Next steps towards regulating digital identity providers unveiled
The Bermuda Monetary Authority has released a second consultation paper outlining its proposed framework for regulating digital identity service providers, part of an ongoing push to modernise how residents verify their identities in an increasingly digital world.
The new paper details how the BMA intends to license and supervise private companies that issue and manage digital IDs in Bermuda.
It proposes three classes of licences: Class F (Full) for providers conducting the full suite of identity services, Class M (Modified) for those with limited or transitional operations and Class T (Test) for pilot or experimental programmes.
Under the draft framework, providers would be required to maintain minimum capital levels ranging from $10,000 to $100,000, submit regular compliance reports and establish a local presence with a senior representative on island.
They would also need to implement robust cybersecurity policies and file annual certificates of compliance with the regulator.
To ensure accountability, the BMA is proposing oversight powers that include the ability to suspend or revoke licences, issue civil penalties of up to $10 million and require notification of significant events such as shareholder changes or data breaches.
The paper places strong emphasis on consumer protection and data integrity, aiming to ensure that personal information is managed with good governance, financial backing and technical safeguards.
The consultation follows the BMA’s earlier proposal in November 2024. Stakeholders and members of the public are invited to respond by September 2.
The BMA wants locals to authenticate themselves using a trusted digital repository, instead of repeatedly showing passports and utility bills. The Part 1 consultation tackled technical guardrails, cybersecurity and privacy.
Now, Part 2 digs deeper into real-world use, asking how users might control which personal details they share, how often and with whom.
It also explores potential pitfalls when identity providers outsource services and how the BMA would maintain oversight.
Global regulators — such as Britain’s Digital Identity and Attributes Trust Framework — are already rolling out private-sector digital ID schemes, and the BMA said that the Disp framework is aiming to boost trust and efficiency across banking, investment and government services.
• For the full consultation paper, see Related Media
You must be Registered or to post comment or to vote.
