A mark of trust — awarded to services formally accredited by DTI as verified partners for safe and secure data transfers.
The DTI Badge of Accreditation is awarded to all services that are listed on the Data Trust Registry. Holders of the Badge have been formally accredited by DTI as trusted partners for safe and secure data transfers, following a rigorous assessment against the Data Trust Registry Requirements for a given Trust Level. The Trust Level each service has been accredited for is indicated on the Badge.
Basic data-transfer verification
Enhanced security accreditation
Approved organisations with a public listing may display the Badge anywhere of their choosing on their own inventory, such as their website, app, or promotional materials. When the Badge is displayed in digital form, it must always include a link to the organisation's individual listing on the Registry.
An organisation's licence to hold or display the Badge will expire upon any substantive change to, or removal of, the organisation's listing in the Registry.
While each holder of the Badge has been accredited by DTI as a trusted data transfer partner, this does not reflect an endorsement by DTI of the service or its particular use case, nor does it equate to membership of the Data Transfer Initiative.
DTI is not a regulatory authority, and as such accreditation by DTI is not a substitute for, or proof of, legal compliance. Individual companies remain entirely responsible for their own compliance with existing laws in each jurisdiction of operation.
The Requirements for Accreditation and listing in the Registry are the practical implementation of DTI's Trust Framework.
At the heart of DTI's Trust Framework are the following five Trust criteria, designed in collaboration with industry, academics, and technical experts.
The Transfer Party must have a legal entity and legal representatives. They must be able to be authenticated during the setup of a data transfer, via known domain and service URLs that can be securely contacted and communicated with.
The Transfer Party's legal jurisdiction has laws and regulatory agencies that impact the security and privacy of user data transferred to or from the Transfer Party. Additionally, some compliance organizations can be opted into which then constrain the Transfer Party.
Data Security criteria are concerned with how the user's data is protected from unauthorized access, before, during or after a data transfer. Cybersecurity programs and related documentation can demonstrate data security practices.
A Transfer Party's use of data after acquiring it should be disclosed to users via appropriate transparency measures such as privacy policies, and Terms and Conditions from the service.
Transfer Parties should be able to demonstrate that their service authenticates users and receives informed authorisation from the user before transferring data in or out.
The Trust Criteria were developed to address the following threats associated with data transfers, which cannot always be prevented through technical means alone