The Department of Internal Affairs

Department of Internal Affairs | Te Tari Taiwhenua

Building a safe, prosperous and respected nation



 

Trust Framework legislation

Measures are in place to protect the information of people, businesses and organisations.

  • Rules and regulations

    Providers must show they meet these rules and regulations to become accredited with the mark under the Trust Framework for Digital Identity Services.

  • Administering bodies

    Administering bodies are decision-making bodies under the Digital Identity Services Trust Framework Act 2023. Each group has a role in making sure the digital identity environment is effective.

  • Legislation

    Legislation for digital identity services makes it easier for New Zealanders to safely share information when accessing online and in-person services.

Rules for digital identity services

The Trust Framework Rules establish the technical and operational requirements that digital identity service providers need to comply with to achieve and maintain accreditation by the Trust Framework Authority. The Minister approves the rules on the recommendation of the Trust Framework Board.

The Trust Framework Rules

The Trust Framework Rules are split into several categories. To become accredited, digital identity service providers must meet the relevant rules for the service(s) they offer. This can be more than one category of rules depending on what that service is. The categories are:

Identification management

Determining the accuracy of information, binding that information to the correct individual or organisation, and enabling the secure reuse of the information.

Privacy and confidentiality

Maintaining the privacy and confidentiality of the information of individuals and organisations.

Security

Ensuring that information is secure and protected from unauthorised modification, use, or loss.

Information and data management

Record-keeping and management of personal and organisational information, to ensure information is well and ethically managed.

Sharing and facilitation

The sharing of information with relying parties, including authorisation processes. 

Trust Framework Rules consultation process

Section 18 of the Digital Identity Services Trust Framework Act empowers the Trust Framework Board to recommend updates to the rules to the Minister.

The rules are amended approximately twice-yearly to keep up with technical and other rapid changes in the digital ecosystem. This is to ensure the rules remain relevant for providers of digital identity services. Below are indicative timelines for amending the rules, although sometimes urgent updates are required outside of these timelines.

Indicative timelines for rules amendments: Diagram shows Indicative timelines for rules amendments. Bi-annual Amendment One has the following timelines: Scoping and drafting – November to February, Rules consultation – March, Approved by Minister – May, In force – June. Bi-annual Amendment Two has the following timelines: Scoping and drafting – May to August, Rules consultation – September, Approved by Minister – November, In force – December.

To ensure the rules remain fit-for-purpose, and given the technical nature of the rules, the Trust Framework undertakes targeted consultation with those likely to interact with the rules. If you or your organisation would like to be involved in providing feedback on future amendments to the rules, please email distf@dia.govt.nz

 

Regulations for digital identity services

Digital Identity Services Trust Framework Regulations 2024 (SL 2024/197) – New Zealand Legislation website

Back to Top