Yearly Archives: 2025

DIACC Congratulates Quebec on Historic Adoption of National Digital Identity Legislation

October 28, 2025 – We proudly congratulate the Government of Quebec and the Assemblée nationale on the adoption of Bill 82, the Act respecting national digital identity and amending other provisions. This landmark legislation represents a significant milestone in Canada’s digital transformation journey and demonstrates Quebec’s leadership in advancing secure, citizen-centric digital solutions.

“The adoption of Bill 82 is a momentous achievement that positions Quebec at the forefront of digital identity innovation in Canada,” said Joni Brennan, President, DIACC. “This legislation embodies the core principles that DIACC has long championed: privacy, security, user control, and voluntary adoption. Quebec’s commitment to putting citizens in control of their personal information while enhancing access to government services sets a powerful example for jurisdictions across the country.”

DIACC particularly commends Quebec’s thoughtful approach to implementing national digital identity, which includes:

  • Privacy by design: Ensuring citizens only share the minimum personal information required for each service
  • Voluntary participation: Respecting individual choice in the use of digital identity credentials
  • Enhanced security: Reducing risks of identity theft and fraud through digital attestations
  • Citizen empowerment: Giving individuals control over their personal information and requiring approval for each use
  • Public consultation: Commitment to consulting the public on the use of biometric characteristics

The legislation’s emphasis on data governance, cybersecurity, and digital sovereignty aligns perfectly with DIACC’s Pan-Canadian Trust Framework and demonstrates a comprehensive approach to building trustworthy digital ecosystems.

DIACC looks forward to continuing its collaboration with the Ministère de la Cybersécurité et du Numérique and other stakeholders as Quebec implements this transformative initiative. This achievement reinforces the importance of coordinated efforts across Canadian jurisdictions to create interoperable, trustworthy digital identity solutions that serve all Canadians.

Joni Brennan
President, DIACC

Statement on Auditor General’s Cyber Security Report

October 23, 2025

The Auditor General’s report released on cyber security of federal government networks and systems reveals vulnerabilities that demand immediate, coordinated action across all sectors and jurisdictions. The findings underscore a fundamental truth: digital security and digital trust are inseparable and require collaboration among government, industry, and civil society.

With 6.6 trillion malicious cyber events blocked in a single year and critical gaps in asset management and incident response, the cost of fragmented approaches is clear. When 80% of eligible federal organizations opt out of available security services, it creates exactly the vulnerabilities that sophisticated threat actors exploit.

These findings demand urgency. The January 2024 breach described in the report, where poor coordination enabled prolonged unauthorized access to Canadians’ personal information, demonstrates that cyber security is not only a technical challenge but also a trust challenge. When government systems are compromised, public confidence in digital services erodes, affecting everything from healthcare access to economic participation.

DIACC President, Joni Brennan, issued the following statement: 

“DIACC has long advocated that secure digital services require interoperable, verifiable trust frameworks that bridge organizational and jurisdictional needs. The Auditor General’s findings reinforce why the DIACC’s Pan-Canadian Trust Framework exists: to provide commonly agreed-on business-problem-solving criteria and certification mechanisms that enable organizations to deliver secure, privacy-protecting services that Canadians can trust.”

The path forward requires collaboration. Federal, provincial, and territorial governments should collaborate with private-sector innovators and civil society to implement the comprehensive cyber security strategy that the Auditor General has acknowledged as sound and necessary. The way forward should also include:

  • Establishing and adopting trusted services for digital identity verification and access control
  • Ensuring visibility of verifiable digital assets through proper inventory and management systems
  • Creating seamless coordination mechanisms for incident response across organizational boundaries
  • Accelerating the adoption of privacy-preserving and enhancing technologies that protect Canadians while enabling secure service delivery

Both governments and the private sector bring essential strengths to this challenge. Governments provide regulatory frameworks, public mandates, and the reach to serve all Canadians. The private sector contributes innovation, technical expertise, and agile solutions. When we combine these complementary capabilities and work in partnership, we can move with urgency to address the Auditor General’s findings.

DIACC stands ready to support all levels of government and industry partners in implementing the digital trust and verification infrastructure that Canadians need. The time for inaction has passed. The cyber threats documented in today’s report are absolute, sophisticated, and persistent. Our response must be equally coordinated, comprehensive, and swift.

Canada has the expertise to lead in digital trust and verification. Now we must demonstrate the will to act.

Joni Brennan
President, DIACC

FCT’s Client ID Verification Achieves DIACC PCTF Certification: Enhancing Digital Trust for Legal Professionals

Toronto, October 23, 2025 – We are thrilled to announce that FCT Client ID Verification has been certified against the Pan-Canadian Trust Framework ™(PCTF) Verified Person Component at LOA2. Established in 2012, DIACC is Canada’s largest multistakeholder organization, exclusively addressing digital trust and identity verification, fostering confidence and consistency in the market through its internationally recognized framework and standardized third-party conformity assessment program.

Legal professionals today face a daunting task: safeguarding sensitive client information while navigating ever-changing regulatory landscapes as technology evolves rapidly. To address this, FCT’s Client ID Verification solution has successfully achieved certification against the DIACC Pan-Canadian Trust Framework (PCTF), ensuring its solution meets the highest bar for security and trust.​ 

The PCTF enhances digital trust relationships across the Canadian ecosystem based on legal, policy, and technical requirements to which organizations agree to adopt, which includes best practices, policies, technical specifications, guidance, regulations, and standards, prioritizing interoperability, privacy, security, and trustworthy use of digital identity and personal data.

“Earning certification against the Pan-Canadian Trust Framework (PCTF) demonstrates FCT’s dedication to protecting Canadians’ personal information while supporting the legal community’s shift toward digital transformation,” said Joni Brennan, President of DIACC. “This
achievement shows how trusted digital identity solutions can simplify compliance, strengthen security, and make digital services safer for everyone.”

Purpose-built for Canadian legal professionals, FCT’s Client ID Verification is a quick, secure, digital solution designed to authenticate client IDs in minutes, whether in person or online. By aligning with the PCTF, we can ensure personal data is managed, stored and secured with the highest standards of protection, so that legal professionals can always move forward with confidence.​ 

This certification guarantees that legal professionals’ client data is handled with the highest level of trust and security. FCT’s Client ID Verification meets KYC obligations, providing consistent quality that reduces risk, builds trust and helps legal professionals adopt digital workflows to meet regulatory requirements. ​ 

​Seamless workflow integration is at the heart of our solution. By integrating into the tools legal professionals already use and minimizing manual data entry, ID verifications can be completed efficiently while maintaining accuracy and compliance. Clients retain control of their information on their own devices, stored in their secure digital wallet, streamlining the verification process and reducing duplicate data entry errors. ​ 

“FCT’s completion of the DIACC Pan-Canadian Trust Framework (PCTF) certification demonstrates our commitment to delivering best-in-class identity verification and fraud detection products that empower legal professionals to work with confidence. Legal professionals trust FCT to help them navigate an increasingly risky environment. FCT’s Client ID Verification meets the highest national standards and delivers on our core brand promise of supporting legal professionals with secure digital workflows that drive efficiency and build trust with our clients at every step.” – Ryan Lambert, Vice President, data and strategy.

With FCT’s Client ID Verification, legal professionals can feel confident knowing they are using a solution built to the highest national standards, helping them manage sensitive information responsibly, reduce audit failure risk and keep pace with regulatory changes. By providing clear benchmarks for ID verification solutions, we are working to support the digital transformation of the legal sector, while ensuring functional benefits like compliance, reduced risk and workflow efficiency. ​ 

About DIACC
Established in 2012, DIACC is a non-profit strategic alliance of public and private sector members committed to advancing full and beneficial participation in the global digital economy by promoting PCTF adoption and conformity assessment. DIACC prioritizes personal data control, privacy, security, accountability, and inclusive people-centred design. To learn more about DIACC, please visit https://diacc.ca/

About FCT
Since introducing title insurance to Canada in 1991, FCT has continued to lead the way with innovative solutions that simplify and streamline the real estate process. Today, they have significantly expanded their offerings to become leaders in property intelligence, residential and commercial solutions, residential lending solutions, and asset recovery. Their diverse lines of business support partners and customers across the entire real estate lifecycle.

About FCT Client ID Verification
It provides a quick, secure digital solution for legal professionals to meet their FINTRAC and KYC obligations effortlessly. Lawyers and Notaries can authenticate their client’s identity using technology that performs many types of validation, including biometric matching between a live selfie and portraits extracted from identity documents, analyzes government-issued identity documents, including cryptographic verification of ePassports, to check against a multitude of compliance data points, including credit bureau and mobile account verification directly on their smartphone. In minutes, the verified credential is issued and stored in the client’s mobile phone’s secure digital wallet, and the report can be accessed directly by the legal professional from FCT’s ID verification portal.

Media Contact:
Joni Brennan
President
Digital ID and Authentication Council of Canada (DIACC)
communications@diacc.ca

A Milestone in Enhancing Digital Trust for Lawyers: Digitally Verifying Client ID

Letter from our President

In an era when identity fraud is evolving rapidly, our collective efforts to defend the integrity of client-lawyer relationships have never been more vital. Today, I’m proud to reflect on a significant step forward: the launch of the PCTF Legal Professionals Profile Final Recommendation V1.1, the first industry-specific profile under the Pan-Canadian Trust Framework (PCTF). diacc.ca

This development is more than a technical standard; it’s a symbol of what’s possible when regulators, legal professionals, and technology providers protect clients, preserve trust, and reduce risk on the front lines of legal practice.

Why This Profile Matters

The PCTF Legal Professionals Profile establishes Conformance Criteria for how lawyers and their agents expect services to conduct client identity verification (IDV) in a manner that is auditable and consistent

Here’s what it does:

  • Reduces variability and risk by requiring that third-party agents meet minimum assurance criteria when verifying client identity. 
  • Clarifies expectations for service providers, helping them design identity solutions that align with law society requirements, avoid duplication of effort, and reduce uncertainty. 
  • Bridges practice and regulation by creating a pathway supporting compliance, enabling lawyers to rely on trusted, certified identity services rather than reinventing idiosyncratic internal solutions. diacc.ca

In short, this profile turns what was once discretionary or opaque into something auditable, transparent, and scalable.

The Challenge We Face: Rising Fraud, Rapid Change

The timing of this launch is critical. Fraud and identity theft remain persistent threats in Canada’s digital era:

  • In 2023, the police-reported rate of general fraud increased by 12% compared to 2022, despite a decline in incidents of identity fraud and identity theft. Statistics Canada 
  • In 2024 alone, Canadians lost $638 million to fraud. Canada.ca 
  • A 2025 Equifax study found that 48% of Canadians personally know someone who was a victim of identity theft. equifax.ca

These numbers reflect only a fraction of what’s really happening; many victims don’t report fraud, and many attacks go undetected for long periods.

The legal sector: lawyers have fiduciary responsibilities, handle funds, and often deal with clients remotely. The accuracy and trustworthiness of identity verification are crucial to maintaining legal integrity.

A Shifting Regulatory Landscape

Law societies and regulatory bodies are recalibrating in response to shifting norms and evolving risks:

  • Jurisdictions have rescinded the pandemic-era relaxations that allowed remote client verification via video calls alone. diacc.ca
  • The updated Client Identification and Verification (CIV) Rules now require that virtual verification utilize authentication technology capable of confirming the authenticity of government-issued IDs, rather than merely displaying them over video. Law Society of Alberta 
  • The use of third-party agents is now more explicitly permitted, provided the agent complies with the regulatory criteria, allowing lawyers to exercise controlled flexibility in how they operationalize identity checks. Law Society of Alberta | Law Society of British Columbia 

These changes place greater demands on vendors, law firms, and regulators, but also create openings for innovation, standardization, and certainty.

Progress Through Collaboration

What makes the release of the DIACC PCTF Legal Professionals Profile especially meaningful is that it represents progress through collaboration:

  1. Information was sought from the Federation of Law Societies of Canada to assist in creating the Legal Professionals Profile, enabling the tailoring of verification requirements to real-world legal workflows.
  2. Identity technology providers, such as Treefort Technologies, one of the first services to earn PCTF certification under the DIACC program, now have visible, auditable pathways to align with the legal sector’s expectations. Treefort’s early certification signals to lawyers and law societies that robust verification solutions are market-ready. Treeforttech 
  3. Legal professionals and firms now have a more straightforward path to choosing verification services that conform, not just on paper, but in practice. The DIACC Member Services Directory and the Trusted List of certified services are ready reference points. diacc.ca

By stepping into a coordination role, neither vendor nor regulator, DIACC has helped create common ground. Such neutral convening is rare, but essential in domains where trust, regulation, and technology must intersect.

What This Means for Canadian Lawyers on the Front Lines

For lawyers, especially those serving clients remotely or handling high-risk transactions, the implications are real:

  • Less friction in onboarding new clients, because lawyers can confidently outsource identity checks to trusted services.
  • Reduced liability and regulatory risk, because the verification process is auditable and traceable.
  • More consistency in expectations across jurisdictions would reduce the burden of navigating different local rules.
  • Improved client confidence, clients increasingly expect digital convenience without compromising security.

Consider the example of remote identity verification in real estate law. Lawyers like “Jamie” can now verify client identity using vendor services that combine document authentication, facial matching, liveness checks, and risk assessments, without requiring clients to come into the office. diacc.ca

It’s a tangible shift: trust, remote convenience, and compliance can coexist.

The Road Ahead: Opportunities & Challenges

This milestone is a launch point, not a finish line. Here’s what remains:

  • Broad adoption: The value of the Profile grows only when law societies, large firms, small practices, and vendors all adopt it.
  • Ongoing certification rigour: As bad-actor fraud techniques advance (e.g., AI-assisted deepfakes, synthetic identity attacks), the conformance criteria must evolve.
  • Education and support: Many lawyers will require help in selecting, integrating, and monitoring identity verification services.
  • Interoperability across sectors: Legal identity verification must increasingly interoperate with banking, government, and other trust ecosystems.
  • Monitoring outcomes and feedback loops: We need to measure how this framework reduces fraud, speeds onboarding, builds confidence and iterates.

In Gratitude and in Resolve

To everyone who has supported this effort, from regulators to identity solution providers and legal professionals, thank you. This profile is stronger because of your feedback, engagement, and dedication.

Our work is far from done. As fraudsters refine their tactics, we must continue to refine, adapt, and collaborate. That is the spirit of digital trust: not static defence, but evolving resilience.

DIACC remains committed to serving as a neutral, trusted enabler in this journey. We will continue to expand resources, convene stakeholders, monitor real-world outcomes, and raise the bar as threats evolve.

May this milestone mark what we’ve collectively accomplished and catalyze what comes next, a legal sector where client verification is seamless, fraud is harder to commit, and trust is foundational to every digital legal interaction.

Joni Brennan
President, DIACC

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

DIACC Unviels Digital Trust Adoption Dashboard: Transparency for a Connected Canada

October 16, 2025 – We are thrilled to announce the launch of DIACC’s Digital Trust Adoption Dashboard, a transformative, interactive tool developed by our Adoption Expert Committee (AEC), marking a pivotal moment in Canada’s digital trust journey.

This public resource maps the evolution of digital trust programs across Canada’s provinces and territories. By combining data from government sources with an interactive, map-based interface, the dashboard reveals the current state of digital verification and authentication services, trust program adoption, interoperability, and maturity across the country.

Why This Matters for Canada

Digital trust is no longer optional; it is foundational infrastructure for a competitive, secure, and inclusive Canadian economy. Citizens deserve seamless, secure access to services. Businesses require trusted digital transactions to thrive. Governments need efficient, interoperable systems to serve their constituents effectively.

This dashboard empowers decision-makers, innovators, and policymakers to move beyond assumptions and into action. It reveals where progress is accelerating, where gaps exist, and, most critically, where strategic alignment and collaboration can unlock exponential value for all Canadians. In an era where digital capability determines economic resilience, this transparency is not just valuable; it is essential.

Built on Collaboration, Designed for Impact

Developed through rigorous collaboration among the AEC, government partners across jurisdictions, and DIACC’s dedicated team, this dashboard demonstrates the power of public-private collaboration. Each data point reflects publicly observable information, and, to the greatest extent possible, we’ve validated the data for accuracy.

The AEC will maintain and evolve this living resource, with regular reviews and updates triggered by significant program or policy developments. Regular monitoring ensures the dashboard remains not just current but also actionable, a dynamic tool that grows in value as Canada’s digital trust public sector services ecosystem matures.

A Call to Engagement

This initiative embodies DIACC’s commitment to making Canada’s digital trust landscape auditable, transparent, and interconnected. We are advancing both economic innovation and public good by providing an accessible, evidence-based foundation for informed decision-making.

As this tool evolves, we invite the Canadian public, industry stakeholders, and government partners to engage with it, share insights, and provide feedback. Your perspectives will strengthen this resource and accelerate our collective progress. Please direct your feedback and inquiries to contact@diacc.ca.

We congratulate the AEC and the entire DIACC team for delivering this critical milestone in Canada’s digital trust transformation. This tool demonstrates leadership in action, which is what our nation needs as we build the trusted digital future Canadians deserve.

DIACC’s Digital Trust Adoption Dashboard

Developed by our Adoption Expert Committee (AEC)

Purpose & Intent

  • Provide an interactive map showing current public-sector digital trust programs offered across Canadian provinces and territories.
  • Enable stakeholders to see adoption, interoperability, and maturity at a glance.
  • Support evidence-based decision-making and identify opportunities for collaboration, alignment, and private sector engagement.

How We Collected Data

  • Coordinated efforts with the support of AEC members and DIACC staff.
  • Observable/visible data from public government sources (program names, departments, service destinations, adoption metrics).
  • Structured questions (developed by AEC) to ensure consistency across jurisdictions.
  • Targeted government consultations to validate findings and capture policy context.

Committee Role & Maintenance

  • Ongoing stewardship: The AEC is responsible for maintaining the dashboard’s accuracy and relevance.
  • Review cadence: Annual reviews, plus updates triggered by major policy, regulatory, or program changes.
  • Monitoring: Track government announcements, adoption metrics, and stakeholder input to keep data fresh and actionable.

Key Takeaways

  • Purpose: Deliver a transparent, observable data-based view of Canada’s digital trust landscape.
  • Methodology: Grounded in both observable-sourced data and committee government representative consultations.
  • Sustainability: Maintained by AEC with annual reviews and update triggers.

Utility: A living tool to support strategy, collaboration, and interoperability at the national level.

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

Reimagining Canada Post: From Delivering Mail to Delivering Trust

A Letter from the President

Canada Post is losing approximately ten million dollars per day. The traditional business model of delivering physical mail to every Canadian address is fundamentally unsustainable. The federal government has directed the corporation to reduce delivery frequency and fundamentally transform operations.

Crisis as Catalyst

This is a crisis. However, it’s also an opportunity that Canada risks missing if we consider Canada Post solely in terms of mail delivery.

The Hidden Infrastructure

Consider what Canada Post actually represents: a trusted institution with physical presence in virtually every Canadian community, deep expertise in verification and logistics, existing relationships spanning individuals and businesses, public accountability, and a mandate to serve all Canadians regardless of commercial viability.

These aren’t assets to be wound down. They are the foundations for building Canada’s digital trust infrastructure.

Where Private Innovation Falls Short

The private sector has pioneered remarkable innovations in digital trust and identity verification, user experience, and privacy-enhancing technologies. Still, private sector solutions may face inherent limitations: market forces drive them toward commercially valuable populations and geographies; profit imperatives can create tensions with privacy protection; and competitive dynamics resist the open standards that enable broad interoperability.

A Vision for Digital Trust

Canada Post could bridge this gap, not by displacing private innovation, but by complementing it. Imagine Canada Post operating as a privacy-preserving verification service that helps Canadians prove their identity online, confirm addresses for e-commerce and financial services, and authenticate business credentials. Imagine post offices serving as trusted in-person verification points where Canadians without smartphones or digital literacy can establish digital credentials with assistance. Imagine Canada Post providing the addressing infrastructure that enables secure digital commerce while protecting privacy.

Complement, Not Compete

This isn’t about government competing with private sector innovators. It’s about leveraging a trusted public institution to ensure universal access, serve populations that aren’t commercially attractive, maintain the physical-digital bridge that inclusion requires, and operate according to public interest principles rather than purely commercial logic.

Asking The Right Question

Canada Post’s transformation should be guided by a simple question: What role can a universally accessible, publicly accountable, and privacy-respecting institution play in Canada’s digital trust ecosystem? The answer isn’t “deliver less mail.” It’s “deliver digital trust services that complement private innovation while ensuring no Canadian is left behind.”

Joni Brennan
President, DIACC

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

Learning from BritCard: Why Architecture Matters for Digital Trust and Identity

A Letter from the President, DIACC

The choices we make about digital trust and identity verification architecture today will shape Canadian privacy, security, and digital rights for generations to come. Recent developments in the United Kingdom offer a timely reminder: how we build digital trust and identity systems matters as much as whether we build them.

Canadians demand a path that’s grounded in the principles of federation, decentralization, privacy by design, and user control. As pressure mounts globally for mandatory and centralized digital identity systems, we must advocate for principles that ensure our implementations live up to the designs that Canadian’s demand.

The UK’s Announced Approach

The UK faces genuine challenges that digital trust and identity could address. Document fraud in right-to-work verification creates significant problems. Administrative burden on employers is substantial. And approximately 10% of UK residents have never held a passport, creating barriers to proving identity for routine transactions. A digital credential accessible via a smartphone, which 93% of UK adults possess, could help address these legitimate issues.

The critical question isn’t whether digital trust and identity can solve real problems. It’s how it’s implemented.

The UK government has committed to making its proposed BritCard system mandatory and references “a central database of people entitled to live and work in the UK.” Cybersecurity experts have been explicit in their warnings: centralized databases create “enormous hacking targets,” particularly when complex dependency chains involving contractors and integrators are involved. Within days of the announcement, 1.6 million people had signed petitions opposing the scheme, expressing concerns about surveillance and the notion of “Big Brother in your pocket.”

These concerns aren’t theoretical. Centralized identity databases have been compromised in multiple jurisdictions, impacting millions of individuals. Once compromised, the consequences include identity theft, widespread fraud, and erosion of public trust that takes years to rebuild. The attack surface, which arises from aggregating millions of records in centralized systems, is of enormous importance.

Architecture as Values Made Concrete

There is an alternative architectural strategy that is privacy-preserving and uses decentralized credentials. This approach uses:

  • Cryptographically-signed credentials that are held on user devices, not in centralized databases
  • Verification happens through cryptographic proofs rather than database lookups
  • Selective disclosure enables proving what’s necessary (like eligibility to work) without revealing your complete identity profile
  • Users control when and how their credentials are shared

This isn’t experimental technology. Estonia has operated such a system successfully for over two decades. The EU Digital Identity Wallet regulation explicitly requires selective disclosure and offline verification capability. Singapore’s Singpass uses QR-code-based verification to minimize tracking. These approaches have been proven at the national scale.

The lesson for Canada isn’t “don’t build digital trust and identity verification.” It’s “architecture must reflect values.

A mandatory system built on centralized databases carries fundamentally different privacy risks, security vulnerabilities, and civil liberties implications than a voluntary system using privacy-preserving credentials held by users. The efficiency gains and fraud reduction can be achieved through either approach; however, one strategy respects privacy by design rather than by promise.

Canada’s Distinctly Different Approach

Canada has already charted a different course. Aligning with our governance models and values, our approach is decentralized. There is no single national digital identity system, no central government database of all Canadians, and no mandatory credential that citizens are required to obtain. Learn more about our vision for Canada’s decentralized approach.

Instead, our vision of a digital trust and identity verification ecosystem aligns with the Pan-Canadian Trust Framework (PCTF), developed by DIACC in collaboration with federal, provincial, and territorial governments, financial institutions, telecommunications providers, privacy advocates, and civil society organizations. The PCTF enables digital trust and identity services through:

  • Federated Architecture: Multiple credential issuers (provinces, federal government, private sector organizations) can issue credentials that are mutually recognized through conformance to a common framework of components without creating centralized databases or requiring technological uniformity.
  • Privacy by Design: The PCTF embeds privacy protections at the architectural level. Requirements include data minimization, purpose limitation, selective disclosure capabilities, transparent consent management, and security safeguards proportionate to the sensitivity of the information. These aren’t policy aspirations; they’re assessed through independent certification.
  • User Control: Individuals maintain control over their credentials and decide when and with whom to share information. Credentials can be stored on personal devices, and users can revoke consent and withdraw their credentials through clear procedures for data deletion.
  • Voluntary Adoption: Digital credentials supplement rather than replace existing identity documents. Canadians choose whether to use digital identity based on convenience, security, and trust. It’s not a government mandate.
  • Verifiable Privacy Protections: Through DIACC’s PCTF Certification Program, organizations can obtain independent verification that their digital trust and identity verification services implement privacy-preserving architectures. This shifts privacy from a policy promise to a verified reality.

This approach reflects what Canadians want. Our research consistently indicates that privacy, security, and choice are key factors driving Canadians’ desire for digital trust and identity. The bottom line is that voluntary, privacy-focused solutions earn public trust, while mandatory systems face resistance.

The Technologies That Enable Privacy

Privacy-preserving digital trust and identity isn’t just philosophically preferable; it’s technically achievable through verifiable credentials and related technologies that the PCTF supports:

  • Selective Disclosure: Instead of presenting your entire driver’s licence to prove you’re old enough to purchase age-restricted products, you can present a cryptographic proof that you’re over 19, without revealing your birth date, address, or even your name. The verifier gets the answer they need; you retain privacy over information they don’t.
  • Decentralized Verification: Credentials can be verified through cryptographic signatures without requiring queries to centralized databases. This means verification can happen offline, in real-time, without creating transaction records that enable tracking or surveillance.
  • Zero-Knowledge Proofs: Advanced cryptographic techniques enable proving statements about your identity (such as “I am a resident of Ontario” or “I hold a valid professional license”) without revealing the underlying credential or creating linkable identifiers across different interactions.
  • User-Held Credentials: When credentials live on your device rather than in government or corporate databases, you control when they’re shared. A data breach at one organization doesn’t compromise your credentials held elsewhere.

These technologies are standardized and operating at scale internationally. Canada’s PCTF is designed to accommodate them as they become more widely deployed, ensuring that our framework supports the most privacy-preserving approaches available.

What This Means for Canada’s Digital Future

The path forward requires intentionality about the choices we make now, in procurement specifications, in system design, in policy development, and in public dialogue:

  • For Government Leaders: The PCTF bridges regulations with operational realities to provide a foundation for cross-sector interoperability. Resist pressure for centralized databases or mandatory systems. Ensure procurement specifications prioritize privacy-preserving architectures and require independent DIACC’s PCTF certification. Build the physical-digital bridges (assisted digital services, multi-modal access) that ensure universal accessibility.
  • For Industry Stakeholders: Pursue PCTF certification for digital trust and identity solutions and design products that implement selective disclosure and user control, rather than relying on maximalist data collection. Accept certified credentials from diverse issuers to create convenience that drives voluntary adoption. Contribute expertise to framework evolution.
  • For Privacy Advocates and Civil Society: Hold organizations accountable for their privacy promises by demanding PCTF certification. Participate in framework governance to ensure that citizen perspectives inform the technical architecture. Help build public understanding of how privacy-preserving systems work and why architecture matters.
  • For Technology Providers: Align product development with PCTF specifications and privacy-preserving technologies. Seek DIACC PCTF certification for competitive differentiation. Invest in open standards that prevent lock-in and enable interoperability. Innovate on capabilities including: verifiable credentials, selective disclosure, and zero-knowledge proofs.
  • For Citizens: Engage with digital trust and identity programs as they launch. Demand transparency about whether systems use centralized databases or decentralized credentials. Provide feedback on usability, accessibility, and privacy concerns. Exercise control over personal information through consent management: support organizations that pursue voluntary, privacy-preserving approaches over mandatory, surveillance-enabling architectures.

Building Services Worthy of Trust

Canada can build a digital trust and identity verification infrastructure of services that are:

  • More secure because it’s decentralized — no honeypot databases to target
  • Widely adopted because it’s genuinely helpful and voluntary — convenience without coercion
  • Privacy-protecting through architecture, not only policy promises — verified through independent testing
  • Interoperable while respecting jurisdictional sovereignty — federation without centralization
  • Inclusive by design rather than by afterthought — multi-modal access serving all Canadians

Our success demands that we prioritize privacy-preserving architectures in procurement specifications, insist on open standards and independent verification, invest in accessibility for all Canadians regardless of their digital literacy or access to technology, and establish strong trust frameworks and mutual recognition mechanisms that enable effective federation.

The path forward isn’t about government versus private sector, federal versus provincial, or mandatory versus voluntary in the abstract. It’s about all of us, across jurisdictions and sectors, committing to build and use digital trust infrastructure services that are distinctly Canadian: digital trust infrastructure that reflects our federal structure, our values, and our constitutional commitments to privacy and individual rights.

The UK’s experience with BritCard is a reminder that design choices matter. Centralized, mandatory systems may promise efficiency, but they carry profound risks to privacy, security, and civil liberties. Canadians have chosen differently, and we must ensure our implementations honour their choice.

We can develop digital trust and identity verification services that earn the confidence of Canadians. The architecture exists. The technologies are operational. The framework is ready. What remains is a collective commitment to getting the implementation right.

The choices are ours to make. The time to make them thoughtfully is now.

Joni Brennan
President, DIACC

Further Reading:

DIACC is Where Digital Trust Means Business

Contact us to be a part of the change you want to see, stay informed about developments in digital trust and identity verification, and learn how you can contribute to discussion drafts or become a member.

Recognizing Quebec’s Digital Trust and Cybersecurity Leadership in Kananaskis

October 2, 2025

DIACC is proud to recognize Quebec’s leadership during the recent Federal, Provincial and Territorial Ministers’ and Deputy Ministers’ Seminar on Digital Trust and Cybersecurity in Kananaskis, Alberta. As co-chair, Quebec’s Deputy Minister of Cyber and Digital Affairs and Chief Information Officer played a key role in driving progress, resulting in a collaborative agreement on crucial cybersecurity proposals.

This strategic approach to digital trust demonstrates Quebec’s efforts to create more secure and responsive government services for its citizens and businesses. The province has taken a forward-thinking approach to solving complex digital challenges by uniting teams and platforms under a single, reliable framework. This creates a streamlined “digital front door” for everyone, with features like “tell us once” and coordinated service delivery.

DIACC looks forward to a continued partnership supporting Quebec’s digital trust leadership. By building on these foundations, Quebec is strengthening its reputation as a pioneer in digital innovation. This ongoing work empowers Quebecers, strengthens local businesses, and fuels innovation across the province and Canada.

Joni Brennan
President, DIACC

Spotlight on Autocorp.ai

1. What is the mission and vision of Autocorp.ai?

Our mission is to modernize the car-buying experience by building digital tools that put transparency, trust, and efficiency first. We envision a future where automotive retail is fully digital, seamless, and secure — empowering dealerships to sell smarter and customers to buy with confidence.

2. Why is trustworthy digital identity critical for existing and emerging markets?

Trust is the currency of digital commerce. In automotive, where vehicles are high-value assets, fraud has surged — with identity fraud making up over 75% of fraudulent applications in Canada. For existing markets, strong ID verification prevents costly theft and financial loss. For emerging markets, it lays the foundation for safe digital transactions, unlocking growth and inclusion by making financing and ownership accessible to more people.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

Digital trust will accelerate financing, reduce fraud-related losses, and expand access to credit globally. In Canada alone, automotive fraud rose 54% year-over-year – a clear signal that transformation is needed. Our solution, AVA™ ID, leverages AI, biometrics, and OCR to verify identities in seconds while ensuring compliance with KYC and AML regulations. This helps dealerships and lenders eliminate inefficiencies, cut losses, and create safer digital ecosystems that power sustainable economic growth.

4. What role does Canada have to play as a leader in this space?

Canada is uniquely positioned to lead – combining strong financial institutions, progressive regulatory frameworks, and advanced data security expertise. By innovating in industries like automotive, Canada can export proven models of secure digital identity verification to global markets, setting the standard for how high-value transactions should be protected.

5. Why did your organization join the DIACC?

We joined the DIACC because digital trust is bigger than any one company. It requires collaboration across industries, regulators, and innovators. By being part of DIACC, we ensure that the automotive sector’s needs are represented while contributing to the creation of national standards that build confidence for consumers and businesses alike.

6. What else should we know about your organization?

Autocorp.ai is Canada’s first fintech to bring No-Impact Credit Checks, real-time Trade-in Valuations, and Fraud-Proof Test Drives into a unified digital retail suite. Our tools are already helping dealerships increase conversion by 35%, revenue by 28%, and lead generation by 55%. More than just software, we’re building the digital infrastructure that ensures every automotive transaction – from credit pre-approval to keys-in-hand – is safe, fast, and customer-first.

Supporting Canada’s Buy Canadian Mandate While Balancing Global Collaboration

September 24, 2025

In a world of increasing economic uncertainty and shifting global supply chains, prioritizing Canadian talent, goods, and innovation sends a clear message of support for workers, businesses, and communities across the country. At the same time, Canada’s continued openness to fair international collaboration and competition will remain essential for ensuring that Canadian businesses remain innovative, globally competitive, and resilient.

DIACC and its members have worked for over a decade to advance digital trust as a cornerstone of a strong and inclusive digital economy. Secure, verifiable credentials and trusted digital identity can help Canadian businesses demonstrate compliance, access new markets, and participate confidently in both domestic and international supply chains.

DIACC stands ready to partner with governments, industries, and communities to ensure that Buy Canadian measures are implemented in a way that protects and empowers Canadian workers while maintaining the interoperability and global connections that sustain innovation and economic growth. 

Together, we can strengthen Canada’s economy, uphold fairness, and position Canadian solutions to thrive on the world stage.

Joni Brennan
President, DIACC

« Older Entries

Newer Entries »