top of page

Standardization of Breeder Documents - Part 3 "Trustframework and Policy"

By Stephan D. Hofstetter, Editor CEN prTS 17489-5, Delegated Expert SNV, Managing Partner SECOIA Executive Consultants AG


This topic will be introduced in three parts:

  • Part 1: Setting the scene. What are breeder documents, why are birth certificates especially sensitive and important breeder documents, and why it is necessary to improve the situation after having introduced highly sophisticated travel documents and border management systems.

  • Part 2: the standardization effort. What research led to the standardization effort and who is conducting this work. What has been defined to date with respect to technologies.

  • Part 3: Trustframework and Policy. The standard in development expands on a trust and policy framework. What are the elements and outlook.

PART 3: Trustframework and Policy

Human dimension of identity management

Each country’s identity management system also provides a framework for observing and protecting many of the human rights embodied in international declarations and conventions. Depending on the provisions in place, the system can ensure that citizens can exercise a wide range of rights, such as rights to property, privacy, freedom of movement and free choice of place of residence, as well as access to social services such as education, healthcare and social security. In states with more advanced technological infrastructure, population registration provides the basis for the establishment of a number of citizen-oriented computerized services, also known as e-services and e-government. Identity management is also central to prevention of discrimination in exercising guaranteed rights.

The identity management infrastructure provides the backbone for a functioning and viable state by securing civil, population and tax registers, as well other systems such as healthcare benefits, voter lists and the issuance of travel and identity documents based on verifiable identities. Such flaws may become visible during elections, where shortcomings in voter lists can affect confidence in the election process. In essence, a secure identity management system can be seen as the foundation, a root level, that is able to then feed into and help numerous other branches of key state services function effectively and accurately. (OSCE 2017, p13)[1]


Security dimension of identity management

One of the key elements of a secure environment for cross-border travel is that the travel documents used by visitors meet international standards in terms of security of the document itself and security in that the document must reflect the genuine identity of its holder. Similarly, the systems for issuing travel documents need to be linked to identity management systems to streamline decision-making processes, preferably through modernized systems that reflect developments in document technology. As entries in registers or officially issued identification documents provide access to specific services, criminal networks are constantly looking for possible gaps in identity management systems to obtain genuine documents under fabricated or stolen identities. Documents obtained as result of gaps in identity management have enabled criminals to target business entities and cause significant financial losses through the use of genuine documents issued to non-existent identities. (OSCE 2017, p14)[2]

Principle 1 of the ICAO TRIP Guide on Evidence of Identity is “The identity is genuine”. The supporting objectives are a) “To determine if the identity exists e.g., is not fictitious”, and b) “to determine the identity is a living identity”. The breeder document standardization, both technically and with its trust framework are in support of this principle.


Three main dimensions guiding the development of the trust framework and policy, Part 5

While parts 1-4 are mainly technical and normative, part 5 is more of a management system. Three hypotheses have driven the current direction:


Hypothesis 1: "A secure credential is worth little if the data is not reliable".

This rationale was explained in part 1 of this series as one of the driving forces behind secure travel documents. The building blocks for the standard are

  • Each data field must be clearly defined in terms of what it represents and how. This is critical to avoid misinterpretation or misalignment when it is used as a foundation document for other credentials.

  • The source of the data must be known and reliable. Often this can mean a whole chain of trust, ensuring that the sources of the source are also reliable.

  • The data must be verified by a trusted process;

  • The processes must be monitored and the defined rules enforced.


Hypothesis 2: "Informed trust develops on the basis of knowledge and shared values".

Civil registration is heterogeneous and potentially untransparent in terms of day-to-day interoperability. The building blocks of the standard are

  • Adequate transparency, while respecting sovereignty, security concerns and pragmatism, must allow verifiers, both within and beyond borders, to perform their due diligence without unduly scrutinising the presenter of the credential.

  • The ICAO Electronic Filing of Differences (EFOD) approach appears to be a widely accepted approach when adapted to this specific use case.


Hypothesis 3: “No entity can enforce a specific regulation or SOPs for Civil Registry on other administrations”

The International Civil Aviation Organisation (ICAO) is the only specialized United Nations specialised agency with the mandate and responsibility to mandate and responsibility to establish, maintain and promote Standards and Recommended Practices (SARPs) for the issuance and the issuance and verification of machine-readable travel documents and related border control processes. While in the past ICAO has focused on the physical security of travel documents, under the new the new Traveller Identification Programme (TRIP) strategy, ICAO's mandate has expanded to include traveller identification. ICAO is now focused on ensuring a holistic and coordinated approach to approach to traveller identification - from document issuance to border to border control systems. ICAO's objective is to improve the level of security and integrity of the security and integrity of Evidence of Identity (EOI) processes across the travel document and border control management continuum.

However, ICAO's mandate does not extend to such a normative dimension for breeder documents as it does for travel documents. Similarly, CEN's mandate is very limited in this respect and the working group is very conscious of respecting the sovereignty of administrations. The building blocks of the standard are therefore

  • Provide a normative process for the development and review of the system (inspired by ISO 900x / 2700x);

  • Provide informative criteria for good practice.

Topics covered

The master plan below was used to select the topics. It starts with system migration from a legacy system to a new CR system or CR management. In addition to the actual registration processes, special emphasis is placed on the verification of data and the authentication of documents used to create a new breeder document (e.g. the ID cards of parents and doctors/midwives when registering a newborn). Supporting activities related to human resources (HR), archiving and facilitating interoperability - especially in cross-border use cases - are also covered.

Thus, the current draft includes these general recommendations on issuance and operational procedures. The scope, order and wording are not final and contributions are welcome (see the last paragraph of Part 2 of this article for guidance on how to contribute):

  • Logistical Aspects       

  • Human Resources      

  • Technical controls and system migration         

  • Distribution of secure public keys & systems access    

  • Civil Registration (Newly born) 

  • Civil Registration (other)           

  • Content update of data-entries 

  • Reissuance of birth certificates 

  • Issuance Process        

  • Coding; Transcribing of eastern / western names and character sets

  • Validity of document    

  • Vetting of data 

The process of reviewing and developing the CR system and CR management

For each topic, numerous aspects are detailed and formulated as objectives and recommendations. The competent bodies that have decided to comply with the future standard will have to assess all these objectives and take into account the recommendations (normative act) (see below a provisional extract from the draft).

However, they remain free to decide to implement any of the recommendations or even to deviate from the objective. The process only requires that the decision is recoded and that an internal justification is given (O.R. = objective and one of the recommendations is accepted; O.X.: = objective is accepted but own implementation is chosen; X.X. = objective and recommendations are rejected).

In addition, the status of implementation is recorded and taken into account for reporting purposes.

Information & Reporting process

Following the above process of reviewing and developing the CR system and CR management, and in response to hypothesis 2, reporting and information sharing is regulated. There are two basic options:

  • "Declaration of Implementation" (DOI)

  • "scorecard"

The DOI is a detailed and transparent exchange of information. Essentially, it consists of the disclosure of the above checklist and comments to parties selected to be informed in this way. This means that third parties will have a solid insight into the management system and will be able to make a much better and fact-based assessment of how to deal with persons presenting documents issued under this policy. It is very similar to the ICAO Electronic Filing of Differences EFOD, with the key difference that the authority does not upload the data to a central organisation. Instead, it can choose to share the information on a case-by-case basis, just as it shares new specimen travel documents.

The second option, the 'scorecard', is a calculated scorecard for each of the twelve main themes mentioned above. A score is calculated on the basis of the decision to implement a topic, following the recommendations and the status of implementation. The lowest scores are given for not following the objectives and recommendations, and the highest scores are given for adopting the objectives, following the recommendations and actually implementing the system. This provides a general understanding of the status of implementation of the Master Plan.


While Part 1 has been published, Part 2 is about to be published. Part 5 is expected to be published in 2025, with some public consultation still to take place. Parts 3 and 4 are in the early stages.

Again: Contributions are welcome, as described in the second part of this series.

[1] OSCE/ODIHR, 2017, Compendium of Good Practices in Identity Management in the OSCE Region, Warsaw

[2] OSCE/ODIHR, 2017, Compendium of Good Practices in Identity Management in the OSCE Region, Warsaw



bottom of page