In the first of these blogs, we looked at the recommendations for the UK set out in the new report we prepared for OIX; A Blueprint for National and International Oversight of the Digital Identity Market. In this second blog, we look beyond the UK, towards what might be needed to oversee and drive interoperability across national borders.
Is there a need for oversight and interoperability in the international digital identity market, and if so, what form might it take?
Where digital identity schemes currently exist, they are usually bound to a particular national geography, and digital identities are seldom accepted abroad.
The EU has begun to change this – the eIDAS Regulation establishes a trust framework that spans member states. An identity created in one country within a scheme notified under eIDAS can be used (and indeed MUST be accepted) in any other EU state that has an equivalent notified scheme to access public services.
The multi-national political framework that exists in the EU is unique and hard to replicate elsewhere in the world. That said, the EU approach of allowing national determination of how a scheme is developed and focusing on the equivalency of the outcome and level of assurance instead, may be an important lesson for any other cross-national efforts.
What can we learn from other sectors?
We examined how oversight and interoperability is tackled in air travel, telecoms, and the internet. Organisations such as ICAO, ICANN and the ITU have developed over decades, and now enjoy a high level of government recognition, and often UN specialised agency status.
However, they also set standards, something that may not be required for digital identity. And they follow complex multi-stakeholder organisational models which seem disproportionately complex and expensive for an emerging market such as digital identity.
On the other hand, there are organisations such as the FIDO Alliance and Open ID Foundation that set international standards, a vital element of interoperability, and are organised on a much smaller scale.
They may be more representative of a mid-term model for digital identity; a relatively slim international organisation focused on undertaking interoperability assessments, certification and recognising standards that are developed by other organisations.
For the immediate future, the input from international stakeholders involved in the project has been relatively consistent – to begin to build a cross-border framework via bilateral and limited multi-lateral interoperability and equivalency assessments.
Work that is in proportion to the level of systemic importance and risk that the digital identity market currently represents.
Internationally, that importance is growing as more states find ways to solve the digital identity challenge, and people increasingly look to use their digital identity across borders. Whether that eventually grows into the need for a UN mandate and a larger and more complex organisation remains to be seen.
But right now, to start small and begin to develop an outcome-based interoperability framework, initially amongst the willing and able, seems to be a strong message and good advice.