Skip to main content

GRID Legal Governance and Target Operating Model

ODP Stage 3: Draft Development

This document forms part of the project deliverables. This version is a draft and under development and review. When finalised, it will be one of the deliverables for the project.

1. Executive Summary

This document summarises the proposed governance, operating and commercial model for the Global Registrar Information Directory (GRID).

The GRID is anticipated to be a UN-hosted, decentralized "Registry of Registries" designed to facilitate global trade by providing a trusted discovery layer for the trade relevant Registers maintained by the Authoritative Registrars of UN Member States.

The GRID supports a two-tier trust stack, discovery and verification:

  1. Discovery:

    • GRID Participants: The GRID provides a trustworthy directory where UN Member States list their eligible and participating Authoritative Registrars to ensure global findability.

  2. Verification:

    • GRID entries: For Registrars that support the capability, the GRID provides cryptographic proof that a Register's entry has been maintained by the Authoritative Registrar
    • Registered Entities: Registrars who issue a UNTP DIA 1 to their register entities enable cryptographic verification of their registrations. See UNTP Specification 1

This document provides an overview of the key operating principles proposed for the GRID.

Appendix A of this document provides a more formal description of some key clauses and protections.

Please check the Glossary for specific meanings of terms.

2. Governance Structure: The GRID Board

2.1 Governance Model

Following the ICAO PKD precedent 2, the GRID will be governed by its participants as follows:

  • The GRID Board: Composed of representatives from participating UN Member States. The Board oversees the budget, approves the annual fee schedule, and sets technical standards. In addition, the GRID board confirms any changes to the GRID eligibility criteria, including the trade relevant type(s) of register (organisation, land, maritime, etc.) to be included in the GRID.

  • The Secretariat (e.g. UNECE/UN/CEFACT): Provides policy oversight and ensures alignment with UN mandates.

  • The Technical Operator (e.g. UNICC): Manages the hosting, security, and "Harvester" infrastructure on a cost-recovery basis.

The Board SHALL maintain a Dispute Resolution Committee to adjudicate challenges to Registrar eligibility or data integrity.

3. The Operating Model

The proposed approach is based on the successful ICAO PKD model3 for sustainability.

3.1 Financial Model: Cost-Recovery

The GRID is to be budget-neutral for the United Nations. It will be funded via an Operational Fund supported by its members.

  • High value / low operating cost principle: The GRID design is intended to deliver maximum value with minimal infrastructure and complexity

  • Membership Fee Logic: The annual fee is calculated by dividing total operating costs (hosting, security, administration) by the number of participating registrars.

  • The Efficiency Dividend: As membership grows, the individual cost per participating UN Member State decreases.

3.2 Operational Resilience

The GRID provides an authoritative, global, decoupled reference layer. This means that:

  • Registrars maintain 100% control over their local data and infrastructure.

  • The GRID only "harvests" metadata (Registrar description, Public Keys and Endpoints) required for discovery and authentication of Registrars.

  • If the GRID Hub is offline, national registry operations remain unaffected.

4. Admission and Eligibility Requirements

Note that application and participation in the GRID is voluntary.

To be included in the GRID, an applicant MUST meet the following Eligibility Requirements.

4.1 Registrar Eligibility

  1. The applicant MUST be an Authoritative Registrar of a UN Member State and MUST be legally responsible for maintaining one or more Registers.

4.2 Scope of Application

  1. The application MUST specify the Register or Registers covered by the application.

4.3 Authoritative Status (Mandatory)

  1. The applicant MUST provide a link to the national legislation, regulation, or other formal legal instrument showing that the applicant is designated or otherwise recognised as the Authoritative Registrar responsible for the Register or Registers covered by the application.

4.4 Accountability

  1. The applicant MUST designate a Point of Contact (PoC) responsible for the accuracy of the metadata listed in the GRID.

4.5 GRID Recognised Trade Relevant Data

  1. The applicant MUST maintain one or more Registers that contain trade relevant data recognised by the GRID.

5. Inclusive Maturity Model

As part of its support for SDG17 4, The GRID supports an Inclusive Maturity Model. This means that Registrars of varying levels of digital maturity are able to participate if they meet the eligibility criteria. Three levels of participation are given as examples:

  • Level A (Baseline - GRID Listing): Requires the ability to provide stable metadata and a link to a legal basis. Updates are ad-hoc through established UN channels and representatives for the Member State. The Register may or may not be accessible as a digital artefact but the mechanisms of registration MUST be described.

  • Level B (Signed and harvested GRID data): Requires level A and the capability to maintain and publish cryptographically signed data about the Register for harvesting and inclusion in the GRID.

  • Level C (Advanced - digitally signed GRID and DIA Issuance): Requires level B and the ability to issue Digital Identity Anchors (DIAs) to successful register applicants as per UNTP specifications 1.

6. Onboarding Applicants

  1. Application: The prospective Registrar submits an application via the GRID portal.

  2. Vetting: The GRID Secretariat verifies eligibility (authoritative status, UN Member State sponsorship, legal basis, relevant trade data etc.)

  3. GRID Board Approval: New entries are ratified by the Board (or a delegated committee).

  4. Integration: Registrar provides their Registrar Data together with Public Key (for harvested GRID metadata) and, if appropriate, DIA public key(s).

    • The GRID "Harvester" adds the node to the global directory either as a manually maintained entry, or as an automatically harvested entry.

  5. Fee Commencement: The Registrar pays the pro-rata annual membership fee into the Operational Fund.

7. GRID and Participant Safeguards

7.1 Data Sovereignty

Participation in the GRID does not grant the UN or any third party ownership or control over national registry data. GRID participants retain the right to withdraw from the GRID at any time, which will result in the removal of their metadata from the discovery layer.

7.2 Limitation on Liability

The GRID is a discovery service and the UN/Technical Operator are not liable for the accuracy of participant supplied data or trade transactions that rely on participant supplied or issued data.

A.1. Limitation of Liability and Indemnification

  1. Service Nature: The GRID is provided as a "Discovery and Reference" service. While the Technical Operator (UNICC) and Secretariat (UNECE) shall exercise due diligence in the maintenance of the directory, the United Nations assumes no responsibility for the accuracy of the data provided by Authoritative Registrars or the validity of subsequent trade transactions.

  2. Hold Harmless: Participating UN Member States and their Registrars agree to indemnify and hold harmless the United Nations, its officials, and its technical partners from any claims, losses, or damages arising from the use of the GRID or the issuance of DIAs.

  3. No Warranty: The GRID is provided on an "as-is" and "as-available" basis. No warranty of any kind, express, implied, or statutory, including but not limited to the warranties of non-infringement of third-party rights, title, or fitness for a particular purpose, is given.

  1. UN Privileges and Immunities: Nothing in this Governance Model or the operation of the GRID shall be deemed a waiver, express or implied, of any of the privileges and immunities of the United Nations, including its subsidiary organs.

  2. Sovereign Authority: The inclusion of a Registrar in the GRID does not constitute an endorsement of a UN Member State's domestic policies or legal system. It is a technical recognition of the Registrar’s role as the authoritative source of data for its jurisdiction.

A.3. Intellectual Property and Open Standards

  1. Open Source Mandate: All software, schemas, and protocols developed specifically for the GTR/GRID project shall be released under an open-source license (e.g., Apache 2.0 or MIT) to ensure transparency and prevent vendor lock-in.

  2. Registry Data: The intellectual property of the data contained within the registries remains with the respective UN Member States. The GRID merely provides the metadata required for global discovery.

A.4. Termination and Withdrawal

  1. Voluntary Exit: A participating UN Member State may withdraw from the GRID at any time by providing thirty (30) days' written notice to the Secretariat.

  2. Effect of Withdrawal: Upon the effective date of withdrawal, the Registrar’s metadata and public keys will be removed from the active GRID discovery layer. Previously issued DIAs may remain cryptographically valid but the Registrar who issued them will no longer be "discoverable" or "verified" via the GRID.

  3. Outstanding Fees: Withdrawal does not exempt a participant from paying outstanding pro-rata membership fees for the current billing cycle.

A.5. Dispute Resolution

  1. Amicable Settlement: The parties shall use their best efforts to settle amicably any dispute, controversy, or claim arising out of the GRID governance or operations.

  2. Arbitration: Any dispute which is not settled as provided in the paragraph above shall be referred by either party to arbitration in accordance with the UNCITRAL Arbitration Rules2. The decisions of the arbitral tribunal shall be based on general principles of international commercial law.

A.6. Compliance with Data Protection Principles

  1. Minimum Necessary Data: The GRID shall adhere to the UN Principles on Personal Data Protection and Privacy5.

  2. Authoritative Registrars are responsible for privacy of their register data. Authoritative Registrars participating in the GRID are responsible for meeting their UN Member State privacy regulations and relevant international regulations. This includes where consent needs to be obtained from individuals prior to collecting and processing personally identifiable information (PII); and where consideration needs to be given to the means by which individuals keep track of such content. Authoritative Registrars are encouraged to consider adopting international standard ISO 275606 when addressing these issues.

  3. Non-Commercialization: The GRID metadata and registry endpoints shall not be used for commercial profiling, advertising, or any purpose other than the facilitation of transparent and trustworthy global trade.

Footnotes

  1. UNTP: For the technical specifications of the Digital Identity Anchor. See https://untp.unece.org/ 2 3

  2. UNCITRAL MLIT: For the legal recognition of identity management and trust services across borders. See https://uncitral.un.org/en/mlit 2

  3. ICAO PKD: As an example of a self-sustaining, cost-recovery financial and governance model. See https://www.icao.int/icao-pkd

  4. SDG 17: Strengthen the means of implementation and revitalize the Global Partnership for Sustainable Development. See https://sdgs.un.org/goals/goal17

  5. UN Principles on Personal Data Protection and Privacy. See https://unsceb.org/privacy-principles

  6. ISO/IEC TS 27560:2023 Privacy technologies — Consent record information structure. See https://www.iso.org/standard/80392.html