This is the asynchronous discussion forum for Week 1 of the Governance Consultation. Make sure you "Join" the consultation through the main page (if you haven't) to receive the calendar invites of the four weekly live discussions. 

We will leave all asynchronous discussion forums open throughout the consultation and welcome comments anytime. However, our moderators will only be able to provide dedicated moderation following the specified timeline of each discussion forum. 

Week 1: Objectives and Principles  

  1. What should be the scope of governance for a global trust network of immunization certificates? 
  2. What should be the scope of governance for a global trust network in response to emergency preparedness?
  3. What goals/outcomes do we need to achieve through governance?
  4. What are the overarching principles that should guide governance? 

Week 0 Session Recording and Chat


Week 1 Session Recording and Chat


Return to the main consultation page for background information or go to Governance Consultation: Week 2.

Comments (11)

Lucy Yang
Lucy Yang Moderator

Hi Supharerk,

Thank you for the question and comment. You brought up a very good point! I know that many are looking into the current use of vaccination outside of COVID-19 by leveraging the digital infrastructure already built for COVID-19.

My takeaway from your question is that as part of the scope of governance, we should be defining what type of "services" need to be included on a global trust network of immunization certificates. You provided great references for further discussions. 

Also, since many have done it for COVID-19, do you think that we can expand from COVID-19 to vaccination or immunization certificates and then further break down vaccination or immunization certificates into emergency scenarios and non-emergency scenarios? 

Looking forward to your further thoughts or anyone else's take.

Supharerk Thawillarp
Supharerk Thawillarp

Yes, I think it's possible.

For example, EU DCC that several countries participated.

The infrastructure is there. 

If we can leverage current EU DCC infrastructure, I think it's very likely as it's just switch from COVID-19 vaccine/lab/recovery to non-COVID-19. Without starting from scratch, keeping the implementation cost low.

However, there's an issue in terms of the governance as I'm not sure whether we will have the geopolitics issue with the name "EU" DCC so that's an open question left for answer.

May be we can switch to WHO governing body instead or etc.

Lucy Yang
Lucy Yang Moderator

Supharerk Thawillarp 

Hi Supharerk, thank you for the thoughts! The underlying thesis of our Regi-TRUST project is that we will see different technical infrastructures implemented within different governance frameworks whether it is for COVID-19 certificates or immunization certificates in general, because we live in a diverse world with diverse needs and realities. 

As many are now expanding from COVID-19 to other vaccination/immunization certificates, we expect that the different existing infrastructures, such as the EU DCC, will be leveraged for further use. We build Regi-TRUST's "network of networks" model to facilitate discovery, recognition and validation of the disparate ecosystems of vaccination/immunization certificates that follow different technical and/or policy frameworks. The underlying technology of Regi-TRUST can work with EU DCC's technical infrastructure as well as any others' existing infrastructures, but the "how to work with" part needs to be further defined through governance discussions. This week we are aiming to address the scope, goals and principles of governance, and will get to the critical "who should govern and operate" question next week. 

Would love to hear more thoughts from you regarding how you see the existing ecosystems expand their scope of services beyond COVID-19 certificates and what governance needs to be in place for them to interact in a coordinated manner on a global 'network of networks'.

Lucy Yang
Lucy Yang Moderator

Hi everyone, welcome to the Week 1 Discussion of the Regi-TRUST Governance Consultation. Excited to see that we are having an increasing number of participants and the discussion is already kicked off! 

For those of you who are new to the project, we have added a short introduction video on the main consultation page. Any new participants to the group will be added to the calendar invites of our weekly live discussions (on Thursdays) within 24 hrs upon joining.

We look forward to engaging with you in the coming weeks! 

Lucy Yang
Lucy Yang Moderator

Hi all, we had a great live discussion of 20+ participants today! Recording and chat were posted in the main description above. 

Below is a quick summary of main points covered and discussed: 

Regi-TRUST project overview 

  • Evolution of the Project: From a COVID-19 certificate technical project addressing interoperability challenges to a digital trust infrastructure project for discovery and validation among digital ecosystems operating under different schemes. 
  • Targeted Pilot Partners: Those already have some kind of infrastructure for COVID-19 certification but are not limited to it (either already have a bigger scope or looking to expand)
  • Roles of UNDP: Infrastructure development and implementation/operationalization support. Work in the health domain is done to better support the WHO efforts
  • Others: Broad applicability, project roadmap, network of  networks model - Please see the introduction video and slides on the main page for more information . 

Goals/Outcomes of Governance

  • Facilitate and enable COVID-19/immunization certificate ecosystems operating under different schemes to achieve recognition among each other to the maximal extent 
  • Even when a network of networks is aimed to be open to anyone, what will be the rules to allow an entity to enter the network? The goal of the governance is to establish these rules.

Scope of Governance

Some relevant questions/comments raised: 

  • We need to understand the current practices of potential major participants and find alignments and common grounds.

  • Who asked for a Regi-TRUST-enabled network and why someone will use it?

  • What is the need for validation of routine immunization?

  • Should we have different rules in place for routine immunization and emergency scenario? Is there supposed to be more flexibility when it comes to emergency scenarios? 

Principles of Governance 

Some of the key principles mentioned include

  • Openness/Inclusiveness: Open to and inclusive of as many players as possible
  • Decentralization: Collaborative governance vs. one governing entity that defines and enforces rules by itself
  • Equity: Take into considerations the different realities and needs of different players/stakeholders/participants and establish rules that treat them in an equitable manner
  • Flexibility: Allow for different set of rules that apply to the different scenarios, e.g., emergency vs. routine scenarios

Please note that other than the Regi-TRUST project overview which is informational, the rest are all discussions (not definitive information). We will review the recording and add any key missing details before Monday. 

We invite you to continue discussions in the chat, sharing further thoughts, feedback and/or questions. 

Leslie Ong
Leslie Ong

Creating a global mechanism for health data sharing is critical for pandemic preparedness. But to enable continual sharing of data, as well as ensuring data quality and trust between entities, there is a need to ensure interoperability around common protocols, structures and definitions, A robust data governance framework across the data lifecycle is also important to ensure adequate protection of rights of individuals and patients, and the ethical use of the data

Implementing a health data governance system that is reliable and trusted may therefore require rigorous assessment of data practices across DigiTrust’s ‘network of networks’, to identify risks and mitigate potential harm to data safeguards.

On a related note - given the access RegiTrust will have to a large set of patient health data, how do discussants foresee the potential for DigiTrust to perform data analytics for insights related to health needs and challenges, which would be valuable in informing decision making around prioritization, resource allocation and pandemic preparedness.

Lucy Yang
Lucy Yang Moderator

Hi Les,

Thank you for a thoughtful comment on the important topic of health data governance. This could be a great discussion point under the "Scope of Governance". 

Regi-TRUST is designed to facilitate data exchanges and validation without necessarily having to access a large amount of personal data at the (meta) network level, but it is a matter of operational and governance decision for a particular "network of networks". Also, even if the (meta) network doesn't process personal health data, should its governance put some parameters for how participants and users are expected to deal with data coming from each other? 

Ciaran Carolan (ICAO)
Ciaran Carolan (ICAO)

Hi Lucy, taking up this discussion I think it important to separate governance of the Regi-TRUST network from governance of the health data ecosystem. For the former, there are decisions to be made around things like:

- who can add information to the network, and what are the on-boarding requirements and rules

- who can download information

- responsibilities of the network admin, data uploaders, data downloaders etc.


For the latter, one deals more with things like rules around whether data can be shared and under what conditions. These, I think, need to be more bilateral or multilateral in nature. Certain jurisdictions will require higher levels of data protection or privacy than others, for example, meaning internationally-applicable rules will be nigh-on impossible to devise. Aside from basic rules (e.g. any exchange of data must be based on an appropriate legislative framework) little more will be possible. And I think even these rules would be outside the scope of Regi-TRUST per se, and probably more for the likes of WHO.

Lucy Yang
Lucy Yang Moderator

Hi Ciaran, thank you for the clear separation! 

Yes, Regi-TRUST is designed for the former, so in general, having basic rules for data governance should be sufficient for the most common use cases. Some networks may decide to use Regi-TRUST in non-conventional ways or extend their operations to process personal health data that require more complex rules, but that may not be typical scenarios we need to address within the scope of Regi-TRUST. 

Lucy Yang
Lucy Yang Moderator

Hi all, we have extended the Week 1 discussion to two weeks, so the upcoming live discussion on March 2 will still be focusing on the goal(s), scope and principles of governance for a Regi-TRUST enabled 'network of networks' for COVID-19/immunization certificates. 

Our team has summarized the existing discussions and put some further thoughts into the topics in this collaboration document. Please feel free to add, suggest or comment directly in the document. We look forward to fleshing it out more with you this week.

Please log in or sign up to comment.