A shift in focus: business identity at the forefront of digital identity discussions during the DICE UnConference
“We don’t talk about legal entities today, only about natural persons,” stated one speaker, immediately setting the tone at the DICE UnConference Europe 2024. INNOPAY’s Douwe Lycklama, Beau Schellekens and Jeroen van der Hoeven were present at the event. Here, they report on their findings regarding the evolving digital identity landscape.
There was a notable shift in focus at this year’s event. Last year’s DICE UnConference was dominated by discussions on interoperability and the selection of standards for the development of the European Digital Identity Wallet (EUDIW) and the Swiss e-ID Act. Back then, those foundational topics were crucial as the industry grappled with the technical and regulatory challenges of establishing robust digital identity systems. Whereas those previous discussions were heavily focused on interoperability and standards, there was a wider variety of sessions this year. This change signals a growing understanding within the community that digital identity extends beyond foundational technical matters.
Unexplored territories: exploring the relevance of digital business identity solutions
One significant observation from last year’s discussions was the relatively unexplored domain of how businesses and individuals acting on behalf of a business identify themselves in external interactions. As digital identity systems evolve, the focus has largely been on natural persons, leaving a gap in the conversation around business-to-business (B2B) digital identity systems.
Despite the consensus echoed by the statement prioritising identity developments for natural persons over legal entities, we were pleased to see increased traction this year in the domain of business identity and legal entity wallets. Several sessions were dedicated to exploring these critical areas, with notable examples including discussions led by the Global Legal Entity Identifier Foundation (GLEIF), Company Passport (an initiative of the Dutch Blockchain Coalition) and the EU Digital Identity Wallet Consortium (EWC). These and various other innovative sessions highlighted the growing importance of robust business identity solutions in the digital ecosystem.
INNOPAY actively contributed to this dialogue by hosting multiple sessions focused on business identity ecosystems. Our sessions delved into the governance of trust frameworks and the potential role of Self-Sovereign Identity (SSI) wallets in this context. We aimed to foster a deeper understanding of how business identity solutions can be effectively integrated and managed, ensuring secure and trusted interactions between businesses.
Step by step: how business identity works in practice
Practical applications of business identity can extend beyond business-to-business (B2B) transactions to also include business-to-government (B2G), business-to-machine (B2M), and machine-to-machine (M2M) transactions. One B2B example is the process of filing taxes, where an authorised internal accountant accesses the tax office’s digital portal to facilitate the filing on behalf of a business. The critical question then arises: How can the tax office verify the identity and authorisation of the accountant to conduct tax-related activities on behalf of the business?
The following step-by-step guide illustrates how an exemplary solution for business identity works in practice:
- The Admin of the legal entity (a legal representative of the company) registers the legal entity in the Trust Framework using its unique identifier, e.g. Chamber of Commerce number or Legal Entity Identifier (LEI). The Admin then receives admin credentials linked to the company. Using the admin credentials, the Admin grants specific rights (or authorisations) through mandates to the employee, documenting these mandates in a Mandate Registry. The Mandate Registry functions as a comprehensive list of authorised services within the Trust Framework, detailing who is authorised to access which services on behalf of a given business. There can be multiple, decentralised Mandate Registries within a Trust Framework.
- After the Employee of the legal entity has been successfully assigned a mandate in the Mandate Registry, the Employee requests a service from the Relying Party, identifying with personal credentials.
- Based on the identification credentials of the Employee, the Relying Party initiates the system’s verification process to confirm whether the employee is authorised to act on behalf of the legal entity for the requested services.
- If the individual to which the credential belongs is authorised by the legal entity to perform the specific service requested (on behalf of the legal entity), the system replies.
- The Relying Party grants or denies access to the requested services, according to the obtained reply.
The strength of this ecosystem, compared to bilateral agreements between businesses, is its efficiency and simplicity for the users. Both sides of the market benefit from the Trust Framework, which includes an elaborate set of rules and agreements fostering efficiency, scale, standardisation, and security in sharing data across the ecosystem. For legal entities, streamlined processes eliminate the burden of excessive paperwork and extensive procedures. For example, a legal entity registers an Employee once and the Admin can easily document and change mandates in the registry on an ongoing basis. Simultaneously, the Relying Party can mitigate risks from transactions with unauthorised counterparties, benefiting from early checks embedded in the legal entity’s registration and employee authorisation processes.
Unlocking the potential of business identity ecosystems: an example
A business identity ecosystem with bespoke and well define roles (issuers, verifiers, mandate registries etc), governed by a solid Trust Framework renders bilateral agreements obsolete. This allows for maximum scaleability and redundancy combined with a complex system with high granularity, that focuses on an extensive number of services across sectors.
One example of a successful implementation of a business identity solution in the Netherlands is eHerkenning (referred to as ‘eRecognition’ in English). This solution based on a Mandate Registry emerged from a public-private initiative in 2010. It currently connects more than 600 organisations , and annually has 13.3 million employee logins coming from virtually all companies in the Netherlands – and this figure is still growing.
Addressing the complex needs: the community is ready
The increased focus on business digital identity that was visible at this year’s DICE UnConference in Zurich marks a significant step forward. It reflects the community’s readiness to address the complex needs of business interactions in the digital age. The coming of the EUDI Wallet and the Swiss e-ID Act make the creation, implementation and adoption of business identity easier and faster.
INNOPAY is proud to be at the forefront of these developments, contributing to a more connected and trustworthy digital world. By expanding the focus to include business identity, we are paving the way for more secure and efficient digital interactions across all sectors. In a future publication, we will explore the implementation of digital identity wallets in a business identity ecosystem.
If you’re interested in delving into the requirements and opportunities of the new digital identity landscape, please reach out to us.