- TRUST FRAMEWORK FOR DIGITAL IDENTITY
- Trust Framework Authority
- Share your information in a digital format
- Benefits of using digital identity services
- Trust Framework Authority accreditation mark
- Trust Framework legislation
- Administering bodies
- Trust Framework Register
- Accreditation & maintenance
- Forms and guidance
- Independent evaluators
- Resources
- Make a complaint
Accreditation of digital identity providers and services
Information for providers applying for accreditation of digital identity services, including the application process.
The application process
The Digital Identity Services Trust Framework Act 2023 sets out a legal framework for providing secure and trusted digital identity services in Aotearoa New Zealand.
It also establishes the Digital Identity Services Trust Framework Authority (Trust Framework Authority) as the regulator for accredited digital identity service providers in Aotearoa New Zealand.
There are four components to the accreditation assessment:
- Independent evaluations of privacy, security and conformance with the NZ Identification Standards
- the application form
- a demonstration of services (if required), and
- a question and answer session (if required).
Applicants are encouraged to contact the Trust Framework Authority at TFA@dia.govt.nz to discuss their application prior to starting.
Who checks and approves the applications
The Trust Framework Authority administers the accreditation process for providers of digital identity services.
What the Trust Framework Authority checks — requirements
To be accredited, providers must demonstrate that the service/s they deliver meet the requirements of the:
- Digital Identity Services Trust Framework Act 2023 — New Zealand Legislation website
- Digital Identity Services Trust Framework Regulations 2024 — New Zealand Legislation website
- Digital Identity Services Trust Framework Rules 2024 (PDF, 274KB)
- Identification standards - Digital Government website
All application templates and guidance can be found on the forms and guidance web page.
About the application form
Providers seeking accreditation under the Act must complete the Digital Identity Services Trust Framework Authority application form.
The form requires you to gather evidence to show your service meets the Digital Identity Services Trust Framework Act Regulations and Rules. It should be read and completed in conjunction with the Trust Framework Authority application guidance for providers.
A quick checklist is also included, to support providers with their application.
The application form is structured as follows:
- questions about the provider
- questions about the services for which the accreditation is sought
- documents to provide
- declarations.
There are four key areas for the assessment
The Trust Framework Authority will review and assess your application. The Trust Framework Authority will assess the following four areas:
1 — Provider
An assessment of the provider, including their operational capability, confirming they meet the requirements set out in the Act, Regulations and Rules.
2 — Identification management
Independent evaluation
An independent evaluation of the digital identity service against the New Zealand Identification Standards completed by the identification team at the Department of Internal Affairs.
Trust Framework Authority Assessment
The Trust Framework Authority will complete a service assessment. This requires a detailed description of the service, provision of specified documentation and a live demonstration of the digital identity service. The provider may also be invited to a question and answer session to answer questions in relation to the application.
3 — Privacy
An independent evaluation of the provider’s compliance with the privacy-based rules and information privacy principles of the Privacy Act 2020.
4 — Security
An assessment of the provider’s compliance with the rules for security, information and data management, using relevant standards where applicable.
Successful accreditation
If accredited, you can deliver the accredited service(s) under the Trust Framework and display an accreditation mark in relation to each accredited service.
Trust Framework Authority monitors compliance and performance
During accreditation, the Trust Framework Authority will monitor provider compliance and the performance and effectiveness of the accreditation regime. The Trust Framework Authority will recieve and assess any complaints, and also has the power to investigate breaches and issues of non-compliance with the Act, Rules and Regulations.
When to renew your accreditation
Accreditation of a Trust Framework provider or service expires three years after the date accreditation was granted by the Trust Framework Authority.
Notification of changes to your application
Providers are required to inform the Trust Framework Authority of when a change takes place to information provided in the application. It is an offence under section 33 of the Digital Identity Services Trust Framework Act 2023 to fail to tell the Trust Framework Authority of changes to key information or specified information. Notification must be within 5 working days of a change.
