Monthly Archives: October 2025

A Milestone in Enhancing Digital Trust for Lawyers: Digitally Verifying Client ID

Letter from our President

In an era when identity fraud is evolving rapidly, our collective efforts to defend the integrity of client-lawyer relationships have never been more vital. Today, I’m proud to reflect on a significant step forward: the launch of the PCTF Legal Professionals Profile Final Recommendation V1.1, the first industry-specific profile under the Pan-Canadian Trust Framework (PCTF). diacc.ca

This development is more than a technical standard; it’s a symbol of what’s possible when regulators, legal professionals, and technology providers protect clients, preserve trust, and reduce risk on the front lines of legal practice.

Why This Profile Matters

The PCTF Legal Professionals Profile establishes Conformance Criteria for how lawyers and their agents expect services to conduct client identity verification (IDV) in a manner that is auditable and consistent

Here’s what it does:

  • Reduces variability and risk by requiring that third-party agents meet minimum assurance criteria when verifying client identity. 
  • Clarifies expectations for service providers, helping them design identity solutions that align with law society requirements, avoid duplication of effort, and reduce uncertainty. 
  • Bridges practice and regulation by creating a pathway supporting compliance, enabling lawyers to rely on trusted, certified identity services rather than reinventing idiosyncratic internal solutions. diacc.ca

In short, this profile turns what was once discretionary or opaque into something auditable, transparent, and scalable.

The Challenge We Face: Rising Fraud, Rapid Change

The timing of this launch is critical. Fraud and identity theft remain persistent threats in Canada’s digital era:

  • In 2023, the police-reported rate of general fraud increased by 12% compared to 2022, despite a decline in incidents of identity fraud and identity theft. Statistics Canada 
  • In 2024 alone, Canadians lost $638 million to fraud. Canada.ca 
  • A 2025 Equifax study found that 48% of Canadians personally know someone who was a victim of identity theft. equifax.ca

These numbers reflect only a fraction of what’s really happening; many victims don’t report fraud, and many attacks go undetected for long periods.

The legal sector: lawyers have fiduciary responsibilities, handle funds, and often deal with clients remotely. The accuracy and trustworthiness of identity verification are crucial to maintaining legal integrity.

A Shifting Regulatory Landscape

Law societies and regulatory bodies are recalibrating in response to shifting norms and evolving risks:

  • Jurisdictions have rescinded the pandemic-era relaxations that allowed remote client verification via video calls alone. diacc.ca
  • The updated Client Identification and Verification (CIV) Rules now require that virtual verification utilize authentication technology capable of confirming the authenticity of government-issued IDs, rather than merely displaying them over video. Law Society of Alberta 
  • The use of third-party agents is now more explicitly permitted, provided the agent complies with the regulatory criteria, allowing lawyers to exercise controlled flexibility in how they operationalize identity checks. Law Society of Alberta | Law Society of British Columbia 

These changes place greater demands on vendors, law firms, and regulators, but also create openings for innovation, standardization, and certainty.

Progress Through Collaboration

What makes the release of the DIACC PCTF Legal Professionals Profile especially meaningful is that it represents progress through collaboration:

  1. Information was sought from the Federation of Law Societies of Canada to assist in creating the Legal Professionals Profile, enabling the tailoring of verification requirements to real-world legal workflows.
  2. Identity technology providers, such as Treefort Technologies, one of the first services to earn PCTF certification under the DIACC program, now have visible, auditable pathways to align with the legal sector’s expectations. Treefort’s early certification signals to lawyers and law societies that robust verification solutions are market-ready. Treeforttech 
  3. Legal professionals and firms now have a more straightforward path to choosing verification services that conform, not just on paper, but in practice. The DIACC Member Services Directory and the Trusted List of certified services are ready reference points. diacc.ca

By stepping into a coordination role, neither vendor nor regulator, DIACC has helped create common ground. Such neutral convening is rare, but essential in domains where trust, regulation, and technology must intersect.

What This Means for Canadian Lawyers on the Front Lines

For lawyers, especially those serving clients remotely or handling high-risk transactions, the implications are real:

  • Less friction in onboarding new clients, because lawyers can confidently outsource identity checks to trusted services.
  • Reduced liability and regulatory risk, because the verification process is auditable and traceable.
  • More consistency in expectations across jurisdictions would reduce the burden of navigating different local rules.
  • Improved client confidence, clients increasingly expect digital convenience without compromising security.

Consider the example of remote identity verification in real estate law. Lawyers like “Jamie” can now verify client identity using vendor services that combine document authentication, facial matching, liveness checks, and risk assessments, without requiring clients to come into the office. diacc.ca

It’s a tangible shift: trust, remote convenience, and compliance can coexist.

The Road Ahead: Opportunities & Challenges

This milestone is a launch point, not a finish line. Here’s what remains:

  • Broad adoption: The value of the Profile grows only when law societies, large firms, small practices, and vendors all adopt it.
  • Ongoing certification rigour: As bad-actor fraud techniques advance (e.g., AI-assisted deepfakes, synthetic identity attacks), the conformance criteria must evolve.
  • Education and support: Many lawyers will require help in selecting, integrating, and monitoring identity verification services.
  • Interoperability across sectors: Legal identity verification must increasingly interoperate with banking, government, and other trust ecosystems.
  • Monitoring outcomes and feedback loops: We need to measure how this framework reduces fraud, speeds onboarding, builds confidence and iterates.

In Gratitude and in Resolve

To everyone who has supported this effort, from regulators to identity solution providers and legal professionals, thank you. This profile is stronger because of your feedback, engagement, and dedication.

Our work is far from done. As fraudsters refine their tactics, we must continue to refine, adapt, and collaborate. That is the spirit of digital trust: not static defence, but evolving resilience.

DIACC remains committed to serving as a neutral, trusted enabler in this journey. We will continue to expand resources, convene stakeholders, monitor real-world outcomes, and raise the bar as threats evolve.

May this milestone mark what we’ve collectively accomplished and catalyze what comes next, a legal sector where client verification is seamless, fraud is harder to commit, and trust is foundational to every digital legal interaction.

Joni Brennan
President, DIACC

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

DIACC Unviels Digital Trust Adoption Dashboard: Transparency for a Connected Canada

October 16, 2025 – We are thrilled to announce the launch of DIACC’s Digital Trust Adoption Dashboard, a transformative, interactive tool developed by our Adoption Expert Committee (AEC), marking a pivotal moment in Canada’s digital trust journey.

This public resource maps the evolution of digital trust programs across Canada’s provinces and territories. By combining data from government sources with an interactive, map-based interface, the dashboard reveals the current state of digital verification and authentication services, trust program adoption, interoperability, and maturity across the country.

Why This Matters for Canada

Digital trust is no longer optional; it is foundational infrastructure for a competitive, secure, and inclusive Canadian economy. Citizens deserve seamless, secure access to services. Businesses require trusted digital transactions to thrive. Governments need efficient, interoperable systems to serve their constituents effectively.

This dashboard empowers decision-makers, innovators, and policymakers to move beyond assumptions and into action. It reveals where progress is accelerating, where gaps exist, and, most critically, where strategic alignment and collaboration can unlock exponential value for all Canadians. In an era where digital capability determines economic resilience, this transparency is not just valuable; it is essential.

Built on Collaboration, Designed for Impact

Developed through rigorous collaboration among the AEC, government partners across jurisdictions, and DIACC’s dedicated team, this dashboard demonstrates the power of public-private collaboration. Each data point reflects publicly observable information, and, to the greatest extent possible, we’ve validated the data for accuracy.

The AEC will maintain and evolve this living resource, with regular reviews and updates triggered by significant program or policy developments. Regular monitoring ensures the dashboard remains not just current but also actionable, a dynamic tool that grows in value as Canada’s digital trust public sector services ecosystem matures.

A Call to Engagement

This initiative embodies DIACC’s commitment to making Canada’s digital trust landscape auditable, transparent, and interconnected. We are advancing both economic innovation and public good by providing an accessible, evidence-based foundation for informed decision-making.

As this tool evolves, we invite the Canadian public, industry stakeholders, and government partners to engage with it, share insights, and provide feedback. Your perspectives will strengthen this resource and accelerate our collective progress. Please direct your feedback and inquiries to contact@diacc.ca.

We congratulate the AEC and the entire DIACC team for delivering this critical milestone in Canada’s digital trust transformation. This tool demonstrates leadership in action, which is what our nation needs as we build the trusted digital future Canadians deserve.

DIACC’s Digital Trust Adoption Dashboard

Developed by our Adoption Expert Committee (AEC)

Purpose & Intent

  • Provide an interactive map showing current public-sector digital trust programs offered across Canadian provinces and territories.
  • Enable stakeholders to see adoption, interoperability, and maturity at a glance.
  • Support evidence-based decision-making and identify opportunities for collaboration, alignment, and private sector engagement.

How We Collected Data

  • Coordinated efforts with the support of AEC members and DIACC staff.
  • Observable/visible data from public government sources (program names, departments, service destinations, adoption metrics).
  • Structured questions (developed by AEC) to ensure consistency across jurisdictions.
  • Targeted government consultations to validate findings and capture policy context.

Committee Role & Maintenance

  • Ongoing stewardship: The AEC is responsible for maintaining the dashboard’s accuracy and relevance.
  • Review cadence: Annual reviews, plus updates triggered by major policy, regulatory, or program changes.
  • Monitoring: Track government announcements, adoption metrics, and stakeholder input to keep data fresh and actionable.

Key Takeaways

  • Purpose: Deliver a transparent, observable data-based view of Canada’s digital trust landscape.
  • Methodology: Grounded in both observable-sourced data and committee government representative consultations.
  • Sustainability: Maintained by AEC with annual reviews and update triggers.

Utility: A living tool to support strategy, collaboration, and interoperability at the national level.

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

Reimagining Canada Post: From Delivering Mail to Delivering Trust

A Letter from the President

Canada Post is losing approximately ten million dollars per day. The traditional business model of delivering physical mail to every Canadian address is fundamentally unsustainable. The federal government has directed the corporation to reduce delivery frequency and fundamentally transform operations.

Crisis as Catalyst

This is a crisis. However, it’s also an opportunity that Canada risks missing if we consider Canada Post solely in terms of mail delivery.

The Hidden Infrastructure

Consider what Canada Post actually represents: a trusted institution with physical presence in virtually every Canadian community, deep expertise in verification and logistics, existing relationships spanning individuals and businesses, public accountability, and a mandate to serve all Canadians regardless of commercial viability.

These aren’t assets to be wound down. They are the foundations for building Canada’s digital trust infrastructure.

Where Private Innovation Falls Short

The private sector has pioneered remarkable innovations in digital trust and identity verification, user experience, and privacy-enhancing technologies. Still, private sector solutions may face inherent limitations: market forces drive them toward commercially valuable populations and geographies; profit imperatives can create tensions with privacy protection; and competitive dynamics resist the open standards that enable broad interoperability.

A Vision for Digital Trust

Canada Post could bridge this gap, not by displacing private innovation, but by complementing it. Imagine Canada Post operating as a privacy-preserving verification service that helps Canadians prove their identity online, confirm addresses for e-commerce and financial services, and authenticate business credentials. Imagine post offices serving as trusted in-person verification points where Canadians without smartphones or digital literacy can establish digital credentials with assistance. Imagine Canada Post providing the addressing infrastructure that enables secure digital commerce while protecting privacy.

Complement, Not Compete

This isn’t about government competing with private sector innovators. It’s about leveraging a trusted public institution to ensure universal access, serve populations that aren’t commercially attractive, maintain the physical-digital bridge that inclusion requires, and operate according to public interest principles rather than purely commercial logic.

Asking The Right Question

Canada Post’s transformation should be guided by a simple question: What role can a universally accessible, publicly accountable, and privacy-respecting institution play in Canada’s digital trust ecosystem? The answer isn’t “deliver less mail.” It’s “deliver digital trust services that complement private innovation while ensuring no Canadian is left behind.”

Joni Brennan
President, DIACC

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

Learning from BritCard: Why Architecture Matters for Digital Trust and Identity

A Letter from the President, DIACC

The choices we make about digital trust and identity verification architecture today will shape Canadian privacy, security, and digital rights for generations to come. Recent developments in the United Kingdom offer a timely reminder: how we build digital trust and identity systems matters as much as whether we build them.

Canadians demand a path that’s grounded in the principles of federation, decentralization, privacy by design, and user control. As pressure mounts globally for mandatory and centralized digital identity systems, we must advocate for principles that ensure our implementations live up to the designs that Canadian’s demand.

The UK’s Announced Approach

The UK faces genuine challenges that digital trust and identity could address. Document fraud in right-to-work verification creates significant problems. Administrative burden on employers is substantial. And approximately 10% of UK residents have never held a passport, creating barriers to proving identity for routine transactions. A digital credential accessible via a smartphone, which 93% of UK adults possess, could help address these legitimate issues.

The critical question isn’t whether digital trust and identity can solve real problems. It’s how it’s implemented.

The UK government has committed to making its proposed BritCard system mandatory and references “a central database of people entitled to live and work in the UK.” Cybersecurity experts have been explicit in their warnings: centralized databases create “enormous hacking targets,” particularly when complex dependency chains involving contractors and integrators are involved. Within days of the announcement, 1.6 million people had signed petitions opposing the scheme, expressing concerns about surveillance and the notion of “Big Brother in your pocket.”

These concerns aren’t theoretical. Centralized identity databases have been compromised in multiple jurisdictions, impacting millions of individuals. Once compromised, the consequences include identity theft, widespread fraud, and erosion of public trust that takes years to rebuild. The attack surface, which arises from aggregating millions of records in centralized systems, is of enormous importance.

Architecture as Values Made Concrete

There is an alternative architectural strategy that is privacy-preserving and uses decentralized credentials. This approach uses:

  • Cryptographically-signed credentials that are held on user devices, not in centralized databases
  • Verification happens through cryptographic proofs rather than database lookups
  • Selective disclosure enables proving what’s necessary (like eligibility to work) without revealing your complete identity profile
  • Users control when and how their credentials are shared

This isn’t experimental technology. Estonia has operated such a system successfully for over two decades. The EU Digital Identity Wallet regulation explicitly requires selective disclosure and offline verification capability. Singapore’s Singpass uses QR-code-based verification to minimize tracking. These approaches have been proven at the national scale.

The lesson for Canada isn’t “don’t build digital trust and identity verification.” It’s “architecture must reflect values.

A mandatory system built on centralized databases carries fundamentally different privacy risks, security vulnerabilities, and civil liberties implications than a voluntary system using privacy-preserving credentials held by users. The efficiency gains and fraud reduction can be achieved through either approach; however, one strategy respects privacy by design rather than by promise.

Canada’s Distinctly Different Approach

Canada has already charted a different course. Aligning with our governance models and values, our approach is decentralized. There is no single national digital identity system, no central government database of all Canadians, and no mandatory credential that citizens are required to obtain. Learn more about our vision for Canada’s decentralized approach.

Instead, our vision of a digital trust and identity verification ecosystem aligns with the Pan-Canadian Trust Framework (PCTF), developed by DIACC in collaboration with federal, provincial, and territorial governments, financial institutions, telecommunications providers, privacy advocates, and civil society organizations. The PCTF enables digital trust and identity services through:

Federated Architecture: Multiple credential issuers (provinces, federal government, private sector organizations) can issue credentials that are mutually recognized through conformance to a common framework of components without creating centralized databases or requiring technological uniformity.

Privacy by Design: The PCTF embeds privacy protections at the architectural level. Requirements include data minimization, purpose limitation, selective disclosure capabilities, transparent consent management, and security safeguards proportionate to the sensitivity of the information. These aren’t policy aspirations; they’re assessed through independent certification.

User Control: Individuals maintain control over their credentials and decide when and with whom to share information. Credentials can be stored on personal devices, and users can revoke consent and withdraw their credentials through clear procedures for data deletion.

Voluntary Adoption: Digital credentials supplement rather than replace existing identity documents. Canadians choose whether to use digital identity based on convenience, security, and trust. It’s not a government mandate.

Verifiable Privacy Protections: Through DIACC’s PCTF Certification Program, organizations can obtain independent verification that their digital trust and identity verification services implement privacy-preserving architectures. This shifts privacy from a policy promise to a verified reality.

This approach reflects what Canadians want. Our research consistently indicates that privacy, security, and choice are key factors driving Canadians’ desire for digital trust and identity. The bottom line is that voluntary, privacy-focused solutions earn public trust, while mandatory systems face resistance.

The Technologies That Enable Privacy

Privacy-preserving digital trust and identity isn’t just philosophically preferable; it’s technically achievable through verifiable credentials and related technologies that the PCTF supports:

Selective Disclosure: Instead of presenting your entire driver’s licence to prove you’re old enough to purchase age-restricted products, you can present a cryptographic proof that you’re over 19, without revealing your birth date, address, or even your name. The verifier gets the answer they need; you retain privacy over information they don’t.

Decentralized Verification: Credentials can be verified through cryptographic signatures without requiring queries to centralized databases. This means verification can happen offline, in real-time, without creating transaction records that enable tracking or surveillance.

Zero-Knowledge Proofs: Advanced cryptographic techniques enable proving statements about your identity (such as “I am a resident of Ontario” or “I hold a valid professional license”) without revealing the underlying credential or creating linkable identifiers across different interactions.

User-Held Credentials: When credentials live on your device rather than in government or corporate databases, you control when they’re shared. A data breach at one organization doesn’t compromise your credentials held elsewhere.

These technologies are standardized and operating at scale internationally. Canada’s PCTF is designed to accommodate them as they become more widely deployed, ensuring that our framework supports the most privacy-preserving approaches available.

What This Means for Canada’s Digital Future

The path forward requires intentionality about the choices we make now, in procurement specifications, in system design, in policy development, and in public dialogue:

For Government Leaders: The PCTF bridges regulations with operational realities to provide a foundation for cross-sector interoperability. Resist pressure for centralized databases or mandatory systems. Ensure procurement specifications prioritize privacy-preserving architectures and require independent DIACC’s PCTF certification. Build the physical-digital bridges (assisted digital services, multi-modal access) that ensure universal accessibility.

For Industry Stakeholders: Pursue PCTF certification for digital trust and identity solutions and design products that implement selective disclosure and user control, rather than relying on maximalist data collection. Accept certified credentials from diverse issuers to create convenience that drives voluntary adoption. Contribute expertise to framework evolution.

For Privacy Advocates and Civil Society: Hold organizations accountable for their privacy promises by demanding PCTF certification. Participate in framework governance to ensure that citizen perspectives inform the technical architecture. Help build public understanding of how privacy-preserving systems work and why architecture matters.

For Technology Providers: Align product development with PCTF specifications and privacy-preserving technologies. Seek DIACC PCTF certification for competitive differentiation. Invest in open standards that prevent lock-in and enable interoperability. Innovate on capabilities including: verifiable credentials, selective disclosure, and zero-knowledge proofs.

For Citizens: Engage with digital trust and identity programs as they launch. Demand transparency about whether systems use centralized databases or decentralized credentials. Provide feedback on usability, accessibility, and privacy concerns. Exercise control over personal information through consent management: support organizations that pursue voluntary, privacy-preserving approaches over mandatory, surveillance-enabling architectures.

Building Services Worthy of Trust

Canada can build a digital trust and identity verification infrastructure of services that are:

  • More secure because it’s decentralized — no honeypot databases to target
  • Widely adopted because it’s genuinely helpful and voluntary — convenience without coercion
  • Privacy-protecting through architecture, not only policy promises — verified through independent testing
  • Interoperable while respecting jurisdictional sovereignty — federation without centralization
  • Inclusive by design rather than by afterthought — multi-modal access serving all Canadians

Our success demands that we prioritize privacy-preserving architectures in procurement specifications, insist on open standards and independent verification, invest in accessibility for all Canadians regardless of their digital literacy or access to technology, and establish strong trust frameworks and mutual recognition mechanisms that enable effective federation.

The path forward isn’t about government versus private sector, federal versus provincial, or mandatory versus voluntary in the abstract. It’s about all of us, across jurisdictions and sectors, committing to build and use digital trust infrastructure services that are distinctly Canadian: digital trust infrastructure that reflects our federal structure, our values, and our constitutional commitments to privacy and individual rights.

The UK’s experience with BritCard is a reminder that design choices matter. Centralized, mandatory systems may promise efficiency, but they carry profound risks to privacy, security, and civil liberties. Canadians have chosen differently, and we must ensure our implementations honour their choice.

We can develop digital trust and identity verification services that earn the confidence of Canadians. The architecture exists. The technologies are operational. The framework is ready. What remains is a collective commitment to getting the implementation right.

The choices are ours to make. The time to make them thoughtfully is now.

Joni Brennan
President, DIACC

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

Recognizing Quebec’s Digital Trust and Cybersecurity Leadership in Kananaskis

October 2, 2025

DIACC is proud to recognize Quebec’s leadership during the recent Federal, Provincial and Territorial Ministers’ and Deputy Ministers’ Seminar on Digital Trust and Cybersecurity in Kananaskis, Alberta. As co-chair, Quebec’s Deputy Minister of Cyber and Digital Affairs and Chief Information Officer played a key role in driving progress, resulting in a collaborative agreement on crucial cybersecurity proposals.

This strategic approach to digital trust demonstrates Quebec’s efforts to create more secure and responsive government services for its citizens and businesses. The province has taken a forward-thinking approach to solving complex digital challenges by uniting teams and platforms under a single, reliable framework. This creates a streamlined “digital front door” for everyone, with features like “tell us once” and coordinated service delivery.

DIACC looks forward to a continued partnership supporting Quebec’s digital trust leadership. By building on these foundations, Quebec is strengthening its reputation as a pioneer in digital innovation. This ongoing work empowers Quebecers, strengthens local businesses, and fuels innovation across the province and Canada.

Joni Brennan
President, DIACC

Spotlight on General Bank of Canada

1. What is the mission and vision of General Bank of Canada?

To build a bank for generations. [To build a bank for generations implies extensive trust]. General Bank operates as a Financial Product Manufacturer and works with Distributors / Brokers to have Consumers access our products.

2. Why is trustworthy digital identity critical for existing and emerging markets?

As a financial services product manufacturer we don’t hold direct to consumer relationships – we work with other financial services distributors. However, we need to validate those relationships with consumers and distributors to meet our regulatory obligations.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

The more easily and quickly (digitally) we can verify individuals the more we can get our products out in the market and meet our regulatory obligations.

4. What role does Canada have to play as a leader in this space?

Canada can definitely be a leader in digital trust and identity – there is already a lot of great work ongoing.

5. Why did your organization join the DIACC?

General Bank is transforming and digital trust / verification is becoming a larger focus for us.

6. What else should we know about your organization?

General Bank is full Canadian Chartered Bank but we don’t have direct to consumer relationships (so we are a very different Chartered Bank).