Welcome to Onfido’s Policy Corner, your regular briefing on key global policy updates from the world of digital identity, AI, and data privacy.
First, let’s dive into a few significant Onfido announcements in the last few weeks. Onfido has acquired Airside, the leading innovator in user-controller digital identity, providing better experiences to millions of travelers on the world’s largest airlines. Read more in our blog about how the partnership is forging the future of digital identity and in Airside's announcement. Across the Atlantic, we are now ETSI certified – demonstrating the strength of Onfido’s identity proofing solution in Europe and offering our customers alignment with EU regulations, interoperability and enhanced security and trust. Learn more here. We have also released a new white paper on KYC in the EU, walking you through the regulations and standards that impact KYC, what the future has in store, and key considerations for businesses conducting KYC now.
In addition, the World Economic Forum released a new white paper on reimagining digital identity focusing on user-controlled decentralized identities that you can read here.
AI Taskforce: The UK Government has announced £100 million of funding for AI taskforce, which is tasked with leading the development of “safe and trustworthy AI.” The Department for Science, Innovation and Technology (DSIT) said that the funding would be earmarked to ensure sovereign capabilities and broad adoption of safe and reliable foundation models. The first pilot programs are expected to be launched in the next six months.
AI international summit: PM Sunak has announced that the UK will host a summit of “like minded countries” on the future of AI later this year. This is another step in the UK asserting its leadership in the tech space and trying to position itself as a middle of the road between the EU and US approaches.
Cybersecurity: The EU Cybersecurity Agency (ENISA) is finalizing a draft certification scheme on cybersecurity requirements for cloud companies. This will be a quasi-voluntary scheme for cloud service providers to be certified against. The latest draft has four assurance levels (basic, substantial, high, high+), the highest of which includes rules preventing a cloud service provider from being controlled by a non-EU entity. Meeting a high+ level of certification would be required for data related to secrets protected by law, for instance deliberations of Government or issues of national defense, as well as data necessary to achieve essential State functions such as maintaining public order or protecting human life and health.
Crypto regulation: The SEC has stepped up its enforcement of crypto with two lawsuits within two days. Meanwhile, Chairman McHenry (House Financial Services Committee) and Chairman GT Thompson (House Agriculture Committee) have introduced legislation giving the SEC and the Commodities Future Trading Commission joint responsibility to regulate digital assets - but at this point House Democrats have not joined the effort. A useful recap of the current state of play can be found here.
NIST mDL project: NIST’s National Cybersecurity Center of Excellence released the final project description for their “Accelerate Adoption of Digital Identities on Mobile Devices” project. They will be publishing a call for interested participants in the Federal Register and selecting on a first-come basis.