Huduma number

Digital Identity Regulatory Framework: Do We Have One?

By John Walubengo

The annual ID4Africa conference was officially opened Thursday by President William Ruto in Nairobi. The President reiterated the plan to provide all Kenyan citizens and residents with a digital identity to facilitate and boost their involvement in online digital services.

This digital ID plan for Kenya was tried and failed during the last regime but that is a story for another day. Today we just need to understand the key concepts around digital IDs, their role and possible regulatory framework

But what exactly is an Identity?

An Identity is simply a set of characteristics that allows someone to be uniquely identified within a particular context. Unique identities are typically established at the point of birth, namely your assigned name, time, and place of birth or for foreigners, at the various points of immigration as they enter or leave sovereign territories.

Context is important since the set and details of the user characteristics required at the point of identification vary according to the purpose and objectives of the system or service being accessed by the individual.

For example, the policeman checking the validity of your driving Licence or your prospective employer wishing to hire you or the election official wishing to allow you to vote would all require different sets of identity attributes – even though you are still the very same person across these diverse use cases.

The burden of multiple identity documents

At the moment, Kenyans are having to carry around all manner of different identity documents to be validated and cleared to access multiple and diverse types of government or public services.

In the private sector, the situation is not any better.

An online service like Facebook or Mobile service like MPESA or an email system like Google Mail will also demand different sets of identities and attributes from potential users before allowing them to access their respective services.

So an individual can easily end up dealing with between five to ten different digital identities and corresponding credentials needed to access the different private sector services.

There is a need to have a common framework that allows for a more efficient management framework for digital Identities. We need a trust framework for the digital ID ecosystem as per recommendations of the Smart Africa Digital ID Framework.

Digital ID Trust Frameworks

A trust framework would be similar to what we currently have under Credit Card Systems, the electronic payment system or internet domain names. The government essentially needs to create a digital ID marketplace with a set of rules, specifications or regulations that govern the digital ID space.

At the moment, the only legal and regulatory framework relating to digital identity service providers is found in the Kenya Information Communications Act (1998, section 83E) which provides for the Communication Authority of Kenya to issue licences for some digital ID operators called ‘Digital Certificate Authorities’.

The details of how licenced digital certificate operators behave in the market post-licensing are not quite clear. Issues to do with how they for example would inter-operate, compete or ensure data privacy issues are catered for are not explicitly spelt out.

It is time to deliberate and adopt a common Digital ID Trust Framework to avoid duplications and maybe a lack of interoperability between the various emerging digital ID service providers.


John Walubengo is an ICT Lecturer and Consultant. @jwalu.


David Indeje information

Related Posts

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.