Skip to main content

03 Digital Identity Anchor - Legal Meaning and Data Structure

Document Status: Draft

Editor: John Phillips

Contributors: Alina Nica Gales, Sankarshan Mukhopadhyay

1. Introduction

1.1 Purpose and Scope

This document describes the legal meaning and data structure of the “Digital Identity Anchor” (DIA) construct used to present proof of the identity of organisations, products and other elements used in supply chain transactions.

The legal meaning discussion is a consideration of the meaning of the issuance of a DIA by a Registrar and its subsequent use by the holder and verifiers in a trade interactions.

For data structures, a key challenge is that each registry will have its own existing data structures. To the extent possible, we should allow each registry to continue to use its own data structures and identify a mechanism by which these can be accommodated rather than mandate their change.

The project glossary is here: Glossary

Requirements are expressed as described here: requirements

1.2 Introduction to the DIA

Non-normative.

The Digital Identity Anchor (DIA) referred to here is a part of the United Nations Transparency Protocol (UNTP) specification. The GTR project objective for the DIA has two main considerations:

  1. explore the design and application of the DIA through expert review and developing pilots do that the GTR project can recommend improvements and changes to the UNTP specification if/as appropriate.
  2. define the legal framework for the Digital Identity Anchor - the meaning of its issuance and use.

A diagram representing the DIA issuance process is shown below.

The diagram shows the sequence of steps that are proposed to issue a UNTP Digital Identity Anchor (DIA). Note that the first three steps follow the Registrar's own standard process for registration, including the legal, technical and organisational requirements to be met by the Organisation for registration.

Authoritative nation state Registrars have their own sovereign state legal frameworks, processes and procedures and their own investments in digital infrastructure. This means that each Registrar will have a different legal basis, set of policies, commercial arrangements and technology capabilities.

It is not expected that all Registrars are currently capable of issuing a UNTP DIA. The DIA aligns with the UNTP is recommended to provide a verifiable record of a registry entry. The GTR project exists to support the global move to supply chain transparency and trust at scale, and verifiable registry records (and hence DIAs) are part of that initiative. However it is not mandated that Registrars issue or be able to issue DIAs to be part of the GRID.

The GRID will provide an accurate and up to date (through self-maintenance) reflection of each Registrar's capabilities, including if and how they enable verification of their register(s) and the register records whether that is through DIA issuance or other means.

The framework of legal and technical recommendations in this section encourage, inform and frame the use and meaning of Digital Identity Anchors.

2. DIA Data Structure and Schemas

note

This is where we will write the narrative on data structures and lessons learnt from pilots

This section considers the legal meaning of the issuance, use and reliance upon the DIA in trade interactions. The section presents the considerations as draft requirements to be met.

  1. The data within a DIA SHALL be one of three types:

    1. Data derived exclusively from authoritative identity data held in one or more Public Registries established by law as the authoritative source of legal identity data. This SHALL reflect only information attested by the competent authority responsible for each element, and shall not introduce any attributes or claims that are not explicitly recorded therein.

    2. Data from other competent authorities provided by the registrant and checked by the authority.

    3. Data provided by the registrant and not checked by the authority.

    The authoritative registrar is responsible solely for the elements it certifies (DIA 1.1), while it may incorporate- with clear attribution- elements certified by other competent authorities (DIA 1.2, if checked) and elements provided by the registrant (DIA 1.3)

  2. The issuing entity must be a competent public authority, designated by statutory or regulatory mandate to manage such records (e.g., business register, land registry, tax authority).

  3. The services to issue and manage such records may be contracted and/or delegated to other bodies but the legal responsibility cannot be delegated away. Service providers, platforms and/or operators are not deemed the legal issuer of such records no matter the contractual relationship. The issuing Public Registry shall bear full legal responsibility for the accuracy, authenticity and legal validity of the attested information.

  4. The DIA does not confer legal personality, status, rights, or obligations beyond those arising from the underlying registration in the official register. Its issuance or possession does not substitute for, amend, or override any official extract, certificate, or instrument issued by the competent registry.

  5. The DIA does not replace or diminish the legal effect of the official registry record, nor does it substitute the procedures for registration, amendment, or cancellation established by applicable law.

    It shall be regarded solely as a digital mechanism for the verification and authentication of registered information in a secure and interoperable manner.

  6. The DIA serves solely as a verifiable digital reference to a registered identity, designed to facilitate trust in cross-border and cross-system digital transactions, without altering the legal scope or effect of the underlying official record.

  7. The issuance of a DIA (or other forms of digital or physical representations) shall not discharge any requirement to obtain or maintain the underlying legal identifier or registration mandated by law.

3.2 Competent Authority and Issuance Conditions

  1. A DIA shall only be issued by an authority that is legally authorized to register, certify or attest the identity of the subject under applicable law.

    This includes public business registers, land/property registers, civil registers, and other official registries recognized as authoritative under national law.

  2. The issuing authority shall operate within a national or regional legal framework that defines its competence, procedures, and accountability.

  3. The issuing authority shall verify that the subject controls the digital identifier linked to the registered identity before issuing a DIA..

  4. The DIA shall be cryptographically signed by the issuing authority, and shall include sufficient information to authenticate the issuer's official capacity, such as a domain name or identifier unequivocally linked to the authority..

  5. Issuing authorities shall be subject to oversight by competent supervisory bodies and shall bear legal accountability for compliance with applicable requirements.

3.3 Minimum Content and Lifecycle Management

  1. Metadata Requirements

    1. The DIA shall contain at minimum the following elements:

      1. Identification of the issuing authority;

      2. Registered name of the subject;

      3. Official identifier assigned in the register (e.g. registration number, EUID, LEI, tax ID);

      4. Register name and jurisdiction;

      5. Register type and scope of registration;

      6. Status of the registration (e.g. active, suspended, revoked);

      7. Date and time of issuance;

      8. Link to a mechanism for status verification.

      9. Information necessary to verify the integrity of the DIA and the level of assurance of the identity proofing, including the digital signature or seal of the issuer and, where applicable, the assurance level or trust framework under which the DIA was issued. [this clause requires further work to consider other possible attributes such as validity periods and data schema conformancy]

  2. Lifecycle Rules

    1. The issuing authority shall ensure that the information in the DIA remains accurate and reflects the current legal status of the subject.

    2. The DIA shall be revoked or suspended in case of termination, change, or legal challenge to the registration.

    3. The issuing authority shall implement audit trails, versioning and evidence-preserving mechanisms for all changes affecting the DIA. These records shall be retained for a minimum period consistent with statutory retention rules applicable to the underlying register.

  1. The DIA SHALL reference or include any legal identifiers assigned to the subject under national or international law, including but not limited to: European Unique Identifier (EUID), Legal Entity Identifier (LEI/vLEI), and national business, tax, or property codes.

  2. The DIA SHALL NOT invalidate, replace or supersede the use or legal effect of such identifiers.

  3. Where appropriate, the DIA SHALL support semantic mapping and interoperability mechanisms to align with official identifier schemes. [more work required here to describe conformancy to data schema or other methods]

  4. The DIA’s data model and format SHALL conform to internationally recognized standards for verifiable credentials and decentralized identifiers (or successor standards) to maximize validation and interoperability reach.
    [work to be done: do we recommend which standards explicitly? Does this reference a separate file/document to allow easier maintenance?]

3.5 Technological Neutrality and Open Standards

  1. Implementations of the DIA SHALL remain technologically neutral, ensuring interoperability across multiple infrastructures and platforms. No single proprietary technology, vendor solution, or distributed ledger system SHALL be required as a condition for validity, verification, or interoperability.

  2. The DIA standard SHALL adhere to open, internationally recognised technical specifications, such as W3C Verifiable Credentials, ISO/IEC 18013, or ETSI EN 319 412, or their functional equivalents, so as to guarantee long-term interoperability and independence from specific technologies or suppliers.

  3. This principle of technological neutrality SHALL preserve the sovereignty of public registries over their systems and technical choices and ensure that trust in digital identity remains grounded in law rather than in any particular infrastructure or vendor ecosystem.

  1. The DIA shall not be construed as evidence of capacity, ownership, entitlement, or compliance unless explicitly stated in applicable law.

  2. The DIA shall not be used to assert or imply legal effects beyond identity and registration status.

  3. Relying parties shall not infer additional legal attributes or guarantees from a DIA beyond its declared scope and metadata.

  4. Only DIA issuers registered in a trusted list or identity scheme recognized by competent authorities shall be accepted as valid sources.

  5. The Global Trust Registry (GTR) [operational system name to be determined] shall serve as the primary international directory of Authoritative Registries for UN/CEFACT.

3.6 Data Protection and Privacy

  1. The issuance and use of DIAs shall comply with applicable data protection regulations.

  2. Enhanced Data Minimisation and Privacy Safeguards.

    1. The principle of data minimisation SHALL apply not only to the content of the DIA but also to any process of issuance, verification, or exchange involving it.

    2. The DIA SHALL contain only those attributes strictly required for legal identification and validation, and SHALL exclude non-essential data such as secondary identifiers, contact details, or transactional metadata.

    3. Where technically feasible, the DIA framework SHOULD implement privacy-preserving cryptographic methods, such as selective disclosure and zero-knowledge proofs (ZKPs), enabling verifiers to confirm authenticity without revealing unnecessary personal or corporate information.

    4. The DIA and its associated identifiers SHALL not enable correlation, behavioural tracking, or cross-context linkage of entities beyond what is strictly necessary for identity verification. Each verification event SHOULD employ distinct, pseudonymous, or context-specific tokens to prevent re-identification or profiling across multiple transactions.

    5. Privacy by design and by default SHALL be demonstrably embedded in all DIA systems, including through mechanisms ensuring purpose limitation, proportionality, and user transparency, consistent with international data protection principles.

    6. Personal data contained in the DIA shall be limited to what is necessary and proportionate for the purposes of identification and validation.

    7. The issuing authority shall ensure transparency, lawfulness of processing, and fulfilment of data subject rights.

    8. Systems implementing DIAs shall incorporate data protection by design and by default, including access control, secure storage, and minimization.

    9. Where DIAs are discoverable or retrievable across borders, appropriate safeguards for international data transfers shall apply.

  3. Auditability and Oversight of Privacy Compliance

    1. Issuing authorities SHALL maintain internal audit mechanisms ensuring that DIA systems do not permit any form of profiling, behavioural tracking, or secondary data usage beyond the stated purposes of identification and validation.

    2. Any processing of DIA-related data for analytics, marketing, or commercial exploitation SHALL be strictly prohibited.

    3. Compliance with these privacy and data-minimisation requirements SHALL be subject to periodic supervision by competent data-protection or oversight authorities, ensuring accountability and conformity with applicable legal frameworks.

    4. The issuing authority shall maintain a privacy impact assessment for DIA issuance and verification processes and update it when material changes occur.

      [Discussion needed here. Should we really be defining data protection and privacy details or the principle? Each country may vary. How long a list do we want? The first clause could be stand-alone.]

3.7 Governance and Supervision

  1. Each jurisdiction shall designate a competent public authority responsible for supervising the issuance and management of DIAs.

  2. Issuing authorities shall be accredited or recognized according to criteria established by the supervisory authority.

  3. The Global Trust Registry (GTR) [operational system name to be decided] shall serve as an authoritative UN directory of trusted Authoritative Registers.

  4. Authoritative Registers listed in the GTR shall publish their identity schemes, issuer credentials, and governance policy, and shall maintain up-to-date registration in the GTR.

  5. Governance policies must include security, data protection, revocation, and dispute resolution procedures.

  6. Procedures shall exist for dispute resolution, revocation, complaints, and oversight related to DIA issuance and usage.

  7. The Global Trust Registry shall be governed by a United Nations body with transparency and neutrality, establishing defined rules for adding, updating, or removing entries, and ensuring that all changes are auditable and communicated to all stakeholders.

  8. Jurisdictions are encouraged to cooperate by sharing information and best practices regarding identity management and trust services, and to participate in the Global Trust Registry to facilitate continuous improvement and mutual recognition of DIAs globally.

3.8 Cross-border Recognition and Limitations

  1. A DIA issued in one jurisdiction SHALL be recognized in another jurisdiction as valid evidence of identity and registration, provided that:

    1. The issuing authority is legally recognized;

    2. The assurance level is equivalent or substantially equivalent;

    3. The issuing process complies with public governance standards.

  2. Recognition may be subject to mutual agreements, inclusion in international trust lists, or compatibility with domestic legal frameworks.

  3. Jurisdictions may decline recognition if the foreign DIA fails to meet essential legal or technical requirements, with justification based on objective criteria.

  4. Cross-border usage of DIAs shall not override the exclusive legal authority of national registers or public institutions to determine legal status, rights, or ownership.

  5. Any additional checks or requirements for foreign DIAs shall not contradict the principle of non-discrimination established in international electronic identification agreements, serving only to confirm the reliability of the credential and not to create unjustified barriers.

  6. Competent authorities shall cooperate to resolve cross-border incidents and disputes related to DIAs, including coordinated investigations, temporary trust status annotations in the GTR, and timely notifications to affected stakeholders. Cooperation mechanisms should leverage existing international mutual assistance treaties and UNCITRAL cross-border cooperation principles.

  1. Legal Nature and Non-Substitutive Role:

    1. The Digital Identity Anchor (DIA) shall be a digitally signed electronic attestation of an entity’s identity as recorded in an official register or identity management system. It serves as a verifiable certificate of registration, linking a decentralized digital identifier to an authoritative legal identity record uncefact.github.io.
    2. The DIA in itself does not confer legal personality or create any new legal status; it reflects information from an existing legal identity (such as a registered company or individual) and shall not replace or supersede the official registration or documentation of that identity. In particular, the issuance of a DIA does not discharge any requirement to obtain or maintain the underlying legal identifier or registration mandated by law.
    3. The DIA is a complementary instrument and shall not be used as a substitute for official extracts, certificates, or other primary evidence of legal identity pwclegal.lu. Its function is to provide a secure, globally verifiable digital reference to the entity’s legally established identity, enhancing trust in electronic transactions without altering the primacy of the original legal identifiers.

  2. Issuance Authority and Legal Framework:

    1. A DIA shall only be issued by an authority that is legally authorized to verify and attest the identity of the entity in question, such as a national business registry, government agency, or other competent authority designated under the enacting jurisdiction’s law uncefact.github.io.
    2. The issuing authority must operate under a national legal framework that governs the registration or identification of the entity and ensures the integrity and authenticity of the identity data provided.
    3. Prior to issuing a DIA, the authority shall perform a robust identity verification process equivalent to that used for issuing official registration documents. In particular, the authority must verify that the requesting entity is indeed the rightful holder of the identity being attested, including confirming the entity’s control over any digital identifier (e.g. a decentralized identifier (DID)) that will be bound to the legal identity uncefact.github.io.
    4. The DIA credential shall be digitally signed by the issuing authority and include sufficient information to authenticate the issuer’s official capacity (for example, using a domain name or identifier that is unequivocally linked to the authority) uncefact.github.io.
    5. Issuing a DIA without proper legal authority or without following the required verification steps is prohibited. Issuing authorities shall be subject to oversight by competent supervisory bodies in accordance with applicable laws (for example, analogous to the supervisory regime for trust service providers), and they bear legal accountability for compliance with these requirements. Notably, an issuing authority that fails to meet its obligations (including security and data protection duties) may face sanctions or loss of its trusted status eur-lex.europa.eu under the governing framework.

  3. Legal Metadata and Lifecycle Management:

    1. Each DIA shall contain, at a minimum, the essential metadata necessary to identify its subject and issuer and to enable validation and lifecycle management of the credential. At minimum, the DIA shall include:

      1. Issuer Identification: clear identification of the issuing authority, including its name and a unique identifier. This identifier may be a URI or domain name or other form of identifier that allows verifiers to confirm the issuer’s identity via public records uncefact.github.io. The DIA shall indicate the issuer’s legal status (e.g. a national registry or a qualified trust service provider) and, where applicable, its inclusion in recognized trust lists or governance frameworks.

      2. Subject Identification: unambiguous details of the registered entity that is the subject of the DIA, as recorded in the authoritative register. This shall include the entity’s legal name as registered (in a consistent format matching the official register)uncefact.github.io and the principal registered identifier of the entity (such as the company or registration number, tax identification number, or other official code unique within the issuing register)uncefact.github.io. If the entity has a European Unique Identifier (EUID) or other internationally recognized identifier (e.g. a Legal Entity Identifier), that identifier should be included as part of the credential data for cross-referenceeur-lex.europa.eu. The DIA shall also specify the identity register or scheme from which the subject’s identity originates (for example, by name and an official register code or URL), so that verifiers understand the context and source of the identity datauncefact.github.io.

      3. Validity Data: the date of issuance of the DIA and the period of validity. If the DIA is subject to expiration, the expiration date shall be indicated. The DIA shall also contain data or references enabling verification of its current status (for instance, a checksum, certificate or URL for an online status service or trust registry) to allow relying parties to check whether the DIA has been revoked or suspended.

      4. Credential Integrity and Assurance: information necessary to verify the integrity of the DIA and the level of assurance of the identity proofing. This includes the digital signature or seal of the issuer and any metadata about the assurance level or trust framework under which the DIA was issued. For example, if the DIA is issued in a scheme with defined assurance levels (such as “high” per international standards), or under a specific trust framework (e.g. a qualified status under eIDAS), such information shall be indicated to facilitate trust decisionsuncitral.un.org.

      5. Purpose and Scope: where relevant, any limitations or specific scope of the DIA. If the authoritative register classifies registrations by type or scope (for instance, distinguishing different types of legal entities or licenses), the DIA should include a coded indication of the register type and the scope of the registration uncefact.github.iouncefact.github.io. This ensures that verifiers do not misconstrue the context – e.g. whether the DIA represents a business registration, an accreditation, a personal identity, etc.

  4. Accuracy through lifecycle.

    1. The issuing authority shall ensure that the DIA’s information remains accurate and up-to-date throughout its lifecycle.
    2. In the event of any change in the legal status or details of the registered entity (such as a name change, dissolution of a company, revocation of a license, etc.), or if the underlying digital identifier is compromised or replaced, the issuing authority must update or revoke the DIA in a timely manner, where each authority declares how rapidly they will make changes on receipt of confirmed requests.
    3. Mechanisms shall be in place for immediate revocation of a DIA when it is no longer valid, with notification of such revocation made available through the same channels as the credential itself (e.g. via the trust registry or status API).
    4. A revoked or expired DIA shall be marked so that it is not mistakenly relied upon. The DIA data model and format shall conform to internationally recognized standards for verifiable credentials, ensuring that it can be universally validated and interoperable across different technological platforms uncefact.github.io.
    5. Implementations of the DIA should enable automated discovery and retrieval (for example, discoverability via the subject’s DID document or via the identity scheme resolver) to support efficient validation in digital transactions.

  5. Interoperability and Coexistence with Legal Identifiers:

    1. The DIA shall be designed to interoperate with existing legal identification systems and to complement, not conflict with, established identifiers such as national register numbers, the European Unique Identifier (EUID), or the Legal Entity Identifier (LEI).
    2. Where an entity has one or more official identifiers, the DIA shall incorporate or reference these identifiers in its credential data, so that any party reviewing the DIA can readily map it to the traditional identifiers. For example, for an EU-registered company, the DIA should include the company’s EUID, which allows it to be unequivocally identified across Member State registers eur-lex.europa.eu. Inclusion of such identifiers promotes consistency and cross-system recognition of the entity.
    3. The issuance of a DIA does not invalidate or replace the use of those identifiers; instead, the DIA acts as a digital wrapper or anchor that links a decentralized identity (or verifiable credential) to the existing legal identity. All obligations to use or display national or international identifiers in legal transactions remain unaffected by the existence of the DIA.
    4. Competent authorities and system providers shall ensure that the DIA format is compatible with interoperability frameworks (such as the European Digital Identity framework under eIDAS 2.0 and UN/CEFACT specifications for verifiable credentials) so that the DIA can be accepted and processed by public and private services.
    5. Where identity or credential schemes are registered in a global registry (for instance, a UN/CEFACT identifier scheme registry), the DIA should include a reference to that scheme or registry entry to facilitate automated trust verification uncefact.github.io.
    6. In sum, the DIA must peacefully coexist with legal identifiers, enhancing their usability in digital contexts without substituting the identifiers themselves or the legal obligations tied to them pwclegal.lu.

  6. Safeguards Against Misinterpretation or Misuse:

    1. Appropriate safeguards shall be implemented to prevent the DIA from being misinterpreted or misused in a manner that could mislead relying parties or enable fraud.
    2. The DIA and associated systems shall clearly indicate the nature and scope of the credential to all parties. This includes making relying parties aware of any limitations on the purpose, value, or use of the DIA uncitral.un.org. For example, if a DIA is intended only to prove the identity and registration of a company, it should not be construed as evidence of the company’s creditworthiness, regulatory compliance, or any attributes beyond identity.
    3. The DIA shall contain explicit references or codes (as noted in clause 3(e) above) that define the scope of the registered identity, so that it cannot be mistaken for a different kind of credential. Relying parties must exercise due care in interpreting the DIA; they shall not infer legal rights or endorsements from the DIA beyond what it actually attests (identity and registration status).
    4. To prevent misuse, issuing authorities shall implement security measures and validation checks. In particular, the process of issuing a DIA must include verifying that the requester is the legitimate identity holder (for instance, performing DID authentication to ensure the subject controls the decentralized identifier) uncefact.github.io.
    5. The integrity of issued DIAs shall be protected by strong cryptographic measures, and any attempt to forge or tamper with a DIA will invalidate the credential. Furthermore, to guard against unauthorized or fraudulent DIAs, only trusted authorities can issue them (as per clause ###) and the list of such trusted issuers should be made publicly available. The Global Trust Registry (see clause ###) or a similar trust list mechanism shall maintain a whitelist of authorized DIA issuers (and their identifying information, such as issuer DIDs or certificates), and verifiers of a DIA shall check that the DIA’s issuer is on this trusted list uncefact.github.io.
    6. DIAs issued by entities not on the trust list should be treated as invalid or unverified. Issuing authorities and other stakeholders shall also establish procedures to detect and report any misuse of DIAs (such as a DIA being used beyond its intended purpose, or used after revocation).
    7. Any person or entity that knowingly misrepresents a DIA, or uses a DIA in a deceptive manner, may be subject to penalties under applicable law (for example, sanctions for fraud or misrepresentation).

    These safeguards, combined with user guidance and legal accountability, ensure that the DIA is relied upon correctly and maintains its integrity as a trust mechanism.

  7. Data Protection Compliance:

    1. The issuance and use of DIAs must comply fully with applicable data protection and privacy laws, notably the General Data Protection Regulation (GDPR) in jurisdictions subject to EU law. Nothing in this standard excuses or overrides the obligations of data controllers or processors under data protection law uncitral.un.orgeur-lex.europa.eu.
    2. Personal data included in a DIA (if any) shall be limited to the minimum necessary for identification purposes, in accordance with the principle of data minimization eur-lex.europa.eu. Typically, a DIA for a legal entity will contain business-identifying information (which may be outside the scope of personal data protection if it doesn’t relate to an identified natural person); however, to the extent that any personal data are involved (for example, a sole proprietor’s name or a representative’s identity), such data must be handled lawfully and transparently.
    3. The purposes for which DIAs and their data may be used shall be specific and legitimate (purpose limitation )eur-lex.europa.eu, and the data shall not be further processed in a manner incompatible with those purposes.
    4. Issuing authorities are responsible for ensuring a valid legal basis for processing personal data in the context of DIAs (e.g. legal obligation, public interest, or consent, as appropriate under GDPR). They must also provide data subjects with any required information notices and uphold data subject rights, such as the right to access personal data contained in a DIA and the right to rectification if any personal data are inaccurate.
    5. The design and implementation of the DIA framework shall incorporate data protection by design and by default, meaning that privacy considerations are embedded into the technology and business processes from the outset eur-lex.europa.eu. For instance, DIAs should be stored and transmitted in a secure manner, and where possible, mechanisms like selective disclosure should be used to avoid unnecessary exposure of personal information.
    6. Any systems or repositories (such as the Global Trust Registry or national trust lists) that store information about DIAs or issuers must also comply with data protection requirements and implement appropriate security and access controls. In case of a personal data breach involving DIAs, the responsible parties shall carry out notifications to supervisory authorities and affected individuals as required by law. Finally, international data transfers of personal data (if the verification of a DIA involves cross-border data flow) must conform to the cross-border data transfer rules (such as GDPR Chapter V requirements or equivalent measures in other jurisdictions).

    In summary, the deployment of DIAs shall be privacy-preserving and without prejudice to any data protection laws uncitral.un.org, ensuring that trust in digital identity does not come at the expense of fundamental rights to privacy and data protection.

  8. Public Governance and Oversight:

    1. The framework for DIAs shall be underpinned by public governance mechanisms to ensure accountability, transparency, and trust in the system.
    2. Each jurisdiction implementing DIAs shall designate or empower a competent authority to supervise and oversee the entities issuing DIAs within that jurisdiction. This may be an existing regulatory body (for example, the supervisory body for trust services under eIDAS, or the authority managing the national identity/register systems) or a newly established oversight function.
    3. The supervisory authority shall have the powers and responsibility to monitor compliance of issuing authorities with the requirements of this standard and applicable law, and to take appropriate measures in case of non-compliance. Such measures may include suspending or revoking an issuer’s authority to issue DIAs, imposing sanctions, or other enforcement actions as provided by law eur-lex.europa.eu.
    4. The governance framework shall also ensure that there is no conflict of interest in the issuance of DIAs – for instance, if private entities are authorized to issue DIAs, they must be subject to stringent criteria and government oversight to maintain the public’s trust.
    5. All DIA issuers should be formally accredited or recognized by the relevant public authority before they begin issuing credentials, and their accreditation status should be periodically reviewed.
    6. Additionally, the Global Trust Registry (GTR) shall serve as a key governance tool at the international level. The GTR (to be maintained under the auspices of UN/CEFACT or a similar recognized international body) will function as a trusted directory of authoritative identity registers and accredited DIA issuers worldwide uncefact.github.io. Issuing authorities shall register their identity schemes and their issuer identifiers (e.g. DIDs or certificate info) in the Global Trust Registry, which will publish a whitelist of trusted issuers and the parameters of their identity schemes (such as the types of entities covered, assurance level, etc.) uncefact.github.iouncefact.github.io. This allows any verifier to quickly determine whether a given DIA comes from an accredited source and to retrieve the relevant metadata needed to validate it.
    7. The Global Trust Registry shall be governed with transparency and neutrality: it will have defined rules for adding, updating, or removing entries (for example, when a new national authority joins or when an issuer is found non-compliant and must be delisted).
    8. Changes to the trust registry should be auditable and communicated to all stakeholders to maintain consistency. Participation in the GTR by national authorities is voluntary but strongly encouraged to facilitate cross-border trust. In line with Article 27 of the UNCITRAL Model Law, authorities are encouraged to cooperate by sharing information and best practices regarding identity management and trust services uncitral.un.org. Mutual recognition of DIAs can be greatly expedited through such cooperation and the use of a common trust registry.

    Overall, public governance of the DIA ecosystem requires that ultimate oversight rests with public institutions or those accountable under law, ensuring that digital identity credentials remain reliable and aligned with public interest. Regular audits or assessments should be conducted on the DIA issuance processes and the security of the infrastructure (consistent with standards like those in the NIS Directive regime for critical information systems). The governance framework shall also include provisions for addressing disputes or challenges related to DIAs (for example, if an entity contests the revocation of its DIA or a relying party questions the validity of a foreign DIA, there should be a clear process for resolution, potentially involving the supervisory authorities of the relevant jurisdictions). By instituting strong governance and oversight, the standard ensures that DIAs maintain legal reliability comparable to traditional identity documents.

  9. Cross-Border Recognition:

    1. A valid DIA issued in one jurisdiction shall be recognized in other jurisdictions as evidence of the identity and registration status of the entity, under conditions that ensure trust and mutual confidence. In principle, the result of electronic identification by means of a DIA from another jurisdiction should be given the same legal effect as an equivalent domestic identity credential, provided that the following conditions are met:

      1. Reliable Issuer: The DIA is issued by an authority or provider that is accredited, supervised, or recognized under the originating jurisdiction’s laws as an official identity management or trust service provider for that type of identity. In other words, the issuer must be a trustworthy entity (for example, a government agency or a qualified trust service provider) and the DIA must be issued in accordance with a legal framework that ensures its reliability.

      2. Equivalent Assurance: The methods used to identify the entity and to issue the DIA provide an assurance level that is at least substantially equivalent to the assurance level required for a comparable domestic credential in the receiving jurisdiction uncitral.un.org. Equivalence of assurance may be determined by comparing identity proofing standards, credential security, and other relevant factors. If jurisdictions use formally defined Levels of Assurance (LoA) for electronic identification (such as “low”, “substantial”, “high” in EU eID frameworks), the foreign DIA should meet the receiving jurisdiction’s LoA at an equivalent or higher level for the intended use. Where different assurance frameworks are in use, a “substantial equivalence” test shall be applied uncitral.un.org, taking into account recognized international standards and guidance.

    2. When these conditions are satisfied, a relying party in the receiving jurisdiction shall not reject or downgrade the legal validity of the foreign DIA on the ground that it is foreign or electronically issued. In practice, this means that if an entity presents a DIA issued in Country A to a competent authority or business in Country B, and the above trust criteria are met, the DIA should be accepted as sufficient proof of the entity’s identity and registration status in Country B, equivalent to if the entity had presented a local certificate or identifier. Cross-border recognition may be facilitated through bilateral or multilateral arrangements. Jurisdictions are encouraged to enter into mutual recognition agreements or to participate in international trust frameworks whereby each party agrees to recognize the other’s DIAs and associated trust services eur-lex.europa.euuncitral.un.org. Such agreements can establish mappings of assurance levels, common security requirements, and procedures for handling any incidents or discrepancies. For example, the European Union may recognize DIAs from third countries as legally equivalent to its own qualified electronic attestations of attributes, if those third countries’ trust frameworks meet criteria of equivalence and reciprocity eur-lex.europa.eu.

  10. Limitations:

    1. Nothing in this clause prevents a jurisdiction from refusing to recognize a foreign DIA in exceptional circumstances. Recognition may be declined, on a case-by-case or framework basis, if it is determined that the foreign DIA or its issuer does not meet the fundamental requirements of the receiving jurisdiction for security or lawfulness – for instance, if the foreign framework lacks adequate data security, if the issuing process is insufficiently reliable, or if data protection standards are significantly lower eur-lex.europa.eu. Any such refusal of recognition should be based on transparent, objective criteria and, where applicable, communicated through the appropriate channels (e.g. notification via the trust registry or diplomatic channels) to inform all stakeholders. Moreover, jurisdictions may require that foreign DIAs be accompanied by an accessible translation or transliteration of key information if not in a mutually understood language, unless machine-readable data suffices. They may also impose reasonable requirements to verify the authenticity of the foreign DIA (such as checking the Global Trust Registry for the issuer’s entry, or requiring an apostille or similar legalization only if the electronic verification is not yet mutually established). Importantly, any additional checks or requirements for foreign DIAs should not contradict the principle of non-discrimination established in international electronic identification agreements – they should serve only to confirm the reliability of the credential, not to create unjustified barriers.

    In summary, under this standard, DIAs will enjoy broad cross-border recognition, which is crucial for enabling seamless international digital transactions. By adhering to common assurance levels and trust criteria uncitral.un.org, and through cooperation agreements, jurisdictions can trust each other’s digital identity attestations, thereby extending the “once-only” principle and the legal validity of electronic identity across borders. This cross-border recognition is underpinned by the UNCITRAL Model Law approach and instruments like eIDAS, which collectively seek to ensure that an electronic identification or trust service lawfully issued in one jurisdiction can be accepted in another under equivalently stringent conditions uncitral.un.orgeur-lex.europa.eu. All stakeholders shall act in good faith to uphold the reliability of cross-border DIAs, and competent authorities shall work together (through mechanisms described in clause 7 and via networks established by international agreements) to resolve any issues that arise in the cross-border use of DIAs.