Pillar 2: Design

In addition to providing universal coverage, ID systems should be robust to fraud and error, useful for a variety of stakeholders, and sustainable over time. ID system design must also protect user privacy and adopt open standards to facilitate innovation, interoperability, and vendor and technology neutrality.

Principle 3. Establishing a robust—unique, secure, and accurate—identity.

Principle 3 highlights that accurate, up-to-date information is essential for the trustworthiness of any identification database and credentials used for authentication. Foundational ID systems should provide a unique identity that is verifiable over the course of a person’s life, from birth to death—i.e., within a given foundational ID system, each person should have only one identity, and no two people should have the same identity. In addition, ID systems must have safeguards against tampering (alteration or other unauthorized changes to data or credentials), identity theft, data theft and misuse, cybercrime and other threats occurring throughout the identity lifecycle.

Principle 4. Creating a platform that is interoperable and responsive to the needs of various users.

Principle 4 highlights the need for identification and authentication services to be flexible, scalable, and meet the needs and concerns of people (end-users) and relying parties (e.g., public agencies and private companies). To ensure that identity-related systems and services meet specific user needs, practitioners should engage the public and important stakeholders throughout planning and implementation. The value of ID systems to relying parties is highly dependent on their interoperability with multiple entities, both within a country and across borders. Domestically, this includes the ability of different databases or registries (e.g., national ID and civil registration systems) to communicate with each other, exchange data, and facilitate identity queries in a timely and low-cost manner (e.g., via open APIs), subject to appropriate privacy and security safeguards. It also includes interoperability across borders to facilitate mutual recognition of physical or digital IDs issued by one country in other countries, which can increase trade and enable safe and orderly migration.

Principle 5. Using open standards and ensuring vendor and technology neutrality.

Principle 5 further emphasizes the need for vendor and technology neutrality to increase flexibility and avoid system design that is not fit for purpose or suitable to meet policy and development objectives. This requires robust procurement guidelines to facilitate competition and innovation and prevent possible technology and vendor “lock-in,” which can increase costs and reduce flexibility to accommodate changes over time. In addition, open design principles enable market-based competition and innovation. They are essential for greater efficiency and improved functionality of identification systems, and for interoperability. Similarly, open APIs also support efficient data exchange and portability by ensuring that a component of the ID system can be replaced with minimal disruption.

Principle 6. Protecting user privacy and control through system design.

In addition to architecture that is responsive and flexible, Principle 6 emphasizes that ID systems must protect people's privacy and control over their data through system design. Designing with people’s privacy in mind means that no action should be required on the part of the individual to protect his or her personal data. Information should be protected from improper and unauthorized use by default, through both technical standards and preventative business practices. These measures should be complemented by a strong legal framework (as emphasized in Principle 8).

For example, data collected and used for identification and authentication should be fit for purpose, proportional to the use case, and managed in accordance with global norms for data protection, such as the OECD’s Fair Information Practices (FIPs) and with reference to emerging international good practices, such as the European Union’s General Data Protection Regulation (GDPR). Authentication protocols should only provide “yes or no” confirmation of a claimed identity or—if mandated by law such as Anti-Money Laundering regulations (AML) related to Customer Due Diligence (CDD) or Know Your Customer (KYC)—only disclose the minimal data necessary for the transaction. The method of authentication should reflect an assessment of the level of risk in the transactions and can be based on recognized international standards and frameworks for levels of assurance. Credentials and numbering systems should not unnecessarily contain or disclose sensitive personal information (e.g., use randomized numbers without any logic).

Principle 7. Planning for financial and operational sustainability without compromising accessibility

Principle 7 recognizes the importance of designing systems that are financially and operationally sustainable while still maintaining accessibility for people and relying parties. This may involve different business models including reasonable and appropriate service fees for identity verification, offering enhanced or expedited services to users, carefully designed and managed public-private partnerships (PPPs), recuperating costs through efficiency and productivity gains and reduced leakages, and other funding sources. It also includes potential linkages between civil registration and ID systems, which can ensure the integrity of the system over time without the need for costly re-registration efforts by notifying the system of life events (e.g., deaths) automatically.