Core Principles for Closing the Trust Gap

Organizations and governments must prioritize transparency, robust data protection measures, and ethical data usage while actively engaging with the public. These core principles guide the development and implementation of digital trust capabilities that protect and enhance individual privacy and security.

Putting Principles into Practice

These principles aren’t theoretical—they’re the foundation for digital trust capabilities that earn and maintain public confidence. Organizations implementing digital trust and verification solutions should:

  • Begin with these principles as non-negotiable requirements
  • Evaluate every design decision against them
  • Communicate how solutions embody these principles
  • Accept feedback and adjust when falling short
  • Collaborate across sectors to uphold shared standards

1. Privacy and Personal Data Control

Privacy and personal data control are powerful tools to help safely confirm a person’s identity. Digital trust capabilities hold the potential to put people in control of their data, streamline processes, enhance security, and improve access to services.

Key requirements:

  • People must have confidence and control over their identity data
  • Evidence that privacy, security, and choices are secured
  • Transparent governance that’s understandable to the public
  • Accountability mechanisms when things go wrong
  • Privacy-by-design architecture, not privacy as an afterthought

2. Voluntary Adoption

Use of government-issued digital credentials must be voluntary. People must have the choice to opt-out, as they can in the private sector. Digital credentials are not intended to replace existing physical identification methods, but to serve as an optional supplemental tool.

What this means:

  • No one should be forced to use digital identification
  • Physical alternatives must remain available
  • No penalties for choosing traditional methods
  • Clear communication that adoption is a choice
  • Universal acceptance should not be the goal

Critical understanding: There will never be universal consensus on digital trust capabilities—and that’s acceptable. Services should be designed to benefit those who choose to adopt them, while respecting those who don’t.

3. Data Minimization

Well-designed digital trust solutions enable people to share only the minimum information needed to complete a task. In most cases, people can be anonymous or pseudonymous and access services using credentials that don’t reveal unnecessary personal details.

Practical application:

  • Share only what’s required for each specific transaction
  • Age verification doesn’t require your full birthdate
  • Proof of residency doesn’t require your complete address
  • Credential validation doesn’t require full identity disclosure

4. People-Centred Design

A digital trust framework needs to be designed with people at the centre. Solutions must be inclusive, voluntary, resilient, and intuitive for both institutions and individuals.

Design imperatives:

  • Prioritize citizens’ needs and rights
  • Ensure accessibility for all, including those with disabilities
  • Design for diverse technical literacy levels
  • Consider different cultural and linguistic needs
  • Test with real users in real scenarios
  • Iterate based on user feedback

5. Interoperability and Standards

Digital trust systems must prioritize data portability and the rights of citizens to access and control their data. Governments must work together and with the private sector to ensure interoperability, privacy, and security.

Why this matters:

  • Fragmented systems create friction and limit value
  • Standards enable trust across organizational boundaries
  • Interoperability reduces costs for everyone
  • Portability empowers users to choose providers
  • Global standards enable international recognition

6. Transparency and Accountability

People gain confidence in services when the functioning and governance of the service is transparent and understandable. Digital trust and verification policy must be transparent, accountable, secure, and future-proofed.

Transparency requirements:

  • Clear, understandable rules about where data lives
  • Explicit information about who owns data
  • Visible explanations of how others use data
  • Public reporting on breaches and incidents
  • Independent oversight and audit capabilities
  • Mechanisms for redress when problems occur

Remember: Simply put, digital trust and verification is about enabling people with the choice and control to use the credentials they already have offline for their online activities. When built on these core principles, digital trust capabilities amplify, rather than undermine, individual autonomy and privacy.