National ID
Why integrate OpenCRVS with National ID?
Civil registration provides the source of truth for any vital event that occurs in a country. Civil registration can inform a National ID system when a birth occurs and therefore instigate the generation of a National ID for the child at birth. At the point of death, a civil registration system can inform the National ID system that the person is deceased, thus preventing fraudulent usage of a National ID of a deceased person.
The partnership of Civil Registration and National ID is what collectively constitutes the foundational identity infrastructure of a nation.
Bridging the Identity Gap: Integrating Civil Registration and National Identity Systems
Which National ID systems can OpenCRVS interoperate with?
OpenCRVS is agnostic regarding which National ID system it integrates with. This section is first organised around the main business use cases.
As of OpenCRVS v1.8.0, OpenCRVS has a production ready integration library dedicated to interoperating with MOSIP and E-Signet, fellow OpenSource Digital Public Goods. A dedicated section exists that builds on the same agnostic integration points specifically for integrating with MOSIP.
In the past, OpenCRVS has delivered proof-of-concept (not production ready) integrations with INGroupe and OSIA standard National ID systems
Existing National ID integration functionality
Currently OpenCRVS supports the following default National ID integration functionality:
Authenticating and verifying the identity of informants and parents during the event application process both offline and online.
Configurable rules to determine whether or not a civil registration event should or should not integrate with a National ID system at the point of registration.
Integration with a National ID system at the point of registration synchronously and asynchronously
π Recommendations on Key Scenarios
1. β°οΈ Death Registration & ID Deactivation
𧩠Scenario / Issue
A death is registered in OpenCRVS and triggers interaction with the national ID system regarding the individualβs identifier.
β οΈ Risks
Immediate ID deactivation may disrupt access to essential services for surviving family members (π¦ banking, π° benefits, π₯ healthcare).
Downstream systems may act automatically without context or grace periods.
Loss of trust if families experience sudden service denial following death registration.
β
Recommendations
β Do not automatically deactivate IDs upon death registration.
π© Use a death flag or status indicator shared with the ID system.
β³ Leave final action (timing and service impact) to relying parties, with clearly defined grace periods and policies.
π’ Treat death registration as a notification, not an automatic enforcement trigger.
2. πΆβ‘οΈπ§ Updates to Registered Data (Infant vs Adult)
𧩠Scenario / Issue
Civil registration data changes are requested after initial registration (e.g. name corrections, parent details).
β οΈ Risks
Silent updates to adult identity records can cause mismatches with banks and other relying parties.
Updates propagated without strong authentication undermine identity assurance.
Loss of traceability of changes over time.
β
Recommendations
π Clearly distinguish between:
πΆ Infant updates (pre-biometric)
π§ Adult updates (post-biometric)
β Allow OpenCRVS-driven updates only for infants where biometrics are not yet captured.
π Route adult updates through the national ID system using higher-assurance authentication.
π Maintain full audit trails for all updates.
3. π Fetching Demographic Data Without Authentication
𧩠Scenario / Issue
A civil registration office or system requests demographic (biographic) data from the ID system using only an ID number, without authenticating the individual.
β οΈ Risks
No assurance that the person present is the individual whose data is being fetched.
Risk of fraud or misattribution (e.g. incorrect parents linked to a child).
Normalisation of data sharing without consent or verification.
β
Recommendations
π« Do not allow demographic data retrieval without prior authentication and consent.
π Authenticate first (e.g. via eSignet), then return approved attributes for pre-population if needed.
ποΈ Restrict unauthenticated access to exceptional, high-assurance government use cases only, with strong governance.
π§ Make the authentication step explicit in both system design and user messaging.
4. 𧱠Size & Purpose of the ID Schema
𧩠Scenario / Issue
Countries decide how many attributes are stored in the ID system, ranging from minimal identifiers to extensive personal profiles.
β οΈ Risks
Large schemas blur the line between an ID system and a population register.
Increased privacy and data-protection risk due to data concentration.
Greater complexity and tighter coupling with downstream systems, making future change harder.
β
Recommendations
π― Keep the ID schema as minimal as possible, aligned with identification and authentication needs.
π Treat civil registration systems as the source of truth for life events.
π Avoid duplicating detailed civil registration data inside the ID platform.
ποΈ Be explicit about architectural intent: Identification service vs population register.
5. πΌπ Printing a National ID on Birth Certificates
𧩠Scenario / Issue
Countries request that a national identifier (UIN or VID) be printed on birth certificates.
β οΈ Risks
Over-exposure of foundational identifiers, increasing privacy and misuse risk.
Confusion between the purpose of a birth certificate (proof of birth) and an ID credential.
Long-term rigidity if identifiers or policies evolve.
β
Recommendations
β Do not print a national ID by default on birth certificates.
π€ Only consider printing an identifier where a clearly defined use case cannot be met otherwise (e.g. health or social protection).
π Prefer indirect linkage (e.g. Birth Registration Number linked internally to the ID system).
π‘οΈ If printing is unavoidable, prefer revocable or masked identifiers over permanent UINs.
6. ππ« Offline Operation & Authentication Limitations
𧩠Scenario / Issue
Civil registration is conducted offline (especially in remote settings), without real-time authentication or biometric verification.
β οΈ Risks
Lower assurance of identity at the point of registration.
Inconsistent handling between offline and online registrations.
Misaligned expectations of what offline workflows can safely support.
β
Recommendations
π£ Be explicit about assurance limitations in offline workflows.
π Treat offline operation as temporary or contextual, with reconciliation once connectivity is restored.
π§ Avoid extending offline workflows to high-risk identity actions (e.g. adult updates).
π£οΈ Clearly communicate roadmap limitations and future enhancements.
Last updated