3. Key Decisions

After completing the analysis detailed in the Planning Roadmap, practitioners will have valuable information needed to make key decisions regarding the design of the ID system. This includes high-level policy and design decisions that will shape the overall architecture of the system and set the stage for the next level of technical specification and process design.

Table 18 summarizes these key decisions according to a variety of topics that are discussed in more detail in Section III. Importantly, the order listed below is not meant to imply a sequence; these decisions are interdependent and should be made holistically.

Table 18. Examples of Key Decisions for ID systems

Section III. Topic Key Decisions

Legal framework

Which policies, laws, and regulations need to be amended or updated to enable and safeguard the ID system? Which new policies, laws, and regulations are needed?

Public Engagement

How will the public be consulted during the planning phase and implementation? How will they be informed about the rollout and requirements of the ID system? How will the system correct errors and address grievances?


What will the institutional home, governance, and business model of the ID system be? What roles with the ID authority and other actors play (including the private sector) play?

Privacy & Security

What privacy- and security-enhancing technologies and operational controls will be built into the ID system from its inception to implement, enforce, and enhance the legal and management controls specified in the legal framework?


What biographic data will be collected by the system? What (if any) biometric data will be collected?

IT Systems

Where will ID data be stored? What hardware, software, and applications will be used?

Registration & Coverage

Who will be eligible to enroll in the ID system? What strategies and timelines will be used for identity registration, updating, and outreach to vulnerable groups? How will identity proofing be carried out?

Credentials & Authentication

What structure will be used for unique ID numbers? What other types of credentials (if any) will be issued, and how? What authentication mechanisms will be adopted for different levels of assurance?


With which systems is the ID system required to interoperate, and how will interoperability be achieved? How will ID and CR systems be linked?


Which standards, including for technology, data, security, and more, will be used throughout the identity lifecycle?