Legal Entity Identifiers Take Center Stage in New DigiCert Partnership

DigiCert and Ubisecure announce a new partnership to integrate LEIs and
digital certificates to increase security

Your organization’s online identity is everything — especially if you’re an ecommerce business or someone who handles online financial transactions. Not only is identity important to your reputation, but it’s essential for building trust with browsers and operating systems as well. This is why our latest news is important for all types of businesses and organizations — it’s all about the integration and use of something called a “legal entity identifier.”

DigiCert, the world’s leading provider of SSL/TLS, IoT and PKI solutions, announced on Tuesday a new partnership with Ubisecure, a digital identity service provider. More on both of these companies momentarily, but the big takeaway here is that they’re partnering to explore the use and benefits of integrating LEIs in digital certificates via Ubisecure’s RapidLEI platform.   

But before we can get into all of that — what exactly is an
LEI and what does all of this have to do with your business?

Let’s hash it out.

What is a Legal Entity Identifier and Why You Should Care

A legal entity identifier, more commonly known as an
LEI, is a way of uniquely identifying an individual (under specific conditions),
government institution, business or other types of business who engage in
financial transactions. It’s kind of like a tax ID or business ID in a sense —
but with one key difference. Most business IDs are specific to the region or
country the organization is located in. However, an LEI is unique globally,
meaning that organizations can easily use it when doing business
internationally. In a nutshell, this identifying information tells end users
who is who or what is what, and helps to prevent a heaping mess of collisions
and the confusion that come with them.

In a more technical sense, a legal entity identifier is a 20-character alpha-numeric code that’s used to identify global entities that engage in any type of financial transactions. The Global Legal Entity Identifier Foundation explains that the code is based on the International Organization for Standardization standard ISO 17442 and incorporates organization type and jurisdictional information. As an added bonus, it’s also endorsed by Group of Twenty (G20). At their core, LEIs offer standardized, consistent and reliable ways for organizations to assert their identities and ownership structures while also helping them to avoid the pitfalls of identity-based collisions.

LEIs were born out of the 2008 financial crisis that occurred more than a decade ago and are now recognized by 150 countries worldwide. In fact, the GLEIF reports that there are more than 1.5 million active legal entity identifiers around the world. The U.S. leads the way with more than 13% (204,445 LEIs) of all global LEIs. The second biggest user of LEIs include entities in the United Kingdom (9.5%, or 144,597) and Germany (8.3%, or 126,826).

What Are the Requirements for an LEI?

Public authorities around the world rely
on the LEI to evaluate risk, improve the accuracy of financial data, take
corrective steps and, if necessary, minimize market abuse. While the use of LEIs
is optional in some countries or specific applications, it’s mandatory in

According to the GLEIF:

It is important to distinguish between being eligible for an LEI and being required to have one. As defined in ISO standard 17442, any legal entity that enters into a financial transaction is eligible for an LEI. Any legal requirement to have an LEI will come from national financial regulators.”

For example, the following countries or
regions are just a few that have outlined some specific LEI requirements:

  • Argentina
  • Canada
  • European Union
  • Israel
  • Mexico
  • United Kingdom
  • United States

The Benefits of Using LEI

The LEI data available through the GLEIF data serves as a type of global searchable directory or accessible database of organizations. The goal? To help mitigate financial fraud risks and increase market integrity by providing on-demand. That’s because LEI issuers must not only verify an LEI recipient’s information but they’re also required to update records whenever there’s a change. And you don’t have to worry about the data becoming out of date from neglect or lack of updates because LEI data only has 12-month validity.

But what types of organizational information can be seen in the directory? For fun, let’s look at Google LLC’s LEI reference data as an example. (Yes, we have a strange idea of what’s fun, but just go with it.) The data showcases a wide variety of info, including the following:

Graphic: Screenshot of Google's legal entity identifier reference data.

It also includes a wealth of other related information,

  • Locational data, such as addresses associated
    with the organization
  • LEI registration details
  • Parent company information
  • Children, or legal entities that are related to
    the LEI data (identified as “direct children” and “indirect children”)

If the organization that you’re looking at is a private
business with no parent company, then in the parent section, it will sometimes state
“NATURAL_PERSONS” as the listing.

What Does This DigiCert-Ubisecure LEI Partnership Mean for Your

The Ubisecure and DigiCert partnership means we see one of the first global Certificate Authorities join the Global LEI System. We are very excited that two technology leaders are working together to extend the availability of LEIs through new solutions. And we see this as an endorsement of how LEIs connect identity ecosystems to simplify legal entity identification in the digital age for the benefit of all stakeholders globally.”

— Stefan Wolf, CEO of GLEIF

And while this is great, what exactly does this distill
down to mean for your organization? Simply put, a partnership between DigiCert
and Ubisecure means that whether you’re a new or an existing DigiCert customer,
you can have your cake and eat it, too. You’ll be able to take advantage of
LEIs in the company’s future digital certificate offerings, which include:

Sounds like a win-win scenario any way you slice it — for
companies and end users alike. This just means that you should keep an ear to
the ground about new solutions from DigiCert that integrate LEI data.  

DigiCert is excited to work with the Ubisecure team and GLEIF to explore how LEIs can have a positive impact for our customers and their end-users. DigiCert has a long history of commitment to confirming identity for digital interactions. Our work with LEIs represents another step to further enhance online trust for various connected ecosystems.”

— DigiCert CEO John Merrill

DigiCert, formerly known as Symantec, is committed to
providing identity assurance solutions that solve the challenges surrounding
identity validation, authentication, and encryption. As one of the original
CAs, they’re committed to continually engaging in cutting-edge research and

Ubisecure is the industry’s fastest-growing legal entity
identifier issuer in 2019. In addition to now working with CA customers and
partners, they also help organizations in other industries assert identity,
including compliance financial institutions and fintech.

For us here at The SSL Store, we’re all for asserting as
much identity as possible to protect users and to promote integrity. As such, we’re
excited to see one of our CA partners take this step forward to increase online
identities through the use of LEIs.

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: