The combination of LEIs and official organizational roles within digital ID credentials promotes greater trust in the authenticity of an entity’s authorized representatives, enabling new digital identity management use cases

A newly published ISO standard, ISO 5009, has the potential to extend the utility and value of Legal Entity Identifier (LEI)-based digital identity tools, by facilitating inclusion of ‘official organizational role’ detail within them, in a consistent manner.

ISO 5009 paves the way for these tools – such as verifiable LEI (vLEI) credentials and digital certificates with embedded LEIs – to become a universally trusted method of digitally confirming the authenticity of people authorized to act on behalf of an organization. Irrefutable confirmation of this authenticity - a person’s name and official role - is critical when sensitive business activities are performed digitally, such as the remote approval of transactions, or e-signing contracts.

Published in February 2022, ISO 5009 permits global uniformity of the listing of official organizational roles by jurisdiction in a structured way. This means that roles of persons acting officially on behalf of an organization may be specified by a legal entity and incorporated into existing and future digital assets leveraging the LEI.

There are currently two types of LEI-based digital assets:

• The vLEI is a digitally trustworthy version of the 20-digit LEI code which is automatically verified, without the need for human intervention. Once a legal entity has obtained its vLEI, it can proceed with the issuance of additional vLEI credentials to authorized members of the organization. The vLEI wraps the LEI, a person’s name, and their role inside a cryptographically secure organizational credential, enabling each component to be verified digitally. With ISO 5009, official organizational roles can be represented in vLEI credentials in a standard way.
• Digital certificates with embedded LEIs. The ISO 5009 standard can be used to specify in a standard way the optional Role extension contained in X.509 public key certificates with embedded LEIs, as outlined in ISO 17442.

The development of the ISO 5009 standard was initially proposed by GLEIF to bring clarity and structure to the role information held in both of these LEI-based digital tools. As an active participant of ISO/TC 68, GLEIF led the development work. The ISO technical management board assigned the Maintenance Agency to the Swiss Association for Standardization (SNV), which passed its responsibilities to GLEIF. Therefore, GLEIF will remain closely involved in the management of the operations of the ISO 5009 going forwards, as the operational Maintenance Agency for the standard.

“The Official Organizational Roles standard (ISO 5009) builds upon the successful LEI (ISO 17442) in both governance and functionality. ISO 5009 has a myriad of uses related to corporate governance and reporting that up until now were not adequately being addressed. Both ISO TC 68 and overall society greatly benefit from the leadership of GLEIF,” explains Jim Northey ISO TC 68 Chair and Non-executive Director, the FIX Trading Community.

Stephan Wolf, CEO from GLEIF comments: “In business and regulatory exchanges, it is important to confirm the official roles of people acting on behalf of organizations. In a digital context this can be challenging yet uncompromisingly necessary as we move towards creating and sustaining a digital global economy. For this reason, GLEIF has been committed to the realization of this ISO standard as it is a significant step forward towards addressing that challenge.

The publication of ISO 5009 is a standardization milestone that facilitates a universal approach to the inclusion of official organizational role information in digital ID credentials. This will make it far easier – and perhaps more widely expected - to include role related data in these credentials thanks to a consistent approach. In time, this has the potential for LEI-based digital ID tools to become more widespread thanks to their extended utility; not only can they verify the identity of a legal entity, but they can also verify the identity of that legal entity’s representatives in official organizational roles.”

In February 2022, GLEIF published a vLEI Ecosystem Governance Framework, together with a technical supporting infrastructure. For more information on that announcement and the concept of the vLEI itself, please visit the GLEIF website.