Limitations on Commercial Activities

Context

The Digital Trust Laboratory of Canada (“DTLab”) is a Canadian federal Non Profit organization dedicated to strengthening cybersecurity by advancing safe and seamless digital credentials. DTLab believes that the best solutions will require a collaborative approach with multiple participants across the economy and is committed to facilitating just that through co-created projects in the following five impact areas:

  1. Promote a better understanding of safe, seamless and secure digital identity and credentials.
  2. Develop talent and capacity in digital identity and credentials across Canadian society.
  3. Promote digital credential issuance and onboarding processes that are effective, efficient and inclusive.
  4. Ensure interoperability so digital credentials work across Canada and internationally.
  5. Facilitate the growth and effectiveness of a community equipped to verify digital credentials.

In order to preserve its role as a trusted and neutral third party in the digital ID ecosystem, it is important for DTLab to not engage in commercial activities that would endanger its ability to fulfil its role. At issue in this policy are commercial activities for which DTLab shall not engage in and other commercial activities for which Management may engage in provided it obtains prior authorization from the Board of Directors.


Objective

The objective of this policy is to describe prohibited commercial activities, commercial activities requiring prior permission from the Board of Directors and commercial activities that are allowed.


Application

This policy is adopted under the authority of the Board of Directors of DTLab and applies to the  activities of DTLab and any services it provides.


Policy Statement

Prohibited commercial activities. DTLab shall not:

  1. Act as a reseller of Digital ID solutions, receive commissions, royalties or any other financial benefit directly resulting from sales made by members or clients of DTLab;
  2. Develop commercial digital ID solutions with the intent to sell those solutions;
  3. Provide recommendations about which digital ID related solutions to procure or implement;
  4. Provide recommendations on the necessary corrective action to take in relation to a certification scheme nonconformity when the formal nonconformity finding has been established under an assessment services engagement at DTLab.

Third-Party Service Provider. By exception to the previous prohibition and in situations when a RFP requests that a bidder obtain third-party certifications or assessments, validations as part of the deliverable, or hosting a reference implementation, DTLab may participate, but only if all the following conditions are met:

  • DTLab shall refuse bidder requests to enter into any exclusivity agreement; and
  • DTLab shall offer the exact same service at the same price, terms & conditions to all other companies in relation to the same procurement process.

Peripheral activities. In situations where a public or private sector organization approaches DTLab and requests DTLab to offer or complete peripheral activities, an ordinary resolution of the Board of Directors shall be obtained before the execution of any Agreement to that effect. The Directors representing the private sector category of members shall abstain from voting on this resolution.

  • Definition: a peripheral activity is an activity not prohibited under this policy that falls outside the scope of DTLab activities listed under the “Context” section at page 1 of this policy.  For the purpose of this provision, a “peripheral commercial activity” is an activity that does not fall in the scope of “DTLab Activities” as listed in the next section of this policy.

Scope of Approved Activities

The scope of the approved activities for DTLab includes:

Facilitated outcome DTLab Activities
Generation of public benefits through co-created projects involving at least one impact area
  • Receipt of projects suggested by the DTLab team or by external contributors
  • Proactive search for participants in co-created projects submitted to DTLab
  • Delivery of projects approved by the steering committee in “design thinking” and “agile development” modes
  • Delivery of public benefits in the form of content and platforms usable without royalties to DTLab
Awareness, Education & Training
  • Promote a better understanding of safe, seamless and secure digital identity and credentials.
  • Capacity building in the digital identity and credential space through 1) training, 2) a Digital Trust Acceleration Program combining our digital credential learning path with a gap assessment, and 3) program guidance to guide organizations’ journey
Development of digital ID assessment tools & frameworks
  • Supporting the development of digital ID related standards, assessment, tools and reference assessment frameworks provided this support cannot reasonably be characterized as DTLab favoring a standard or assessment framework over another.
  • Supporting digital ID related communities of support and open source projects
Discovery
  • Hosting of digital ID related solutions and components (always excluding production data) into the Lab’s sandbox infrastructure.
  • Maintaining a catalogue of sandboxes available at the Lab.
Experimentation
Integration
Quality Assurance
  • Providing a dedicated technology environment to Lab subscribers enabling them to easily have access to  “private sandboxes” for the purpose of experimentation, integration, testing  and quality assurance.
  • Facilitating and conducting “use case experiments” leveraging existing digital ID solutions and components.
Assessment
  • Offer assessment services that advance digital identity in areas such as usability, privacy, technical conformity and interoperability, based on the relevant frame of reference.

Publication

This policy shall be published on the website of DTLab.


Amendments to Policy

Amendments to this policy require an ordinary resolution of the Board of Directors.


Version & Change Table

Version Effective on Changes since last version
3.0 September 22, 2023 Replacement of “Laboratory” by “DTLab”

Various changes to the Policy to adapt it to the context of DTLab 2.0:

  • Modification of the “Context” and “Application” sections
  • Minor adjustments to the “Policy Statement” section
  • Modification of the table in the “Scope of Approved Activities” section:
    • Addition of a row for “Generation of public benefits through co-created projects involving at least one impact area”
    • Modification of the row “Awareness & Education”
    • Removal of the row “Trust” and replacement by the row “Assessment”
2.0 5 Nov 2021 Main changes in addition to editorial changes:

  • Introductory part of the Context section amended to reflect the current DTLab core focus (purpose and niche) and to reflect the new categorization of services of DTLab (education, assessment, advisory and sandbox services)
  • Addition of “Development of digital ID assessment frameworks” in Context section
  • Removal of footnote that added clarification with regards to the DTLab Sandbox Platform
  • Moved approved activities to a dedicated section titled “Scope of Approved Activities”
  • In the Scope of Approved Activities section, addition of “Development of digital ID assessment frameworks” row
1.0 1 April 2020 NA – first version.