Skip to main content

Principles of the trust framework

These principles help to shape the trust framework, which sets out how accredited digital identity services should work in New Zealand.

Principles for an effective trust framework

The principles inform the rules and regulations. Digital identity service providers should strive to follow these principles.

The principles should be treated as in draft while the rules and regulations that will support the trust framework continue to be developed.


The rights and needs of people are of the highest importance, though not to the exclusion of the needs of other entities involved in the digital identity environment.

Key measures

  • People’s participation in the use of digital identity services is voluntary, with the right to opt out without penalty.
  • Digital identity services are convenient and straightforward for people to use.
  • People retain control over their information in line with legislative requirements, including the Privacy Act .


The trust framework aims to create a digital identity environment that is accessible and inclusive. Everyone has a right to choose whether they use digital identity services.

Key measures

  • The digital identity environment reflects the needs and requirements of a broad range of stakeholders.
  • Barriers to participation in digital identity services, whether they be social, financial or technical, are minimised without compromising security or privacy.
  • Everyone is able to use digital identity services without risk of discrimination or exclusion.


Everyone has the right to expect that personal and organisational information will be stored, shared and used in a secure manner within the digital identity environment.

Key measures

  • Systems and services are designed with the security of information in mind.
  • Technology design, operational controls and regulations governing the use of personal and organisational information safeguard it from breaches, corruption or loss.


Privacy is a critical part of digital identity services. Everyone’s privacy must be respected.

Key measures

  • Approaches to privacy are proactive and preventative.
  • Privacy is embedded in the design and maintenance of systems and services.
  • There are no gaps in either protection or accountability — privacy is continuously protected.
  • Obligations are met regarding the legislative requirements of the Privacy Act .

Enabling te ao Māori approaches to identity

The digital identity environment is inclusive of Māori perspectives of identity and enables the needs and aspirations of Māori to be achieved.

Key measures

  • Māori participate equitably in the digital identity environment.
  • Māori perspectives and approaches to identity are enabled by the digital identity environment.
  • The digital identity environment is developed and maintained in partnership with Māori.
  • Māori are supported in leadership and decision-making roles to ensure Māori perspectives of data and identity are embedded in the digital identity environment.


The digital identity environment must be designed and maintained in a manner that supports its technical, social, and economic sustainability in the long term.

Key measures

  • The digital identity environment generates value — for example, social, economic or fiscal — for those involved.
  • Systems and services are sufficiently flexible to adapt to change — for example, social licence, government priorities, emerging technologies or regulatory developments — and support innovation.
  • Systems and services are scalable, or able to be altered in size, in order to enable people-centred outcomes.


Personal and organisational information should be able to be re-used across services, sectors and geographies without security or privacy being undermined.

Key measures

  • Common approaches such as open standards, frameworks or best practice guidelines are used to ensure consistency and facilitate interoperability nationally and internationally.
  • Barriers to interoperability such as proprietary technology or the lack of portability of personal and organisational information are minimised.
  • Consultation and collaboration occur between the public sector, private sector, Treaty partners, the wider community and international partners to identify and address interoperability issues.

Open and transparent

The digital identity environment is maintained in an accessible, responsive and accountable manner.

Key measures

  • It’s clear how personal and organisational information is stored, used and shared, and for what purpose.
  • The rules and standards governing the digital identity environment are available to all.
  • Government is accountable to the public for its role in the digital identity environment.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated