- TRUST FRAMEWORK FOR DIGITAL IDENTITY
- Share your information in a digital format
- Benefits of using digital identity services
- Trust Framework Authority
- Trust Framework Authority accreditation mark
- Purpose of the trust framework
- Key concepts and principles
- Trust Framework Legislation
- Trust Framework Governance
- Trust Framework Register
- Accreditation of digital identity providers
- Independent evaluators
- Forms and guidance
- Make a Complaint
Accreditation of digital identity providers and services
Information for providers applying for accreditation of digital identity services, including the application process.
The application process
The Digital Identity Services Trust Framework Act 2023 sets out the legal framework for providing secure and trusted digital identity services in Aotearoa.
It also establishes the Digital Identity Services Trust Framework Authority (Trust Framework Authority) as the regulator for accredited digital identity service providers in Aotearoa.
There are four components to the accreditation assessment:
- Independent evaluations of privacy, security and conformance with the NZ Identification Standards
- the application form
- a demonstration of services, and
- a question and answer session (if required).
Applicants are also encouraged to contact the Trust Framework Authority at TFA@dia.govt.nz to discuss their application prior to starting.
Who checks and approves the applications
The Trust Framework Authority administers the accreditation process for providers of digital identity services.
What the Trust Framework Authority checks — requirements
To be accredited, providers must demonstrate that the service/s they deliver meet the requirements of the:
- Digital Identity Services Trust Framework Act 2023 — New Zealand Legislation website
- Digital Identity Services Trust Framework Regulations 2024 — New Zealand Legislation website
- Digital Identity Services Trust Framework Rules 2024 (PDF, 274KB)
- Identification standards - Digital Government website
All application templates and guidance can be found on the templates and guidance web page.
About the application form
Providers seeking accreditation under the Trust Framework must complete the Digital Identity Services Trust Framework Authority application form.
The form requires you to gather evidence to show your service meets the Digital Identity Services Trust Framework legislation regulations and rules. It should be read and completed in conjunction with the Trust Framework Authority application guidance for providers.
A quick checklist is also included, to support providers with their application.
The application form is structured as follows:
- questions about the services you are applying for
- questions about the provider
- documents to provide
- declarations.
There are four key areas for the assessment
The Trust Framework Authority will review and assess your application. The Trust Framework Authority will assess the following four areas:
1 — Provider
An assessment of the provider’s operational capability, confirming they meet the requirements set out in the legislation, regulations and rules.
2 — Identification management
An independent evaluation of the digital identity service against the identification standards.
The Trust Framework Authority will complete a service assessment. This includes a detailed description of the service, a live demonstration of the digital identity service, and supplying specified documentation. The provider may also be invited to a question and answer session to answer questions in relation to the application.
3 — Privacy
An independent evaluation of the provider’s compliance with the privacy-based rules and information privacy principles of the Privacy Act 2020.
4 — Security
An assessment of the provider’s compliance with the rules for security, information and data management, using relevant standards where applicable.
Successful accreditation
If accredited, you can deliver the accredited service or services under the Trust Framework and display an accreditation mark that applies to each accredited service.
Trust Framework Authority monitors compliance and performance
During accreditation, the Trust Framework Authority will monitor provider compliance and the performance and effectiveness of the accreditation regime. The Trust Framework Authority also has the power to investigate breaches and issues of non-compliance with the legislation, rules and regulations.
When to renew your accreditation
Accreditation of a Trust Framework provider or service expires at the end of the period set by regulations, currently proposed to be three years after the date accreditation was granted by the Trust Framework Authority.
