2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill creates the Government Digital Verifiable Electronic Records Act.
10 Highlighted Provisions:
11 This bill:
12 ▸ defines terms;
13 ▸ establishes a governance structure;
14 ▸ establishes the Government Digital Verifiable Credentials Commission; and
15 ▸ creates a pilot program for digital verifiable credentials.
16 Money Appropriated in this Bill:
17 None
18 Other Special Clauses:
19 None
20 Utah Code Sections Affected:
21 ENACTS:
22 46-6-101, Utah Code Annotated 1953
23 46-6-201, Utah Code Annotated 1953
24 46-6-202, Utah Code Annotated 1953
25 63A-16-108, Utah Code Annotated 1953
26
27 Be it enacted by the Legislature of the state of Utah:
28 Section 1. Section 46-6-101 is enacted to read:
29
30
31
32 46-6-101. Definitions.
33 (1) As used in this chapter:
34 (a) "Blockchain" means a distributed ledger of ordered electronic records that:
35 (i) is distributed across a network of computers;
36 (ii) utilizes technology to prevent the unauthorized alteration of electronic records; and
37 (iii) is mathematically verified.
38 (b) "Chief information officer" means the chief information officer of the Division of
39 Technology Services appointed under Section 63A-16-201.
40 (c) "Commission" means the Government Digital Verifiable Credentials Commission
41 created in Section 46-6-203.
42 (d) "Digital record schema" means a description of the data fields and tamper-evident
43 technologies required to create a digital verifiable credential or digital verifiable record that can
44 be registered on a blockchain.
45 (e) "Digital signature" means a tamper-evident, immutable, electronic seal that is
46 equivalent in function and status to a notary seal issued by a government entity.
47 (f) "Digital verifiable credential" means a digital document that:
48 (i) attests to a fact;
49 (ii) is issued by a government entity;
50 (iii) can be mathematically verified; and
51 (iv) conveys rights, privileges, and legal enforceability equivalent to the possession of a
52 physical credential of the same type.
53 (g) "Digital verifiable record" means a digital record that:
54 (i) is issued by a government entity or has been digitally signed by a government entity;
55 (ii) has a digital signature;
56 (iii) can be mathematically verified; and
57 (iv) conveys rights, privileges, and legal enforceability equivalent to the possession of a
58 physical record of the same type.
59 (h) "Distributed ledger" means a decentralized database that is maintained by the
60 consensus of replicated, shared, and synchronized digital data.
61 (i) "Executive director" means the executive director of the Department of Government
62 Operations, appointed under Section 63A-1-105.
63 (j) "Government entity" means:
64 (i) the state;
65 (ii) a state agency; or
66 (iii) a political subdivision of the state.
67 (k) "Issuer" means a government entity that has the authority to create, modify, revoke,
68 archive, or destroy a government record.
69 (l) "State archivist" means the state archivist appointed under Section 63A-12-102.
70 (m) "State privacy officer" means the state privacy officer described in Section
71 67-3-13.
72 (n) "State registrar" means the state registrar of vital records appointed under Section
73 26-2-3.
74 Section 2. Section 46-6-201 is enacted to read:
75
76 46-6-201. Government Digital Verifiable Credentials Commission.
77 (1) There is created within the Department of Government Operations the Government
78 Digital Verifiable Credentials Commission.
79 (2) The commission shall be composed as follows:
80 (a) the chief information officer, who shall be chair of the commission;
81 (b) the chief information officer shall appoint one member who has experience in:
82 (i) blockchain technology;
83 (ii) distributed ledger technology; or
84 (iii) digital verifiable credentials and records technology;
85 (c) the state archivist shall appoint one member who has experience in:
86 (i) distributed ledger technology use in government records management; or
87 (ii) government digital verifiable credentials and records;
88 (d) the state privacy officer shall appoint one member who has experience in:
89 (i) blockchain technology privacy;
90 (ii) distributed ledger technology privacy; or
91 (iii) digital verifiable credentials and records technology privacy;
92 (e) the state registrar shall appoint one member who has experience in:
93 (i) blockchain technology use with vital records;
94 (ii) distributed ledger technology use with vital records; or
95 (iii) digital verifiable credentials and records with vital records; and
96 (f) the governor shall appoint two members as follows:
97 (i) one member representing political subdivisions, recommended by the Utah League
98 of Cities and Towns or by the Utah Association of Counties; and
99 (ii) one member from the private sector who has professional experience in the creation
100 or management of digital records.
101 (3) (a) Except as required by Subsection (3)(b), the appointers shall appoint each new
102 member or reappointed member to a four-year term.
103 (b) The designated appointers shall, at the time of appointment or reappointment,
104 stagger the length of terms so that approximately half of the commission is appointed every
105 two years.
106 (4) A commission member may serve after the commission member's term expires
107 until replaced.
108 (5) When a vacancy occurs in the membership for any reason, a replacement shall be
109 appointed for the unexpired term.
110 (6) (a) A majority of the commission constitutes a quorum for the transaction of
111 business.
112 (b) The action of a majority of the quorum present constitutes an action of the
113 commission.
114 (7) (a) The commission shall meet at least once during each calendar quarter, with
115 dates for the meeting chosen by the chair.
116 (b) The chair shall provide notice to other commission members at least 10 working
117 days before the meeting date.
118 (8) A member may not receive compensation or benefits for the member's services but
119 may receive per diem and travel expenses in accordance with:
120 (a) Section 63A-3-106;
121 (b) Section 63A-3-107; and
122 (c) rules made by the Division of Finance in accordance with Sections 63A-3-106 and
123 63A-3-107.
124 (9) The Department of Government Operations Division of Technology Services will
125 provide support staff for administrative functions of the commission.
126 Section 3. Section 46-6-202 is enacted to read:
127 46-6-202. Purpose, powers, and duties of the commission.
128 (1) The purpose of the commission is to research and develop standards for
129 government issued digital verifiable credentials and records.
130 (2) The commission shall provide recommendations to government entities regarding:
131 (a) appropriate digital record schemas that allow a government to issue a digital
132 verifiable credential or record;
133 (b) policies and procedures to protect the privacy of personal identifying information
134 maintained within distributed ledger programs;
135 (c) the manner and format in which an issuer may certify a document through
136 blockchain; and
137 (d) processes and procedures for the preservation, auditability, integrity, security, and
138 confidentiality of digital verifiable credentials and records.
139 (3) In researching and developing standards for government issued digital verifiable
140 credentials and records, the commission shall consult with:
141 (a) the Utah League of Cities and Towns;
142 (b) the Utah Association of Counties; and
143 (c) other state agencies.
144 (4) The commission shall report annually to the Government Operations Interim
145 Committee by October 31 on the commission's responsibilities described in Subsection (2).
146 Section 4. Section 63A-16-108 is enacted to read:
147 63A-16-108. Digital verifiable credential pilot program.
148 The Division of Technology Services shall:
149 (1) create a pilot program for the implementation of digital verifiable credentials that
150 complies with recommendations from the Government Digital Verifiable Credentials
151 Commission created in Section 46-6-201;
152 (2) work with the Government Digital Verifiable Credentials Commission and
153 government entities to explore appropriate additional digital verifiable credentials
154 implementations; and
155 (3) report to Government Operations Interim Committee by October 31, 2023, on the
156 progress towards the creation of the pilot program described in Subsection (1).