*** DRAFT DOCUMENT ***

“Every entity on earth and every person on the planet should know with certainty with whom they are communicating digitally”

One Consortium are seeking participation from traffic carrying companies, cloud communications providers and technology solution providers to develop the digital identity landscape for global communications, and to capture and document the requirements for recommended solutions that address spam, scam, and trust in telecommunications.

The Digital Identity working group aims to provide guidance and reference materials to traffic carrying companies, solution providers and regulators about the benefits of utilising verifiable and privacy-respecting digital identity while advocating for interoperable solutions and consistent regulation which is effective, easy to adopt, and internationally relevant.

Digital Identity refer to a set of electronic attributes or data points that uniquely and verifiably represent an entity (individual, organization, device or service) within the digital communications. Digital identity tools can enable the parties to authenticate the origin of communications and establish trusted interactions. Digital Identity can become the key to fostering an ecosystem of objective, trusted and interoperable solutions which provide a sharp, actionable contrast to unauthenticated spam and scam calls, and supporting effective mitigation, traceability, accountability and redress. Regulators can effectively encourage consistent adoption, law enforcement can attempt to identify and locate perpetrators and take corrective measures and Service Providers can mitigate fraud by inhibiting fraud and scams from originating, transmitting or terminating on their networks.

Through these efforts, the One Consortium, with its close collaboration with GIRAF, is in a unique position to help foster collaborative work with regulators on how best to leverage digital identity to tackle the challenges faced by the industry in a way that is practical, global and harmonized.

Approach

The focus will be on making cross-border, cross-channel and cross-sector efforts more effective by establishing a common set of principles and guidance for industry and regulators, delivered in a phased approach that emphasizes early value, real-world adoption, and inclusivity.

The group will be driven by the actual issues and requirements of traffic carrying providers, their subscribers and regulators.

• Phased Approach & Early Value: Take a phased approach to ensure value can be added early. This could be in the form of influence on regulation or developing early guidance for the industry
• Ecosystem Requirements: Document and evaluate requirements from the perspective of traffic carrying companies their subscribers and what they do (and do not) need for real-world implementations that can be introduced in a phased approach, progressively adding value.
• Collaboration & Education: Ensuring all working groups are advised on if and how digital identity could help fulfil their goals, and educate industry/regulators on benefits and practicalities
• Leverage & Harmonize Existing Work: Leverage established KYB/digital identity guidelines, industry efforts and open standards work that have taken place (i3forum, CCA, GLEIF, , etc.) and standardize practices to simplify and encourage adoption, and reduce friction.
• Inclusivity & Proportionality: Identify approaches that accommodate all ecosystem participants, enabling legitimate access for small providers and diverse markets, and tailoring requirements to the risk and use case.
• Cover all channels: Ensure work covers all communication types including Voice and SMS as well as RCS for business (formerly RBM)
• Verifiability as a Principle: Emphasize approaches rooted in cryptographically verifiable, independently checkable identity—trust based on portable, inspectable evidence, not just assertion or registration.
• Portability & Interoperability: Ensure identity, KYB/KYC/KYT, and due diligence evidence can be reused across providers, platforms, and jurisdictions, reducing duplication and barriers to adoption.
• Privacy by Design: Consider legal (GDPR, e-Privacy etc.), commercial, and individual privacy requirements in supporting data minimization, user choice, and business confidentiality.
• Layered Identity & Graduated Disclosure: Support multiple levels of identity assurance and graduated disclosure—sharing the right amount of information with the right audience at the right time (e.g., users, partners, law enforcement, regulators), while respecting privacy and business confidentiality.
• Assurance Levels & Differentiation: Consider the need for differing levels of assurance may be applicable in different scenarios, and highlight solutions that provide clear, end-verifiable communications—rather than blunt blocking of both legitimate and illegitimate calls.
• Enable Traceback & Analytics: Examine the role of verifiable digital identity in supporting efforts such as Traceback, analytics, and regulatory compliance. Develop recommendations on how identity solutions can enable calls and messages to be reliably attributed to accountable actors.
• Harmonization: National and cross-border solutions need collaborate with jurisdictional based approaches along with ensuring the benefits of international interoperability
• Wherever possible, consider safeguards against abuse by scammers

Proposed Initial work streams

• Regulator activities

Understanding what existing activities, solutions and consultations are being undertaken by regulators. Understand what problems these solutions and proposals are trying to solve. Work to ensure activities are harmonized and interoperable at a national level and at an international level

• Industry and standards activities

What activities are happening in the industry and standards space. What problems are they trying to solve. Ensure we cover Digital identity for organisations, individuals and automated agents. Initial priority is related to organisational identity

• What are we trying to prove?

How can credentials solve the issues with communications, how can they be structured and how can we trust them

Next steps

• Form working group and encourage participation: 2 weeks
• Kick off: 1 month
• Publish action plan scope for all 3 work streams: 3 months