It involves a series of changes from the alpha version published in January 2021, based on feedback from over 250 organisations and aimed at fostering the development of an ecosystem of trusted digital identity products in the UK. A key change has been the creation of sub-roles for the three broad type roles that providers could play – identity, attribute, and orchestration service – under the alpha version. These make distinctions on issues such as whether a service is re-usable, if it requires an account, whether it deals with identity, attributes, or both, and whether it comes from a service such as a personal data store or app.
Other changes include a new requirement that any biometric technologies used will be tested according to an industry standard; more detail on monitoring and reporting on fraud; a plan to offer an overarching data schema to support a consistent, technology agnostic transfer of data; requirements for framework participants to provide information on their supply chains; and a user agreement aimed at providing a balance between users’ trust and removing unnecessary friction.
In addition, the Good Practice Guide 45 for identity proofing and verification has been updated with additional detail on document inspection training and examples of fraud databases that can be used in identity checking.
The document adds that a data protection impact assessment of the framework will be published ‘in due course’. Writing in the new version’s foreword, DCMS Minister of State Julia Lopez MP indicates that sandboxes and live market testing will be used to ensure the framework is fit for purpose.
The policy development lead official for the programme, George Muskat, told during the Think Digital Identity for Government conference that it is not yet possible to say when the framework will go live. It depends on legislation for which the timetable is hard to predict due to a busy agenda for Parliament, and DCMS prefers to keep an open timeline on the beta testing to ensure everything works effectively in the live version.
He added that there are four priority areas for further policy development within the beta testing, the first being around the user agreement to ensure transparency and ensure the public understands the requirements for the use of their data. The second is to ensure that certifiers meet key principles, the third is to assess the risk from uncertified providers, and the fourth is on fraud management.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now