Introducing the vLEI Ecosystem Governance Framework
The Global Legal Entity Identifier Foundation (GLEIF) has published the verifiable LEI (vLEI) Ecosystem Governance Framework based on the Trust over IP Governance Metamodel. The vLEI Ecosystem Governance Framework, which has been designed from the ground up to complement GLEIF’s existing LEI governance, defines the vLEI operational model and describes how the new digital trust ecosystem’s range of vLEI issuing stakeholders will qualify for and perform their roles in the Global LEI System.
A year in the making, the Framework has been created in full accordance with standards and recommendations of the Trust over IP Foundation, hosted by the Linux Foundation. It is the most comprehensive Governance Framework developed based on the ToIP Governance Framework Meta-model.
The Framework provides essential detail on the governance structures and processes that will shape the development of the vLEI ecosystem together with the services that GLEIF will provide, including the vLEI Qualification Program, essential key and credential management services, and a communications platform for information sharing between GLEIF and its network of vLEI issuers.
The documents of an Ecosystem Governance Framework are comprised of a Primary Document, one or more Controlled Documents (separate supporting documents focusing on dedicated topics for the Framework), and the Identifier and Credential Governance Frameworks.
Summary of Change History of vLEI Ecosystem Governance Framework
|EGF Version||Document Name||Document Version||Document Version Date|
|1.0||Primary Document||1.1||August 30, 2023|
|GLEIF Identifier Governance Framework||1.0||December 16, 2022|
|Qualified vLEI Issuer Identifier and vLEI Credential Governance Framework||1.2||August 30, 2023|
|Legal Entity vLEI Credential Governance Framework||1.1||August 30, 2023|
|Qualified vLEI Issuer Authorization vLEI Credential Framework||1.1||August 30, 2023|
|Legal Entity Official Organizational Role vLEI Credential Framework||1.1||August 30, 2023|
|Legal Entity Engagement Context Role vLEI Credential Framework||1.1||August 30, 2023|
|Technical Requirements Part 1: KERI Infrastructure||1.1||April 3, 2023|
|Technical Requirements Part 2: vLEI Credentials||1.0||December 16, 2022|
|Technical Requirements Part 3: vLEI Credential Schema Registry||1.0||December 16, 2022|
|Glossary||1.2||August 30, 2023|
|Business Requirements||1.0||December 16, 2022|
|Governance Requirements||1.0||December 16, 2022|
|Trust Assurance Framework||1.2||August 30, 2023|
|Risk Assessment||1.1||April 3, 2023|
|Information Trust Policies||1.0||December 16, 2022|
|vLEI Issuer Qualification Agreement||1.1||August 30, 2023|
|Appendix 1: Non-disclosure Agreement (NDA)||1.2||August 30, 2023|
|Appendix 2: vLEI Issuer Qualification Program Manual||1.1||August 30, 2023|
|Appendix 3: vLEI Issuer Qualification Program Checklist||1.3||August 30, 2023|
|Appendix 4: vLEI Issuer Contact Details||1.1||August 30, 2023|
|Appendix 5: Qualified vLEI Issuer Service Level Agreement||1.2||December 16, 2022|
|Appendix 7: Qualified vLEI Issuer – Legal Entity Contract Terms||1.1||August 30, 2023|
The primary document is the master document for the Framework. GLEIF suggests that the Primary Document is an excellent place to start when reading the Framework.
Documents for the vLEI Issuer Qualification Program
There are several Controlled Documents that are dedicated to the roles and responsibilities of Qualified vLEI Issuers. These documents are part of the Legal Agreement section of the Framework. The main legal document is the vLEI Issuer Qualification Agreement, to which there are seven appendices.
The complete set of documents for vLEI Issuer Qualification can be accessed through the following link.
Identifier and Credential Governance Frameworks
The Identifier Governance Framework focuses on GLEIF’s Autonomic Identifiers (AIDs). Each vLEI Credential has its own Credential Governance Framework, one for each of the four types of vLEI Credentials. These Frameworks include policies and requirements for the issuance, verification, and revocation of each vLEI Credential, as well as the fields contained in each Credential, with a link to the technical schema.
A document that details the purpose, principles, policies, and specifications that apply to the use of the GLEIF Root Autonomic Identifier (AID) and its GLEIF Delegated AIDs in the vLEI Ecosystem.
The document is the authoritative Governance Framework for the Qualified vLEI Issuer Delegated AIDs and the vLEI Credential (Qualified vLEI Issuer vLEI Credential). It specifies the purpose, principles, policies, and specifications that apply to the use of the Qualified vLEI Issuer Delegated AIDs and the QVI vLEI Credential in the vLEI Ecosystem.
A document that details the requirements for a vLEI Credential, the entity level vLEI Credential issued by a Qualified vLEI Issuer to a Legal Entity.
A document that details the requirements for the Qualified vLEI Issuer Authorization vLEI Credential which enables simple, safe, secure instruction and authorization by a Legal Entity Authorized Representative (LAR) sent to a QVI for the issuance and revocation of vLEI Role Credentials.
A document that details the requirements for vLEI Role Credentials issued by a Qualified vLEI Issuer to official representatives of a Legal Entity.
A document that details the requirements for vLEI Role Credentials issued to representatives of a Legal Entity in other than official roles but in functional or other context of engagement. These vLEI Role Credentials can be issued and revoked by a Legal Entity itself, or a Qualified vLEI Issuer can provide these value-added services to a Legal Entity.
Remaining Controlled Documents
A document that lists all defined terms have been referenced in the Framework documents.
A document that assesses certain risk categories regarding the operation of the vLEI Ecosystem and Infrastructure. Although for purposes of the Framework, the Risk Assessment is a separate document, responsible managers within GLEIF will manage these risks as part of the GLEIF risk register.
Trust Assurance and Certification
This document focuses on the ‘MUST’ statements within the other Framework documents and specifies the services/processes that will be used to evaluate compliance with these statements.
This document specifies the governance of GLEIF in its role in the Global LEI System including the the regulatory oversight of GLEIF by the Regulatory Oversight Committee. Every LEI must be managed according to this governance which places GLEIF in the management role for the Global LEI System.
This document specifies certain business requirements for the vLEI services of GLEIF and Qualified vLEI Issuers (QVIs).
There are three separate Controlled Documents for the Framework’s Technical Requirements, with self-explanatory titles.
Information Trust Policies
This document defines the information security, privacy, availability, confidentiality, and processing integrity policies for the Framework.
The Ecosystem Governance Framework will be maintained by GLEIF and reviewed for revision at least once a year.