The OECD Recommendation on the Governance of Digital Identity has been adopted by Ministers. This marks the culmination of several years’ work — for me, a process of close collaboration with Barbara and Cecilia and the OECD’s E-Leaders Working Party of Senior Digital Government Officials. In that time we’ve developed important conceptual foundations with our work in Chile and then captured some excellent global comparative experiences in this compendium for the G20.

In the course of developing this Recommendation I’m particularly proud of how we brought in a wide range of perspectives in the development. We started with an attempt at user research by sitting down with digital identity teams from across the OECD, we workshopped through early iterations of the recommendations, convened an external group of experts and then used the Observatory of Public Sector Innovation’s dedicated consultation platform to open up the earlier draft for public comment.

Honestly it was a bit of a fight to do all of these extra, but value adding, steps (and frustratingly subsequent exercises on these lines have regressed to a PDF and an email address) but this wasn’t cosmetic. The feedback loop with civil society, experts and ordinary citizens mattered. And you can see the difference: between the draft consulted on and the final version endorsed by Ministers, the text gained sharper language on inclusion, stronger recognition of user control, clearer obligations on oversight and redress, and a deeper emphasis on cross-border trust.

This exercise in consultation didn’t just give the Recommendation greater legitimacy, it has made it a better instrument. As usual, a reminder to make things open, because it makes them better.

What’s the TL;DR?

Digital identity is critical public infrastructure.

This Recommendation commits OECD countries to govern digital identity not as a narrow technical scheme but as a core enabler of trust, inclusion and international interoperability. It sets out a principles-based framework under three pillars: user-centred inclusion, robust governance, and cross-border portability.

Why it matters

Identity verification has always been essential but in the digital age, physical cards and passports alone are not enough. Digital identity underpins access to services, participation in the economy and cross-border transactions. Yet it is also risky: touching privacy, security, liability, inclusion and trust. That makes governance fundamental. The Recommendation’s narrative frames digital identity as critical digital public infrastructure, on a par with connectivity, payments and registries.

What the Recommendation covers

The Recommendation is structured around three main pillars:

  1. User-centred and inclusive systems
    • Apply service design methods to make digital identity effective and usable.
    • Prioritise accessibility and affordability; preserve non-digital alternatives.
    • Encourage privacy-preserving and consent-based solutions, with user control over attributes and credentials.
    • Provide support and skills-building for those excluded or struggling to access services.
    • Monitor, evaluate and publish performance to ensure accountability.
  2. Strengthening governance
    • Treat digital identity as strategic: set a long-term vision, clarify roles and responsibilities, and establish clear oversight.
    • Anchor systems in privacy and security by design, with risk-based assurance levels.
    • Align legal and regulatory frameworks, including liability, dispute resolution and redress.
    • Promote public–private collaboration, healthy markets, and openness to alternative models.
    • Establish trust frameworks and ensure ongoing investment, resilience and environmental sustainability.
    • Anticipate emerging risks and adapt governance accordingly.
  3. Cross-border portability
    • Identify priority use cases for cross-border interoperability.
    • Cooperate internationally to map legal requirements, align trust frameworks and technical standards, and explore regulatory experimentation.
    • Avoid discrimination against foreign users; clarify liability in cross-border transactions.
    • Designate national points of contact and produce roadmaps for recognising each other’s credentials.

The up-front narrative

The Recommendation opens with a compelling scene-setting:

  • Digital identity is essential for societies, economies and democracies.
  • Physical documents alone are no longer adequate.
  • Governance must balance opportunity with risks: from inclusion and adoption to liability and cybercrime.
  • Trust between public and private actors is critical, requiring strategy, regulation and international cooperation.
  • User-centred design and democratic values are non-negotiable foundations.

This narrative positions digital identity not just as a technical matter but as a social and political choice about how trust is mediated in digital societies.

The value of consultation

The consultation period was pivotal. The draft text (publicly available through the OPSI engagement platform) contained the core structure, but the open feedback helped us to strengthen:

  • Language on equity and inclusion.
  • Recognition of vulnerable groups and minorities.
  • Provisions for transparency, redress and dispute resolution.
  • Sharper commitments on privacy, user control and limiting data trails.
  • A clearer roadmap for international collaboration and cross-border trust.

That all helped to make sure that the final version is not only more robust it is also more legitimate because it is shaped by voices beyond government insiders.

Why OECD Recommendations matter

Recommendations are not binding law, but I’d like to think that they matter:

  • They are adopted by Ministers as collective political commitments
  • They become benchmarks for national reform and peer review
  • They are monitored and revisited — in this case, a formal review in 2028
  • They shape international norms and guide other fora (e.g. G20, EU, World Bank)

All of the above should mean that they are viewed as helpful and reliable sources of inspiration and reference when OECD members, and then particularly candidates for accession, are thinking, planning and delivering their approaches to digital identity.

The blurb

The Recommendation on the Governance of Digital Identity was adopted by the OECD Council meeting at Ministerial level on 8 June 2023 on the proposal of the Public Governance Committee (PGC). The Recommendation aims to guide Adherents in their efforts to successfully establish domestic approaches to digital identity that are user-centred, trusted and well-governed and in so doing create the conditions for achieving the ambition of full international interoperability to realise the value of digital identity across geography, technology and sectors.

Available from the OECD’s repository of Legal Instruments