Civic Engagement Platform

An official website of the OECD.
Created by the Public Governance Directorate This website was created by the OECD Observatory of Public Sector Innovation (OPSI) and Observatory of Civic Space, both within the Public Governance Directorate (GOV).
How to validate authenticity Validation that this is an official OECD website can be found on the Civic Space page of the corporate OECD website.
Go back

Draft Recommendation on the Governance of Digital Identity

More information and context

Commments for version

updated at 21 Mar 2023
  How I can comment this document?
Comments about
XIII. 4. Report to Council on the implementation, dissemination and continued relevance of this Recommendation no later than five years following its adoption and at least every ten years thereafter.

Comments (8)


You must sign in or sign up to leave a comment.
  • Chris Colenso-Dunne

    We may expect to see extraordinary efforts made by hostile state actors, acting in cahoots with organised crime groups, terrorists and others, to infiltrate, penetrate, capture, steal, download, sell, transmit, and disseminate stolen digital identities, in order to hijack user identities, to cause loss of assets and income, other financial losses, distress, chaos, widespread alarm, fear, and panic amongst users and governments. Technology races ahead. Processor speeds double every 18 months. Crime does not rest. There is no room for complacency. Quis custodiet ipsos custodes?

    No votes  |  I agree 0 I disagree 0
    No responses
    • Chris Colenso-Dunne

      Shall read:

      XIII. 4. Report to Council on the implementation, dissemination and continued relevance of this Recommendation no later than two years following its adoption and at least every five years thereafter.

      No votes  |  I agree 0 I disagree 0
      No responses
      • Michael BENAUDIS

        XIII. 4. Regularly report to Council on the implementation, dissemination, and continued relevance of this Recommendation to ensure its effectiveness and appropriateness in light of the evolving digital landscape. The first report should be submitted no later than two years following its adoption, with subsequent reports submitted at least every five years thereafter;

        • Eduardo Chongkan

          I see a problem with Countries having ro report compliance and advance on their own. Instead, not only for this set of recommendations, the OECD should implement a tool that performs automatic tests on the countries systems. This is because:

          A) When administration changes, a lot of projects are left unattended with no real Ownership. Year could go by and no one would be in ownership of these projects until 5 years have passed and somehow we are notified, then we run to report, and in my experience, sometimes we are evaluated high for these recommendations and the solutions are not implemented, and not effective.

          B) I personally believe there might be cases where someone reports a vague document or answers, even URLs to websites and the tools, but the tools don't work, or there are no resources or people in charge of the tools and requests.

          Is there a checklist at least of what a country should report in order to comply AND, a description on HOW the team in charge .. 1/2

          • Michael BENAUDIS

            I can understand your concerns regarding the potential lack of compliance and effectiveness of digital identity solutions and the need for a more comprehensive approach to monitoring their implementation. In response to your suggestion for the OECD to implement a tool that performs automatic tests on countries' systems, I agree that this could be a useful measure for ensuring ongoing compliance and effectiveness. However, it is important to note that such a tool would likely require significant resources and development to create and maintain. Regarding your question about whether there is a checklist for countries to report in order to comply, I believe that the OECD could develop such a checklist to provide clear guidance on what should be included in each country's report. Additionally, it would be helpful for the OECD to provide a description of how the team in charge of monitoring compliance and effectiveness would evaluate these reports and take action if necessary.

            • Michael BENAUDIS

              Overall, I agree that regular monitoring and reporting on the implementation and effectiveness of digital identity solutions is essential for ensuring their ongoing relevance and alignment with evolving digital landscape.

              No votes  |  I agree 0 I disagree 0
              No responses
          • Eduardo Chongkan

            of the implementations can make sure all the systems and recommendations are in compliance and FUNCTIONAL?

            e.g. Something like a list of TESTS to be run for both the implementers as well as by the OECD to make sure the recommendations are functional across the years? Like Quality Assurance Automation Guidelines ( similar to how a website is tested by agencies and QA teams )

            • Michael BENAUDIS

              Your suggestion regarding implementing a list of tests to ensure the functionality and compliance of the systems and recommendations is an excellent idea. Quality assurance automation guidelines can help in ensuring that the systems and recommendations are tested by implementers as well as the OECD to ensure that they remain functional and compliant over time. Regular reporting to the Council on the implementation, dissemination, and continued relevance of the recommendation is also crucial to ensure its effectiveness and appropriateness in the evolving digital landscape. The use of quality assurance automation guidelines can assist in monitoring and assessing the implementation of the recommendation.

              No votes  |  I agree 0 I disagree 0
              No responses