Introduction

Building on existing international norms, the Principles were first developed and published in 2017 by a group of organizations committed to supporting the development of identification systems that are inclusive, trusted, accountable, and used to enhance people’s lives and the achievement of the Sustainable Development Goals (SDGs). Given the quickly evolving nature of the identification sector, the original signatories to the Principles committed to revisiting them to incorporate new perspectives and lessons learned. This second edition released in 2021 reflects inputs from this process and broader public consultations.

principles

Principles

Pillar 1: Inclusion

Legal identity for all. Everyone should be able to prove their legal identity. Countries must fulfill their obligations and commitments to provide legal identification to all residents—not just citizens—from birth to death, as reflected in international and domestic laws. This includes the obligation of universal birth registration for all children, which is essential for providing proof of legal identity from birth, and the timely registration of other vital events, such as marriages and deaths. It also includes the obligations and commitments to provide proof of legal identity to refugees, stateless persons, and migrants who do not have a valid credential or cannot otherwise prove their legal identity.  

Nondiscrimination. All identification systems should be free from discrimination in policy, in practice, and by design. This includes ensuring that legal frameworks; requirements and procedures to register, obtain, or use identification; and the data that are collected or displayed on credentials do not enable or reinforce discrimination against particular groups, such as those who may face increased risks of exclusion for cultural, political, economic or other reasons. Such groups include people living in poverty; women; children; rural populations; racial, ethnic, linguistic, and religious minorities; persons with disabilities; sexual and gender minorities; migrants; asylum seekers, refugees, and the forcibly displaced; and stateless persons among others. Furthermore, identification systems and data should never be used as a tool for discrimination or to infringe on or deny individual or collective rights.  

Direct and indirect costs. Costs to the individual must never be a barrier to obtain identity credentials required to fulfill rights or access basic services or entitlements. For example, civil registration and the initial issuance of birth and death certificates and other legal identity credentials should be free of charge for the individual. If fees are charged for certain additional services (such as reissuance of lost credentials), rates should be reasonable, proportional to costs incurred, and transparent to the public. The indirect costs of obtaining identification—including fees for supporting documents, travel costs, and cumbersome administrative procedures— must also be minimized.  

Information asymmetries. Stakeholders must work to reduce information and knowledge barriers and disparities that might prevent individuals— such as linguistic minorities, people with low literacy levels, persons with disabilities, and others—from accessing or using identification and foster a culture of trust and accountability by increasing literacy and sensitization around the system. Information and education campaigns and other materials must be inclusive and accessible to ensure that everyone has the knowledge, capacity, and tools they need to participate in the identification system and exercise their rights to oversight and control. 

Technology gaps. While technology is a key enabler of identification systems, no one should be denied identification or associated services and rights because they lack mobile or internet connectivity, electronic devices, digital literacy or digital skills, the comfort or ability to use certain technology, or because of technology biases or failures. Stakeholders should therefore work together to ensure that identification and authentication services are available and usable for everyone, regardless of digital resources, skills, or connectivity. Furthermore, accessible exception-handling procedures and grievance redress mechanisms are necessary to avoid denial of services or rights and in the case of technical difficulties.  

Inclusion by design. Identification systems should prioritize the needs and address the concerns of marginalized and vulnerable groups who are most at risk of being excluded and who are the most in need of the protections and benefits identification can provide. This requires working with communities to proactively identify legal, procedural, social, and economic barriers faced by particular groups, risks and impacts specific to these groups, and adopting appropriate technologies and mitigation measures to ensure that new or updated identification systems do not reinforce or deepen existing inequalities.

 

Pillar 2: Design

Uniqueness. An identification system provides a mechanism to establish and authenticate a unique identity when—within that system—each person has only one identity and no two people share the same identity. Uniqueness is particularly important within legal identification systems and others that support use cases requiring high levels of assurance, such as government-to-person (G2P) payments and voting. Importantly, uniqueness within a given system does not imply that there must be only one identity provider or system or a single permanent identifier (e.g., a unique ID number) used for all purposes in a country or jurisdiction.

Security. Identification systems must have adequate and effective safeguards against unauthorized access, tampering (alteration or other unauthorized changes to data or credentials), identity theft, misuse of data, cybercrime, and other threats occurring throughout the identification life cycle. Data must be protected at rest and in transit, including when people use their credentials, or including on personal devices. Security measures must include systems to raise awareness about safe utilization of the system and to notify data subjects in the case of data breaches, as well as recourse for identities that have been stolen or compromised and need to be reissued.

Accuracy. Ensuring that identity data are accurate and up-to-date is one of the core principles of data protection and a right of data subjects, and is also essential for the trustworthiness of the system. Identification systems should be designed to ensure accurate data collection and have user friendly procedures for people to view and update their data and correct errors to ensure accuracy over time. 

Responsiveness. Identification and authentication services should be designed
to meet people’s real needs and concerns. In addition, they should be
flexible, scalable, and useful for the public agencies and private sector entities
that rely on them for identification or authentication. This requires broad
stakeholder consultation and a people-centric, participatory approach—
including civil society, the public at large, service providers, and other relying
parties—beginning with the design process and continuing throughout
implementation.

Interoperability. Subject to laws and regulations on data sharing and appropriate
technical safeguards, including “privacy-by design” principles, the
ability of identification systems to communicate with other systems (e.g.,
civil registration systems and services providers) and exchange queries or
information facilitates services such as identity verification or attestations,
eKYC, other permissioned data sharing, and mutual recognition of identification
systems across borders.

Open standards. Designs based on open standards enable market-based competition and innovation. Open standards are essential for greater efficiency, improved functionality, and adaptability of identification systems, both within countries and across borders. 

Preventing vendor and technology lock-in. Good procurement processes facilitate competition, promote innovation, and prevent technology and vendor “lock-in,” which can increase costs and reduce flexibility to accommodate changes over time. Procurement processes should emphasize value for money, economy, integrity, fitness for purpose, efficiency, transparency, and fairness. Effective contract management will ensure that these benefits are sustained throughout implementation. 

Privacy by design approach. Identification systems must be designed to prioritize and protect data and privacy as the default setting without requiring any additional special action on the part of an individual. Personal data, including any data that are linked or linkable to an individual, must be protected from improper use proactively and by default through a robust legal and regulatory framework, system design, and the adoption of technical standards and operational controls.

Data protection principles in practice. The design, policies, and technology used by identification systems should comply with global norms for data protection, including data minimization and proportionality, purpose specification, lawful processing, strict limits on data retention, data accuracy, security, accountability, and transparency, among others. For example, identification systems should limit the collection and exposure of data—particularly sensitive personal information —including in credentials and the structure of identification numbers. Authentication protocols must disclose only the minimum data necessary to ensure appropriate levels of assurance and retain data only for as long as required for the purposes for which the data may lawfully be used, or for which consent has been given. These levels and the method of authentication should reflect an assessment of the level of risk in the transactions and should preferably be based on recognized international standards. Data rules and policies should be transparent and made available to people in a user-friendly format to facilitate knowledge of their rights and the processes available to exercise control or oversight of their data.

Sustainability. Identification systems should be designed for long-term fiscal and operational sustainability. This requires a transparent and outcomes-based approach to design to ensure that the system is fit-for purpose and makes sustainable management and technical choices, and the adoption of business models that ensure the longevity of the system without compromising other Principles. Fees for identification services can create barriers to access, inclusion for individuals, and adoption for service providers. Efforts to recuperate costs through efficiency gains and reduced leakages must also weigh fiscal savings goals against the potential for increasing exclusion errors. Identification systems should be designed to incentivize high standards of performance for all parties involved.

Pillar 3: Governance

Legal and regulatory frameworks. Identification systems must be underpinned by legitimate, comprehensive, and enforceable legal and regulatory frameworks and strong policies that promote trust in the system; ensure data protection and privacy (including cybersecurity); mitigate abuse such as unauthorized surveillance in violation of due process; are free from discrimination and promote inclusion, particularly for vulnerable or marginalized groups; and ensure accountability. Legal frameworks should be clear in delineating liability and recourse for individuals and should be overseen by independent regulatory bodies with appropriate powers and consistent funding. They should also protect people against inappropriate access and use of their data for undue surveillance or unlawful profiling. Frameworks require a balance between regulatory and self-regulatory models that does not stifle competition, innovation, or investment. Appropriate legal and regulatory frameworks are also required for cross-border interoperability or mutual recognition. 

Rights of data subjects. Identification services should provide people with genuine choice and control over the collection and use of their data, including the ability to selectively disclose only those attributes that are required for a particular transaction. People should be given a simple means to have inaccurate data corrected free-of-charge and to obtain a copy of their personal data. Personal data should not be used for secondary, unconnected purposes without a person’s informed consent, unless otherwise required or authorized under law (for example, as may be necessary and proportionate). Identity providers and other stakeholders should be transparent about identity management; develop appropriate resources to raise people’s awareness of how their data will be used; and provide accessible and user-friendly tools to manage their data, provide informed consent, and address grievances. Identity providers should ensure that the initial process to correct errors is administrative rather than judicial in order to increase speed of resolution and reduce costs. Data sharing arrangements should also be transparent and fully documented.  

Institutional mandates. Legislation, regulation, and trust frameworks must establish and regulate comprehensive governance arrangements for identification systems and providers domestically and—if applicable—internationally. This should include specifying the terms and conditions governing the institutional relations among participating parties, so that the rights and responsibilities of each are clear to all.  

Accountability. There should be clear accountability and transparency around the roles and responsibilities of all entities involved in building, operating, managing, and overseeing identification systems.  

Oversight. the use of identification systems should be independently monitored (for efficiency, transparency, exclusion, misuse, etc.) to ensure that all stakeholders comply with applicable laws and regulations, appropriately use identification systems to fulfill their intended purposes, monitor and respond to potential data breaches, and receive individual complaints or concerns regarding the processing of personal data. Regulators should be sufficiently resourced and empowered to discharge their statutory responsibilities.

Adjudication. Disputes regarding identification and the use of personal data—for example, refusal to register a person or to correct data, or an unfavorable determination of a person’s legal status—that are not satisfactorily resolved by identity providers should be subject to a rapid and low-cost review by independent administrative and judicial authorities with the authority to provide suitable redress without adding barriers for the individual.

Scope and Definitions

These Principles are intended to apply broadly to the creation and use of identification systems to advance development goals. Because of their central role in realizing individual rights and facilitating access to basic services and entitlements in the physical and digital worlds, the focus of the Principles is on “official” identification systems provided by, on behalf of, or recognized by governments. See the full text of the Principles for more a detailed explanation and examples of the types of identification systems this includes.  

Endorsing Organizations

Endorsing Organizations