On November 29th, at Think Digital Identity For Government 2018, Ubisecure’s CEO Simon Wood was interviewed on stage by Government Computing editor David Bicknell on the subject of what lessons the UK should learn from examples of international Digital ID success. In that session, Ubisecure raised a topic that seems less familiar than it should be in the UK – that of Legal Identity Identifiers (LEIs).
To aid community understanding of all our options around Digital Identity, we went back to Mr Wood to get more information. This is what he told us:
Hi Simon, thanks for helping us out like this. What are LEIs and why do they matter – they seem to you, as we we note you have this resource about them on your website?
From the GLEIF‘s website, we read that, “The Legal Entity Identifier (LEI) is a 20-digit, alpha-numeric code based on the ISO 17442 standard developed by the International Organization for Standardization (ISO). It connects to key reference information that enables clear and unique identification of legal entities participating in financial transactions. Each LEI contains information about an entity’s ownership structure, and thus answers the questions of ‘who is who’ and ‘who owns whom’. Simply put, the publicly available LEI data pool can be regarded as a global directory, which greatly enhances transparency in the global marketplace.”
We are approaching 1.5m to 2m LEIs issued; looking at the GLEIF site, the total issued so far is 1.32m. The UK is the largest driver of issuance, though the US is the country with largest amount issued. (You can see the stats here.)
Why do they matter?
LEIs provide a precise, globally unique identity of a legal entity (organisation). They are issued by LOUs who are accredited by the GLEIF and subject to yearly audit and monthly quality tests. LEIs can only be issued once the data is checked as valid, the existence of the entity has been confirmed, and the authority to requested has been validated. The GLEIF provides a free lookup of corporate data from LEI number giving global access to company data, and a precise understanding of accounting relationships between connected organisations.
OK, great, thanks. What is the mapping between what an LEIs does and, say, what eIDAS does?
You might also like
An LEI is a global, unique identifier for a company that has been verified to exist and has been issued at the verified request of the company itself. eIDAS provides a European interoperable individual identity; to quote from ICO, “Chapter II of the Regulation provides a framework which will allow European citizens to use electronic ID to access online public services in other EU member states by September 2018.” So eIDAS focuses on the identity of individuals (strictly citizens), whereas LEI provides an identity for organisations that is verified and globally meaningful.
What is the relationship if there is one between an LEI and a GOV.UK Verify?
Currently – none. LEIs came up in the session with GDS and The Cabinet Office at the conference when they were asked about the plans to link individual and organisational identity, and the response was that at this time they did not know how that would be achieved. However, our company provided such a system to the Finnish equivalent of HMRC in 2006 that provides just such a link.
Who should be tracking the LEI market most closely in the UK – the public sector or the IDP supplier market?
I would suggest both should be deeply interested. That’s because LEIs can streamline both national and international business, which should be of significant interest to the public sector, LEIs should form the basis of any platform that looks to link individuals and organistations together, and so should be of great interest to IDPs.
At the same time, such relationship assurance adds considerable value to use cases way beyond financial transaction assurance. Think of cases where the signatories of a digitally signed contract can have their right to sign verified against a global company identity database, for instance, or a platform that provides verification of individuals could be permitted to enter contracts, and approved transaction levels on behalf of their organisation. One can even foresee tying online identities, such used as in emails and websites, to verified organisations.
All of these use cases can be readily achieved with LEIs, so we expect service providers to also gain growing interest in the LEI market.
Thanks for taking the time to provide such a great overview – we’re sure everyone in the UK Digital Identity market will find it useful.