Governance

Governance Framework

SevisPNG operates under a comprehensive governance framework established by DICT. Trust, legal, commercial, and technical policies are embedded at the infrastructure level.

Framework Pillars

Four interconnected pillars form the foundation of SevisPNG governance.

Trust Framework

Defines the rules for identity assurance levels, credential types, and verification requirements.

  • Four-tier identity assurance model
  • Credential schema governance
  • Issuer and verifier requirements
  • Cross-border recognition policies

Legal Framework

The legislative foundation enabling digital identity and data exchange in PNG.

  • Digital Government Act 2022
  • National Data Governance & Data Protection Policy 2024
  • Constitutional privacy protections (Section 49)
  • APEC Cross-Border Privacy Guidelines alignment

Commercial Framework

Economic policies embedded at the infrastructure level via Trust Services.

  • Platform access fee structure
  • Transaction fee tiers by assurance level
  • Volume discount policies
  • RP onboarding requirements

Technical Framework

Standards and protocols that ensure interoperability and security.

  • W3C Verifiable Credentials
  • W3C Decentralized Identifiers
  • DIDComm v2 messaging
  • OIDC4VCI/VP protocols
View Technical Assurance Framework →

Trust Policies

Core policies that govern identity and credential operations in the ecosystem.

Identity Proofing

Requirements for verifying a person's identity before issuing credentials at each tier level.

Credential Issuance

Rules for who can issue which credential types and under what conditions.

Credential Verification

Requirements for verifiers including revocation checking and policy enforcement.

Data Minimization

Principle that only necessary data should be collected and shared for each transaction.

Consent Management

Requirements for obtaining and recording citizen consent for data sharing.

Audit and Accountability

Logging requirements and audit trail maintenance for compliance verification.

Legal Framework

The legislative foundation enabling digital identity in Papua New Guinea.

Digital Government Act 2022

Primary legislation establishing the legal framework for digital identity and government services.

Relevant Sections

  • Section 28: Central Electronic Data Repository
  • Section 31: Secure Data Exchange Platform

National Data Governance & Data Protection Policy 2024

Policy framework for data protection, privacy, and governance across government systems.

Relevant Sections

  • Once Only Principle
  • Data sovereignty requirements
  • Cross-border data flow rules

Constitution of Papua New Guinea

Constitutional protections for privacy and personal data.

Relevant Sections

  • Section 49: Right to privacy

Compliance Requirements

Requirements for different participants in the ecosystem.

For Relying Parties

  • Complete RP onboarding process with DICT
  • Deploy and maintain LORA adapter
  • Implement required security controls
  • Maintain audit logs per retention policy
  • Report security incidents within 24 hours
  • Undergo annual compliance review

For Credential Issuers

  • Register as authorized issuer with DICT
  • Use approved credential schemas
  • Implement identity proofing per tier requirements
  • Maintain revocation capability
  • Sign credentials with registered keys
  • Report credential revocations promptly

For Verifiers

  • Request only necessary claims (data minimization)
  • Check credential revocation status
  • Verify issuer authorization
  • Log verification events
  • Respect citizen consent choices
  • Protect received personal data

Governed by DICT

The Department of Information and Communications Technology sets and enforces all governance policies for the SevisPNG ecosystem.

DICT responsibilities include setting the trust framework, managing RP onboarding, overseeing SevisTrust infrastructure, establishing commercial policies, and ensuring privacy and data protection compliance.

Contact DICT
DICT

Department of ICT

Government of Papua New Guinea

Data Protection

Privacy and data protection are embedded in the ecosystem design.

Privacy by Design

Built into every component

Selective Disclosure

Share only what's needed

Citizen Control

You own your data

Audit Trail

Full transparency

Questions About Governance?

Contact DICT to learn more about governance requirements, compliance processes, or to request additional documentation.

Contact DICTPrivacy Policy