The trust framework will address gaps in regulation and assist the development of trusted, people-centred digital identity services.

The framework applies to service, technology and information providers who want to provide digital identity services.

Progress through Parliament

In September 2021, the Digital Identity Services Trust Framework Bill was introduced into Parliament.

In March 2023 the bill passed its third and final reading. It was given Royal Assent, where the Governor-General formally signs the bill into law, in April 2023.

The Act comes into force on 1 July 2024. It is anticipated that the accreditation process will be available later in the year.

Read the Digital Identity Services Trust Framework Act here:

Digital Identity Services Trust Framework Act 2023 No 13, Public Act Contents — New Zealand Legislation

Aims of the Act

The Digital Identity Services Trust Framework Act (the Act) aims to promote the provision of secure and trusted digital identity services that meet essential minimum requirements for security, privacy, identification management and interoperability. It also aims to support community resilience and realise the wider benefits of digital identity.

The Act establishes:

• a governance board as a public service authority within a public service department
• an accreditation authority within a public service department
• a liability framework subject to the development of the rules
• the offences and penalties for the Trust Framework
• infringement notices
• the accreditation authority′s ability to recover costs
• a disputes resolution process.

The Trust Framework Authority

The Act includes a requirement for the Trust Framework Authority (TF Authority) to be established. Work to establish the TF Authority is underway, led by the Digital Identity Regulator Establishment Programme within the Department of Internal Affairs.

The TF Authority will:

• establish, administer and maintain an accreditation regime for digital identity service providers and services
• monitor the performance of the regime
• receive and assess complaints
• investigate any breaches of the Trust Framework rules.

Read more about the TF Authority in the Act:

Digital Identity Services Trust Framework Act 2023 No 13, Public Act 58 TF authority established – New Zealand Legislation

Draft Trust Framework rules

The rules apply minimum requirements across 5 categories:

• Identification management — defining how a user can be identified and authenticated so that they may have access to systems and services.
• Information and data management — defining how information is administered and determining the use, management and protection of data.
• Security and risk management — reducing and mitigating risks relating to the creation and sharing of information in a digital manner.
• Privacy requirements — includes the incorporation of requirements under the Privacy Act 2020.
• Sharing and facilitation requirements — includes consideration of the consent and delegation models to be used.

The rules will focus on incorporating existing standards and requirements that need to be met to provide a trusted environment for those operating within the digital identity system.

A development and testing group of public and private membership, and including Māori partners, is providing feedback on initial draft rules.

Te Ao Māori and Te Tiriti o Waitangi perspectives and requirements will be embedded in each category.

Cabinet decisions

In July 2020, Cabinet agreed to establish the Digital Identity Trust Framework in legislation.

Progressing Digital Identity: Establishing a Trust Framework (PDF 2.2MB)

In February 2021, Cabinet approved policy proposals that underpin the Digital Identity Trust Framework, including the establishment of an Accreditation Authority and Governance Board.

In May 2021, Cabinet released detailed policy information about the Bill’s development.

Detailed Policy for a Digital Identity Trust Framework Bill (PDF 5.4MB)