Digital Identity in New Zealand: What You Need to Know

New Zealand is preparing to embrace Digital Identity – a secure way to prove who you are without relying on physical documents like passports or drivers’ licenses. This shift promises convenience, enhanced security, and smoother, more reliable access to services. But what exactly is digital identity, how does it work, and what safeguards are in place to protect your information?

What is digital identity? 
A digital identity is an electronic version of your real-world identity, used to verify who you are when accessing certain goods or services. Instead of providing your passport or drivers’ license, you can use trusted digital credentials. Credentials are verified pieces of information that belong to you, which a relying party can request to confirm they meet their requirements or expectations. 

Digital credentials are: 

• Secure – Your information is always held by you, or a trusted third-party. 
• Convenient – Your credentials are stored on your device, or in the cloud. 
• Privacy Focused – During verification, only the required digital credentials are provided. 

New Zealand is currently rolling out the necessary facilities to support digital identity services, with additional providers expected to enter the market in coming years. Digital identity is expected to play a vital role within New Zealand society, supporting the following services: 

• Government Services – Applying for benefits, disability, or accessing online services. 
• Banking and Finance – Opening bank accounts or securing finance. 
• Age Verification - For restricted goods or services. 

What Could Go Wrong? 
A perfect implementation of digital identity services offers many benefits over traditional physical documents. However, an insecure implementation could result in your personal information being leaked, or your identity being impersonated. Some consequences include: 

• Sensitive information, including your personally identifiable information could be leaked, or sold online. 
• Your identity could be used or impersonated by a malicious person. 
• Some individuals may be excluded due to technological limitations or lack of understanding. 
• A full reliance on digital credentials introduces a new digital failure point. 

Introducing the Trust Framework Authority: 
To address these risks, New Zealand has established the Trust Framework Authority (TFA) under the Digital Identity Services Trust Framework (DISTF) Act 2023. The TFA is the regulator of digital identity service providers, ensuring that all providers meet strict security, privacy, and trust standards under the DISTF (accreditation). 

The TFA is responsible for:

• Accrediting providers and services with the help of independent evaluators. 
• Publishing the list of accredited providers and services on the Trust Framework Register (https://www.dia.govt.nz/Trust-Framework-Register). 
• Ensuring all accredited providers consistently meet the laws, rules, and regulations of the Trust Framework. 
• Assessing and investigating complaints made about providers or services. 
  

The TFA ensures that any implementation of digital identity in New Zealand is secure, trustworthy, fair, and transparent.

Independent Evaluators 
The role of independent privacy and security evaluators is to assess whether a provider meets the privacy, security, and regulatory requirements outlined in the DISTF. The assessment performed by the independent evaluator helps to inform TFA to make a final accreditation decision. 

PrivSec Consulting are approved independent security evaluators, which allows us to help you achieve accreditation under the DISTF.  

Final Thoughts 
Digital Identity is coming, bringing both opportunities and risks. With the TFA’s safeguards, New Zealand is taking a cautious, regulated approach to ensure that the information of New Zealanders is protected. 

If you are a provider, a relying party, or just want to chat with an expert on Digital Identity Services within New Zealand, please reach out at [email protected] 



References: 

• More Information: https://www.dia.govt.nz/Trust-Framework  
• Trust Framework Authority: https://www.dia.govt.nz/Trust-Framework-Authority  
• Trust Framework Legislation: https://www.dia.govt.nz/Trust-Framework-for- Digital-Identity-Legislation  
• Trust Framework Register: https://www.dia.govt.nz/Trust-Framework-for-Digital-Identity-Providers-of-services#Register  
• Becoming an Accredited Provider: https://www.dia.govt.nz/Trust-Framework-for-Digital-Identity-Providers-of-services 
• Digital Identity Services Trust Framework Act 2023: https://www.legislation.govt.nz/act/public/2023/0013/latest/LMS459583.html  

Author: Kent Wolstenholme