and reduces the need for burdensome and repetitive verification processes. It outlines how organisations describe data in the same format so other organisations know the method of identity verification used.
- Clearer definitions for the trust framework’s roles so organisations can better understand which applies to their specific service, depending on how they are managing data.
- Refined rules on areas such as how to manage digital identity accounts, where detailed.