Draft UNCITRAL Model Law on Identity Management and Trust Services
undefined
U
N
C
I
T
R
A
L
d
r
a
f
t
m
o
d
e
l
l
a
w
o
n
I
d
M
a
n
d
t
r
u
s
t
s
e
r
v
i
c
e
s
L
u
c
a
C
a
s
t
e
l
l
a
n
i
U
N
C
I
T
R
A
L
S
e
c
r
e
t
a
r
i
a
t
T
h
e
v
i
e
w
s
e
x
p
r
e
s
s
e
d
a
r
e
t
h
o
s
e
o
f
t
h
e
a
u
t
h
o
r
a
n
d
d
o
n
o
t
n
e
c
e
s
s
a
r
i
l
y
r
e
f
l
e
c
t
t
h
e
v
i
e
w
s
o
f
t
h
e
U
n
i
t
e
d
N
a
t
i
o
n
s
a
n
d
o
f
U
N
C
I
T
R
A
L
The draft UNCITRAL Model Law on IdM and Trust Services
UNCITRAL WG IV has prepared a model law on the use and cross-
border recognition of IdM and trust services
•
Project started in 2017 at the request of certain EU member
States and with a broad scope:
–
build on shared principles and terminology to provide a uniform
legal treatment for:
•
private and public IdM systems and schemes
•
a broad range of trust services
•
Respects general principles of commercial and e-commerce law
•
Takes into consideration prior UNCITRAL provisions and eIDAS
regulation
The draft UNCITRAL Model Law on IdM and Trust Services
•
All preparatory documents available on
UNCITRAL website
in all
UN official languages
•
Draft provisions and explanatory note are submitted to the
Commission for consideration and possible adoption in July 2022
•
Latest version available in document
A/CN.9/1112 - Draft Model
Law on the Use and Cross-border Recognition of Identity
Management and Trust Services
The draft Model Law: scope and general principles
•
Focuses on use in commercial activities and trade-related
services
•
Does not introduce new requirements to identify or to use a
particular IdM or trust service
•
Use of IdM and trust services is voluntary
•
Does not affect any other rule of law, including compliance
with regulatory requirements and with data privacy and
protection law
The draft Model Law: IdM
•
Identity is a set of attributes that uniquely distinguishes a
person in a particular context
•
IdM systems manage both identity proofing and electronic
identification (a.k.a. “authentication”)
–
Identity proofing is “
the process of collecting, verifying,
and validating sufficient attributes to define and confirm
the identity of a person within a particular context
”
–
Electronic identification
is “a process used to achieve
sufficient assurance in the binding between a person and
an identity”
–
An identity is “a set of attributes that allows a person to
be uniquely distinguished within a particular context”
–
A person is a physical or legal person
•
Provision on non-discrimination of the result of electronic
identification
The draft Model Law: IdM
•
The method used for electronic identification must be reliable
•
Two-tier approach to determine reliability:
–
Ex post (after use):
•
Open-ended list of relevant circumstances
–
Ex ante (before use)
•
Possibility of designating reliable IdM systems /
services
The draft Model Law: IdM
•
List of obligations of IdM service providers covering the IdM
lifecycle
•
List of obligations of IdM service providers in case of data
breach
•
Rules on liability of IdM service providers
–
Breach of obligations set in the model law gives rise to
liability
–
All other sources of liability remain applicable, but
limitation may be possible
The draft Model Law: trust services
•
A trust service is an electronic service that provides
assurance of certain qualities of a data message
–
who, what, when, where, and why of data
–
Includes the methods for creating and managing
electronic signatures, electronic seals, electronic time
stamps, website authentication, electronic archiving and
electronic registered delivery services (same as eIDAS)
–
List of trust services is open-ended
•
Rule on non-discrimination against use of trust services
The draft Model Law: trust services
•
Each trust service (except website authentication) has a
dedicated provision drafted as a functional equivalence rule
referring to the paper-based function
•
Same “two tier” approach as for IdM
–
ex ante designation + ex post assessment
•
List of obligations of trust service providers
•
Liability of trust service providers
The draft Model Law: cross-border aspects
•
Geographic-neutral rules on the assessment of reliability of
the method used and on the designation of reliable systems
and services
–
Apply to both IdM and trust services
•
Dedicated provisions on cross-border recognition and on
international cooperation
–
Does not foresee, but is compatible with the
establishment of a centrally-managed mutual recognition
mechanism
•
The model law may be used as a template for bilateral and
plurilateral agreements
Further considerations
•
The draft model law has maintained the double structure of
eIDAS based on IdM / trust services
•
However, identity information may raise several diverse
issues
–
IdM – especially foundational identity – raises privacy
concerns that call for stricter regulation
–
Trust services – including those incorporating functional
identity – aim to support dataflows and require an
enabling environment rather than a regulatory one
•
Issues for further consideration:
–
Use of trust services with respect to object-generated
data
The draft UNCITRAL Model Law focuses on the use and cross-border recognition of identity management (IdM) and trust services in commercial activities. It provides a legal framework for both private and public IdM systems, respecting commercial and e-commerce principles while ensuring voluntary use without imposing new requirements. The law defines identity attributes and processes in a way that uniquely distinguishes individuals within specific contexts.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
UNCITRAL United Nations Commission on International Trade Law UNCITRAL draft model law on IdM and trust services Luca Castellani UNCITRAL Secretariat The views expressed are those of the author and do not necessarily reflect the views of the United Nations and of UNCITRAL
The draft UNCITRAL Model Law on IdM and Trust Services UNCITRAL WG IV has prepared a model law on the use and cross- border recognition of IdM and trust services Project started in 2017 at the request of certain EU member States and with a broad scope: build on shared principles and terminology to provide a uniform legal treatment for: private and public IdM systems and schemes a broad range of trust services Respects general principles of commercial and e-commerce law Takes into consideration prior UNCITRAL provisions and eIDAS regulation UNCITRAL United Nations Commission on International Trade Law
The draft UNCITRAL Model Law on IdM and Trust Services All preparatory documents available on UNCITRAL website in all UN official languages Draft provisions and explanatory note are submitted to the Commission for consideration and possible adoption in July 2022 Latest version available in document A/CN.9/1112 - Draft Model Law on the Use and Cross-border Recognition of Identity Management and Trust Services UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: scope and general principles Focuses on use in commercial activities and trade-related services Does not introduce new requirements to identify or to use a particular IdM or trust service Use of IdM and trust services is voluntary Does not affect any other rule of law, including compliance with regulatory requirements and with data privacy and protection law UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: IdM Identity is a set of attributes that uniquely distinguishes a person in a particular context IdM systems manage both identity proofing and electronic identification (a.k.a. authentication ) Identity proofing is the process of collecting, verifying, and validating sufficient attributes to define and confirm the identity of a person within a particular context Electronic identification is a process used to achieve sufficient assurance in the binding between a person and an identity An identity is a set of attributes that allows a person to be uniquely distinguished within a particular context A person is a physical or legal person Provision on non-discrimination of the result of electronic identification UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: IdM The method used for electronic identification must be reliable Two-tier approach to determine reliability: Ex post (after use): Open-ended list of relevant circumstances Ex ante (before use) Possibility of designating reliable IdM systems / services UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: IdM List of obligations of IdM service providers covering the IdM lifecycle List of obligations of IdM service providers in case of data breach Rules on liability of IdM service providers Breach of obligations set in the model law gives rise to liability All other sources of liability remain applicable, but limitation may be possible UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: trust services A trust service is an electronic service that provides assurance of certain qualities of a data message who, what, when, where, and why of data Includes the methods for creating and managing electronic signatures, electronic seals, electronic time stamps, website authentication, electronic archiving and electronic registered delivery services (same as eIDAS) List of trust services is open-ended Rule on non-discrimination against use of trust services UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: trust services Each trust service (except website authentication) has a dedicated provision drafted as a functional equivalence rule referring to the paper-based function Same two tier approach as for IdM ex ante designation + ex post assessment List of obligations of trust service providers Liability of trust service providers UNCITRAL United Nations Commission on International Trade Law
The draft Model Law: cross-border aspects Geographic-neutral rules on the assessment of reliability of the method used and on the designation of reliable systems and services Apply to both IdM and trust services Dedicated provisions on cross-border recognition and on international cooperation Does not foresee, but is compatible with the establishment of a centrally-managed mutual recognition mechanism The model law may be used as a template for bilateral and plurilateral agreements UNCITRAL United Nations Commission on International Trade Law
Further considerations The draft model law has maintained the double structure of eIDAS based on IdM / trust services However, identity information may raise several diverse issues IdM especially foundational identity raises privacy concerns that call for stricter regulation Trust services including those incorporating functional identity aim to support dataflows and require an enabling environment rather than a regulatory one Issues for further consideration: Use of trust services with respect to object-generated data UNCITRAL United Nations Commission on International Trade Law
