Advisory Council on Sorting out Issues in Attribute Certification (2nd)

Last Updated:: Apr 9, 2026

Overview

Date and

Thursday, February 26, 2026, from 10:00 a.m. to 12:00 p.m.

US>

Online (Microsoft Teams)
- *The live stream has ended.

Agenda

1. Opening
2. Agenda: "Discussion on measures to realize the utilization of VC and DIW"
3. Closing and Communication

Material

Proceedings (PDF/318KB) (updated on February 26, 2026)
Document 1: Secretariat explanatory material (PDF / 958 kb) (updated on April 9, 2026)
Reference 2: Summary of Discussions in the Technical Working Group of the Advisory Council on Sorting out Issues of Attribute Certification in FY 2025 (PDF / 702 kb)
Proceedings (PDF/496KB)
Proceedings (PDF/299KB)

Minutes

Digital Agency (Kitainoue): Now, it is on time, so we will start the "Expert Meeting on Sorting out Issues of Attribution Certification (2nd Meeting)" from now. Everyone, I know you are busy today, but thank you very much for your time. I appreciate your cooperation. As time is limited, I would like to move on to the agenda. Prior to the discussion, the Secretariat will explain the materials. After the explanation of the materials, I would like to ask the Chairperson of the Council to proceed with the discussion. Then, the Secretariat will explain based on Material 1.

Digital Agency (Sawada): It has been a while since the first meeting in November, so I would like to begin with a review. Once again, the purpose of this meeting is to explore further digitization and sophistication of paper and simple PDF certificates left over from administrative procedures, etc., by linking information through users using VC-DIW. In order to realize the use of VC / DIW in the administration, it is necessary to first sort out the technical issues, feasibility, and restrictions, to sort out the usage environments and infrastructure such as signature keys and wallets, and to develop the laws and regulations systems to allow public certificates to be VC. We started this meeting based on the recognition that these issues need to be solved not only in Digital Agency but also with stakeholders. Among them, at the first main body meeting, in order to start discussions on how to utilize the new technology VC / DIW at ease in the government, we made a proposal to create guidelines that indicate risk measures for realizing public use cases. Most of the participants agreed with this proposal, and the technical working group was scheduled to discuss the content and standards of this technical measure. Let me give you a brief update on the status of that technical working group. Technical working groups were held in December and January, and when the secretariat suggested that guidelines could be considered, we received opinions on the premise and direction of the discussion, including opinions that it would be better to look at a wider range of topics, such as protocol layers, key life cycles, and the entire digital identity life cycle, and opinions that the use cases presented are highly abstract and that it would be difficult to discuss technical details. Therefore, we have decided that it may be too early to draw up the outline of the guidelines for risk countermeasures this fiscal year. We will continue to consider this point in the next fiscal year and after sorting out the prerequisites and details. In addition, during the discussion of the technical working group, it was suggested that there is a need to continue a wide range of discussions at the main meeting and in the next fiscal year and beyond, especially on the issue method and the ideal wallet. For example, with regard to the system for issuing VCs, we received opinions that the necessity of using VCs is questionable under the hypotheses presented by the secretariat. We also received opinions that the ideal way of issuing VCs should be considered again on an ongoing basis, and that there are issues with the trust chain of signature keys in the agency of the issuing function. It was also suggested that various entities need to be able to provide wallets, that use cases where multiple different credentials are presented at the same time need to be considered, and that it is important to consider to what extent people who cannot use smartphones should be included. I would like to ask Mr. Nakamura, Chairman of the Technical Working Group, to briefly review and comment on the opinions expressed in the Technical Working Group. Thank you, Committee Member Nakamura.

Dr. Nakamura: My name is Nakamura Technical Working Group. You gave a brief explanation, but you can find a more detailed record in the summary in Document 2. Please take a look at it when you have time. In the limited time of two meetings, I think there were many cases in which the way of proceeding was not good, in which we received as many opinions as possible from the members. However, many issues were pointed out, so I think it would be good if we could continue our discussions while looking at those issues. That is all briefly.

Digital Agency (Sawada): . Next, I would like to talk about the scope of today's meeting's discussion. In today's discussion, we will discuss the use environments and the ecosystem to maintain them, which are issues that need to be discussed at an early stage. As shown on the right side of the figure in the document, we will continue to discuss the realization of the requirements for various countermeasure standards, including risks, and how to promote their implementation, which was discussed at the first meeting of the main meeting, in the next fiscal year and beyond. I will start explaining the contents of the discussion. As a specific way of proceeding with today's discussion, we will discuss the provision of the use environments necessary for the issuer, holder, and verifier to use VC, and what the government should do at an early stage to form an ecosystem. As a specific example, as shown in the figure below, we will discuss the case where individuals receive certificates issued by the government and submit them to the private sector, and the case where individuals submit certificates issued by the private sector to the government. Then, I will present two use cases as subjects to make it easier for the committee members to discuss the image of this discussion. Please note that this is only a hypothetical example for discussion, and it is not the specifications of an actual use case. Please note that this is not a discussion on the appropriateness itself. The first example of a certificate issued by the government is a VC of a copy of a residence certificate. This is a hypothetical use case in which a resident can obtain the certificate online to prove household information, etc., and submit it online or at the counter, and at that time, selective disclosure can be used. The second example of a certificate issued by the private sector and presented to the government is an employment certificate. This is an assumption of a use case in which an employee is issued by his / her company to be used for screening for admission to licensed nursery schools, etc., and presents it online or at the counter to the local government.

Digital Agency (Ishii): First, I will explain the "Matters to be Addressed for Realization of Utilization from the Public to the Private Sector." The public-to-private use case assumes an IHV model use case in which a government agency issues a VC, which is held by an individual user in a wallet and presented to a private company. Specifically, it assumes a case in which a public certificate issued by a government agency, such as a copy of a residence certificate, is converted into a VC. Public certificates, which used to be issued in writing at local government counters, are now delivered electronically as VC, stored in wallets on smartphones, and can be presented to private companies immediately. This is expected to greatly improve the convenience of citizens in various private procedures. On the other hand, public certificates are required to be highly reliable based on the existing laws and regulations and systems, and the ecosystem for that purpose has not been established. In addition, there are limited efforts in Japan to set precedents. Therefore, there are concerns about the cost of consideration and development due to these issues, and it is difficult to make decisions on introduction. In order to solve these problems, each box on this slide defines what each entity aims to be several years from now. In addition, the Secretariat's proposals for short-term initiatives to be prioritized in the next fiscal year and beyond and for mid - and long-term initiatives to be taken in the future to implement and spread in society are provided. The details of each initiative are summarized and explained on the following pages. First of all, I will explain "Matters concerning the issuance of VC". The "ideal situation" here refers to a situation in which each administrative agency that will be an issuer issues a VC that conforms to compatible common specifications, rather than separate proprietary specifications, and improves the efficiency of certificate issuance operations. Two "short-term initiatives" to realize this are listed. The first is the arrangement of VC issuance requirements in (I) -1. Specifically, we believe that it is necessary to formulate a document that summarizes the requirements for how an administrative body should issue VCs, such as what should be used for a VC's signature key, how that signature key should be managed, and how the public key should be made public. We also believe that it is necessary to present this document to the government agency responsible for the system so that local governments and others can refer to it. The second is the verification test of ① -2. Since it is difficult for the ministries, agencies, and local governments that issue certificates to consider VC independently, we believe that it is necessary to verification test whether it can be realized technically and what value it has in order to create examples in cooperation with Digital Agency. In addition, as one of the "medium - to long-term initiatives," for example, in (1) -5, we believe that it is necessary to develop assets and tools, including reference implementations, so that the administrative agency that will be the issuer can efficiently prepare the VC issuance environment. Next, I will explain "Wallet-Related Initiatives." "The" "future vision" "mentioned here refers to a state in which a highly reliable and compatible wallet can be used when users hold and manage their own public certificate VC on smartphones, etc. with peace of mind." The clarification of the wallet requirements in (ii) -1 is listed as a "short-term initiative" to realize this goal. Although many Wallet Providers offer wallets, the selection guidelines and criteria for wallets that should store public-certificate VCs are unclear. Therefore, we believe that it is necessary to organize the requirements that wallets that handle public-certificate VCs should have, specifically, requirements such as VC issuance and presentation protocols, security measures, key management methods, and interoperability. In addition, as one of the "medium - and long-term initiatives", for example, in (ii) -3, we believe that it is necessary to consider to what extent the suitability of the wallet requirements arranged in (ii) -1 should be required, to what extent the suitability should be secured, and if secured, how the suitability should be evaluated, or whether the administration itself should provide it. This is followed by an explanation of "Matters related to VC verification". Here, the "ideal state" refers to a state in which a series of operations are automatically automated or made more efficient by having staff in charge visually confirm the authenticity of the contents of entries and receiving official certificates in VC format, which had been manually transcribed into the system. The third item, (3-1) verification test, is listed as a "short-term initiative" to achieve this goal. As verification test was mentioned in the initiatives related to the issuance of VCs, even if a VC can be issued, if it cannot be presented, the ecosystem will not be established. Therefore, I think it is necessary to have a verification test that goes into the incentives of the Verifier, such as whether the business can be made more efficient and whether the reliability of the certificates can be increased, by involving the private sector as the Verifier. In addition, as one of the "mid - and long-term considerations", for example, in (3) -4, we believe that it is also necessary to provide a simple VC viewer from the administrative agency as an allowance for private companies that will be Verifiers to efficiently establish a VC verification environment. Finally, I would like to explain the points I would like you to discuss. We have compiled a list of the secretariat's proposals for the "Short-term Initiatives" and "Mid - and Long-term Considerations" that I have just explained. Please comment on the appropriateness of the direction of the "Short-term Initiatives" highlighted in blue. We would also like to hear your views on what needs to be done to enhance its effectiveness, as well as any other priorities. That's all from the Secretariat. First of all, I would like to introduce the comments of Mr. Taki, who is absent today. "I think the Secretariat's proposal for short-term initiatives is appropriate. As for the use case of My Number Card itself, I understand that the point that certificates of residence can be issued at convenience stores has ultimately helped to raise public awareness. Convenience store certificate of residence may not be the original government DX, but it is a highly recognized keyword. In the past, the residence certificate was often used in identity verification, but since society is shifting to authentication using the card itself, I agree to focus on use cases other than the residence certificate, and that can be implemented quickly. That's all from Mr. Taki. Any further proceedings will be handed over to the Presiding Officer of the Kokuryo. Thank you very much.

Chairperson KUNIJI: , good morning. Thank you very much for taking the time out of your busy schedule. First of all, as Chair, I would like to express my gratitude and a small apology to the technical working groups. I also listened to some of the discussions, but I understand that the main meeting did not clarify the definition of why collaboration through users is important and what exactly we want to do, so various points of discussion erupted. However, among them, there were many discussions on very important individual themes, so I think it is very important today to work on how to structure them as much as possible and incorporate them into important matters. I think it would be better to speed up this short-term initiative, but I think the lesson of this meeting was that if we speed up too much, we will end up like this. I think the mission of today's final landing is to clearly define why we want to do it and what we want to do, quickly sort it out, and then accelerate it, so I would like to proceed with the discussion in this way. In the short term, I think we will be able to properly determine the direction and move forward with the necessary work in the next fiscal year. I would like to preface this by saying that page 22 is easier to understand than the page you are showing now.

Digital Agency (Sawada): Page 22 is for the next discussion. Page 15 is a summary of issues in the case of government issuance, followed by 3 pages of Issuer, Wallet, and Verifier. This time is for the discussion of government issuance use cases, and especially Issuer, Wallet, and Verifier are not divided into discussion time.

Chairperson KUNIJI: I see. Then, based on this page, I would like to hear your opinions on short-term initiatives. Thank you very much.

Committee Member Sakimura: All of the points you raised here are very important, but if I were to take up any of them, I would say that it is very important to consider which of them includes delegation. This is the same as the previous point about age confirmation, and it is also the same for corporations, and AI agents, and most of the hot areas are involved in this delegation, so I would like you to include them properly. Also, regarding the points to note regarding derivative VC, I think there will probably be a format conversion or issuance of a paper version because the original issuer does not respond. In that case, I think it is possible to issue such a notarial type of derivative VC, and considering these things, derivative VC will be essential, so I think it is important to sort out what it should be at that time, and in terms of popularization, if it means that it will never be issued unless the original issuer responds, I think it will never become popular. Also, if possible, I would like it to be in a form that does not discourage the private sector, as everyone is running. These are the three points. . Thank you for putting this together in such a short period of time. I would like to express my gratitude to the members of the secretariat. On top of that, when thinking about this kind of thing, I think it is important to firmly recognize the meaning of promoting the issuance of VC to society. On top of that, I think we will consider the public and private sectors and the private sector. We recognize that promoting VC issuance aims to improve economic efficiency and productivity, in other words, economic growth, by circulating and automatically processing structured data in accordance with the data minimization principle, including the verifiability of structured data, including the legitimacy of issuers, the non-falsification of data, and the legitimacy of presenters. Of course, there is an aspect of front-end collaboration because back-end collaboration within the administration is difficult. However, it is only a "by-product" or one use case. It is possible to make a mistake if discussions are reduced to that and expanded to the whole. Therefore, I think it is important to have a proper overall view. In order to achieve this, it is necessary to promote the issuance and use of certificates widely in both the public and private sectors. In order to achieve this, I recognize that one of the conclusions of the DIW Advisory Board last year was that the government should issue certificates and notices of disciplinary action as verifiable digital credentials, starting with personal contributions. I still think this approach is the right one. I think he is referring to the first use case, which is from the public sector to the private sector. At that time, regarding the use of VC, it is important to thoroughly implement the verification rules. I think there are often cases where received data is accepted without signature verification just because it looks like VC. It is very important not to use identification numbers by mistake. For example, in foreign countries, we have experienced many accidents in which personal identification numbers used for various procedures are used as if they were credentials. That was an example where something that could not be verified was treated as something that could be verified. In the same way, there have been many cases where signatures are not verified, or the keys used for signing are not confirmed to be provided from the correct source. Therefore, it is important to verify not only that the received data has not been tampered with and is in the correct format, which is of course important as the first step, but also that the data has been issued according to the correct process = by creating a trust chain leading to a reliable issuer, and that the key is reliable. Here, the issuer is trusted because the issuance process can be verified by a third party evaluation that it corresponds to the guarantee level. This will come later, but it will be privately issued, and this alone should almost eliminate the risk of accepting a VC issued by an unfair issuer. Therefore, I think it would be a good idea to hold individual discussions based on this kind of overall view. It is almost a will from the "DIW Advisory Board", but I mentioned it at the beginning.

Chairperson KUNIJI: Thank you very much. Mr. Kasai, please come in.

Committee Member Kasai: . Mr. Taki, I agree with you to seriously consider a VC, which is a copy of the residence certificate given as an example from the public sector to the private sector. On the other hand, what I think is a little lacking is that, although it is in the form of demonstration from the beginning, copiers, which you call analog now, also have a certain history and are used frequently, so I think it would be better to clarify the current situation and issues from the perspective of stakeholders such as local governments, our convenience store delivery machines, and users, and then compare them with those of VC. In addition to that, on page 12, at the stores that are assumed to be listed now, convenience stores, or other places, for example, financial institutions when applying for a housing loan, very important in considering the introduction of VC is the terminal device for reading, and Mr. Digital Agency said that he would provide an SDK, but tablets and other devices that are combined with other machines are quite costly, and there are many cases where business operators stop them. Therefore, we need to have a clear understanding of the cost burden of issuing certificates at convenience stores, as well as the current analog format. In order to use various VCs in the future, we need to have a clear view of what kind of function is required for the reader device, such as QR, NFC, or Bluetooth, and which function should be used to standardize most of the VCs. There is a tendency to discuss the issuance of VCs, but if it cannot be verified, it will not be used. I think we need to discuss this in parallel. In addition, for the sake of the future, whether or not to allow dual operation when the issuance of certificates of residence at convenience stores is changed to a copy of the certificate of residence of VCs, and whether or not a legal system is necessary in that case, I think that it is possible to discuss it separately from the demonstration. That's all.

Chairperson KUNIJI: Thank you very much. Commissioner Sakae Fuji, please.

Sakae Fuji: Thank you very much for organizing it. If I were to speak based on the 15 pages that you see now, the first question that comes to mind is whether the promotion of the use of VC in the public and private sectors is premised on the assumption that VC issued by the government will be stored in private wallets. I would like to confirm this as the first point. If the answer is yes, number 2 in the middle states that the requirements for a highly reliable and compatible wallet will be organized, but considering that My Number Card has already issued a system for Apple Wallet, in short, is it correct to judge that the Government of Japan has already recognized Apple Wallet as satisfying the requirements for a highly reliable and compatible wallet? If it is judged that it is accepted, I think that the reasoning that the requirements may have already been issued may be established. Then, in other words, if it is at the same level as Apple Wallet, even if there is a private wallet, it will automatically meet the requirements. In other words, it is written that clarifying the requirements here is a short-term measure, but I feel that it can be said that this is already a requirement, and if not, My Number Card is not on Apple Wallet. I would like to know about this point. As for the other two points, one of them is about verification test, and I recognize that it is the era of the Trusted Web, and if we include My Number Card, which is being done by the People's Service Group for the utilization of verification test, it is already doing quite a lot of verification test. On top of that, there is a story about doing more verification test, but I wonder what is different from verification test so far. As Mr. Sakamura mentioned earlier, although there is a premise that technology will change, I feel that in the short term, it is better for administrative organizations to start using it for actual work. As for the issuance of certificates of residence at convenience stores, I have my doubts about whether this is the ultimate goal, although it is said that it is very convenient to issue certificates of residence at convenience stores. My personal impression is that if the original plan included the elimination of paper, I would not be convinced if it were said that it was a successful example because it was currently available and convenient, or because there were many users. The last one was comments. I have just talked about four points, so I would like to hear your comments.

Chairperson KUNIJI: Any comment from the Secretariat on this?

Digital Agency (Sawada): Wallet, the secretariat would like to provide some additional information. Firstly, we would like to discuss the possibility of including government-issued certificates in private wallets, including the possibility of including them this time, although it does not mean that all certificates must be included or all certificates must be included. Also, as you said, My Number Card smartphones have already started to be installed in the operating system wallet, and this requirement already exists. We are moving forward with installing them in smartphones as we have decided on various requirements. However, I believe it is necessary to discuss whether these requirements and the requirements for certificates handled by other administrative bodies should be equal. As you said, when we proceed with various discussions, including on copies of residence certificates, we will consider the specifications of My Number Card, and whether there are any additional requirements or if the requirements of My Number Card are too heavy.

Sakae Fuji: Thank you very much.

Chairperson KUNIJI: I think the confirmation you just made is quite important, so is it correct to understand that your answer was that when you store My Number Card in Apple Wallet, it is organized to a certain extent, but it is acceptable to have something that is not that strict? I said once again that it would be better to organize what the requirements are.

Sakae Fuji: That's how I took it.

Digital Agency (Sawada): with other certificates or other wallets.

Chairperson KUNIJI: However, it is almost the same in the sense of posting a copy of the certificate of residence.

Digital Agency (Kusunoki): residence certificate should be taken as an Identity Document or an Attributes Document. Depending on how you look at it, a copy of the residence certificate by itself is not approved for bank accounts, for example, so it does not have a photo attached. It is probably similar in nature to a tax payment certificate and is an aspect of a residence related certificate. On the other hand, it has been historically used as a identity verification document by the study group in Ministry of Internal Affairs and Communications, so there is a major problem with being able to reproduce it. There are both sides. I think this is a somewhat marginal case. In a sense, in the context of smartphones, we decided that Apple Wallet and Google Wallet would be good because users want to install My Number Card on smartphones. Japanese smartphones are mostly iPhones or Androids, and they only need to run on both. It is my understanding that in the future, AI agents will handle various Attributes Documents and automate various procedures. To do so, it will be necessary to handle not only IDs but also various official documents and private documents in a bundle and carry out the procedures. However, there was no particular restriction on this. In the age of personal computers, it is possible to download and upload regardless of the environment, and there were no particular restrictions. In that sense, the world in which agents handle documents will probably be a world in which Japan will lose by default unless a considerably large number of players can enter compared to the current Android and iPhone Wallets. I think it is not possible to hand over all agents to big tech companies overseas at this point. identity verification

Chairperson KUNIJI: In that case, we need to consider whether a copy of a residence certificate is sufficient as a use case.

Digital Agency (Kusunoki): Of course, I think that various documents should be examined. In particular, it happened to be a copy of the residence certificate that the system division requested to meet these requirements. Therefore, there is a background that it is necessary to examine these requirements in a proper manner, and we are examining them.

Sakae Fuji:

Chairperson KUNIJI: Selective disclosure is one of the strong reasons why the wallet method is good, isn't it? Mr. Itakura, please.

Committee Member Itakura: . Thanks for your help. I would like to say that it is extremely important to issue a copy of the residence certificate or a part of the information, and that there is another exit point that verification test is trying to implement. One is that the Act on the Protection of Personal Information will probably be amended in this Diet session, and there will be a rule that when obtaining the consent of a person under 16 years of age under the Personal Information Protection Act, the consent of his or her legal representative must be obtained, and if notification is to be made, the notification must be made to his or her legal representative. At the same time, it's becoming a trend overseas, though not in Japan, for people under 16 to be banned from using social media. Australia is already successful. This is a story that has an extremely large impact, and even now, when money is involved, of course, the rule of minors under the Civil Code applies, and each service provider does it accordingly, but what is required by law in terms of personal information protection is to secure the consent of or notification to the legal representative in some form. What will happen if nothing is done about it is that everyone will take a copy of the family register, and that will be hell. The minimum information required is whether or not the person is a legal representative. It is not necessarily the case that the person is a parent or a child, but this is sufficient for about 99.9% of the cases. Therefore, if we can show only a part of the information on the copy of the residence certificate, that is, the information that this person is a parent or a child, this can be covered considerably. This is an urgent issue until the Act on the Protection of Personal Information comes into force. So, when I first started talking about this, I thought that the copy of the certificate of residence was so important, but under the Personal Information Protection Act, the age of 16 is the age of majority for personal information, and businesses that provide services used by children must confirm whether or not they are the legal representative. I don't think it is necessary to emphasize that too much, and I am saying that the check box "My child says it is good" is not good, but there is a very high possibility that Japanese business operators will overreact when they are legally required to do so and will have to send a copy of the family register. This is the worst case scenario, so the time line for preparing such a situation where there are two terminals that can minimally prove the parent-child relationship by the time the Act on the Protection of Personal Information comes into effect has almost been cut off. It is based on the assumption that the amended law will be passed in the Diet. Therefore, this is no longer the time to talk about verification test, and there is a problem that by the time the Act on the Protection of Personal Information for Minors comes into effect, we must be able to introduce it quite easily. At that time, the exit has actually been prepared through a revision of the law, and as it is next to Mr. Digital Agency, I think you are probably aware of how it is being done, but in the case of the revision prepared by DIGI, it is assumed that part of the Digital Government Promotion Act will be revised and it will be approved as a kind of sand box. One of the examples was that the government approved a scheme to publish information on business operators through API, and that it would do so without revising the law. In the same way, a scheme in which part of the information on the residence certificate is issued when certain requirements are met and used by everyone may not necessarily require the revision of the Residential Basic Book Act. It may be better to use that scheme as an exit point and eventually revise it. However, if everyone meets the requirements, it may be okay to do it, and there may be an exit point of doing it for a while. Mr. Sakae Fuji and others have discussed whether it should be called verification test, but I think the goal should be to proceed with the scheme assuming that it will be approved under the Digital Government Promotion Act. That's all.

Chairperson KUNIJI: : Thank you very much. Did you hear, Mr. Wakae? If it's all right with you, I would like all the committee members to hear it. After this, I would like the public sector to speak to the private sector, and after that, I would like the public sector to speak to the public sector. What do you think about this timing?

Dr. Wakae:

Chairperson KUNIJI: Thank you, Mr. Yokota.

Dr. Yokota: . I would like to supplement or comment on the views of the two people who just spoke. Although it is difficult to decide on a short-term or long-term basis, what we should probably do in the short-term is to formulate a vision that we are considering in this direction, and in that case, consider whether we can use what we currently have or how we can use it in other ways. If we do not include it in our short-term mission, which is to formulate it as a set, present easy-to-understand materials, and hear from various actors, there is probably nothing we can do by ourselves. So, I think we will ask local governments, consumers, and users to tell us what they think about what we have just said. I think we can recognize that the next big issue is to draw out what other ways of using it are, or to consider how it should be implemented in society in accordance with that. I think the biggest challenge is to draw a picture that, as Committee Member Itakura said, if we can selectively disclose what we do, everyone will be happy. I think the biggest challenge is how much we can avoid the reaction that people do not want to use it because they do not know well, which is very important as a short-term mission. I think the biggest challenge is whether we can draw a picture that, as Committee Member Itakura said, if we can selectively disclose what we do, everyone will be happy. If we do not encourage this, the administrative side will not take any serious action, and if there is one successful example from the public to the private sector, it will be easy to think about the next wallet. That is all.

Chairperson KUNIJI: In reality, it is a reflection that we should have done it in the last six months or so.

Dr. Yokota: In a sense, we have been caught up in the revision of the Act on the Protection of Personal Information and its implementation in society, so I think we can say that this is an urgent matter.

Chairperson KUNIJI: Mr. Nakamura, please.

Dr. Nakamura: My name is Nakamura . From the perspective of technical review, there is a plan to present the concept of the VC issuance method to each ministry and agency in regard to (I) -1 of today's short-term issues. However, as Mr. Sakamura mentioned earlier, if it is necessary to clarify the overall design, the expression "concept of the issuance method" seems to be a little vague. First of all, it is necessary to have them understand what kind of use case it is, including the Verifier, which is a technical reliability mechanism. Then, materials that can properly examine how it can be applied to your procedures will be necessary. I think that verification test will also be an experiment based on that assumption. We need to clarify the initial design. Then, as for the next technical review, although we understand what we want to do next year is this image, we will not be able to discuss what will happen when it is applied to technology because no one has decided it. Therefore, I would like you to prepare for that. That is all.

Chairperson KUNIJI: Thank you very much. At the end of the meeting, we will have a general discussion again. I would like to end the discussion from the public sector to the private sector and move on to the discussion from the private sector to the public sector. The secretariat will explain this again.

Digital Agency (Ishii): Let me explain. Next, I will explain the "Initiatives to Realize Utilization from the Private Sector to the Public Sector." A use case from the private sector to the public sector is an IHV model use case in which a private company issues a VC, and the VC is held by individual users in a wallet and presented to a government agency. Concretely, we assume a case in which a document issued by a private company, such as a Certificate of Employment, is converted into a VC. Documents that used to be submitted to private companies and issued in writing or as PDFs are now delivered electronically as VCs, stored in wallets on smartphones, and can be immediately presented to administrative agencies such as local governments. This is expected to greatly improve the convenience of citizens in various administrative procedures. On the other hand, there are no requirements for VCs that can be received by administrative agencies such as local governments, and the environment for administrative agencies to receive VCs is not yet in place. Therefore, it is easy to raise concerns about the cost of consideration and development due to these issues, and it is difficult to make decisions on introduction. In order to resolve these issues, in the same way as the use cases from the public sector to the private sector, this slide describes the vision that each entity will aim for in a few years, and the secretariat's proposals for short-term and medium - to long-term initiatives to achieve that vision. We will explain the details of each action item on the following pages. First of all, I will explain "Matters to be addressed regarding the issuance of VC". Here, the "ideal situation" refers to a situation where there are a certain number of private companies that can issue VCs in a format that complies with the technical requirements and reliability standards stipulated by administrative agencies, and private documents that were previously issued in paper or PDF format are issued as VCs. As a "short-term initiative" to realize it, we have listed the arrangement of VC issuance requirements in (I) -1. When administrative agencies accept applications by VCs, we believe that it is necessary to establish certain requirements so that VCs issued by private sector can be properly accepted and verified by administrative agencies. Specifically, we need to determine how to define requirements such as data format, schema, and signature method, which was discussed in the technical working group, while taking into account the development and operation costs of private companies. In addition, as one of the "medium - to long-term considerations," in (I) -2, for example, we believe that we can promote private sector's issuance of VC by promoting the merits of verifiability and machine-readability in administrative procedures, as well as by considering the issues of current administrative work, such as whether the contents of submitted private documents are confirmed one by one in current paper-based administrative work and whether it takes time to investigate the existence of the issuing company, and the possibility of utilizing VC, which is one of the solutions. Next, I will explain the "Wallet Initiatives." Here, the "ideal state" refers to a state in which a wallet can be used to store VCs such as credentials and attribution certificates issued by private sector, and to present those VCs to government agencies for various administrative procedures. The clarification of the wallet requirements in (ii) -1 is listed as a "short-term initiative" to realize this goal. The government proposed to the secretariat that it is necessary to clarify the requirements for a wallet to store a public certificate VC even in a use case of the private sector. Similarly, even in a case where an administrative agency acts as a verifier, in order for the administrative agency to accept a reliable VC with peace of mind, the wallet that stores the VC may be required to satisfy certain requirements. Therefore, we believe that it is necessary to first define these requirements. In addition, as one of the "medium - and long-term considerations", for example, in (ii) -3, as in the case of use cases from the public sector to the private sector, we believe that it is necessary to consider to what extent the suitability of the wallet requirements arranged in (ii) -1 should be sought, to what extent the suitability should be secured, and how the suitability should be evaluated. Next, I will explain "VC Verification Initiatives". Here, the "ideal image" refers to a state in which government officials, as the contact point, realizes mechanical authenticity verification and automatic input by receiving attached documents, etc., for which a lot of time is spent on visual confirmation of the authenticity of the contents of entries and manual transcription work in administrative procedures as a VC, and improves the efficiency of business. (3-1) verification test is listed as a "short-term effort" to achieve it. Depending on the administrative procedures, there are system issues such as three tier separation and operational issues of the government officials serving as the contact point, so it may be difficult for the regulatory agency or local government to establish a VC verification environment independently. For this reason, I think it is necessary for Digital Agency to cooperate with verification test and go as far as to provide incentives such as "To what extent can the work of administrative agencies be made more efficient?" and "Can the reliability of private certificates be increased?" In addition, as "mid - and long-term considerations", we believe that it is necessary to "provide reference implementation and testing tools, etc." and "provide a simple VC viewer" for the verification environment as described so far. Finally, I would like to explain the points I would like you to discuss. In the same way as the previous use cases from the public sector to the private sector, this page lists the secretariat's proposals for the "short-term initiatives" and "mid - to long-term considerations" that I have just explained. Please let us hear your opinion on the appropriateness of the direction of the "short-term initiatives" highlighted in blue. We would also like to hear your views on what needs to be done to enhance its effectiveness, other priorities, and the different perspectives between public-private use cases and private-public use cases. That's all from the Secretariat. First of all, I would like to introduce the comments of Mr. Taki, who is absent today. "I think the Secretariat's proposal for short-term initiatives is appropriate. The employment certificate is the number one topic that resonates with users due to their tight time and mobility constraints, and I think it is a use case that can be used as a reference for implementation rather than being fictitious. The regulatory reform Promotion Council and other organizations have already reduced the number of local rules and issued standard forms. The foundation for information sharing is in place. Since working hours and other data are somewhat complex, we believe that being able to reliably deliver these data will make it easier to connect to the next time. As a company that provides payroll and attendance management services, we believe that this function is easy to introduce and get recognition from customers when it is actually put into operation. This kind of partnership between the private sector and enterprises is important, although it has already been mentioned. That's all from Mr. Taki. Once again, I will hand over the proceedings to the Head of the Kokuryo. Thank you very much.

Chairperson KUNIJI: Thank you very much. Now, Committee Member Kasai, I would like to ask you about what you would like to do most in the short term from the private sector to the public sector. Your hand has already been raised, so please go ahead.

Committee Member Kasai: , but after listening to the discussion of VC members, I still thought that it was difficult. For example, if you only look at the part where it is issued by the government and handed over to the person, how it is used is irrelevant to the previous case. In this case, too, the government finally receives it, and in what processes the VC was issued, I think I have not seen much, or I think I have not grasped the actual situation. Therefore, I will repeat myself, but with this VC, there will be three characters in three places, so I think it is necessary to thoroughly investigate the missing parts, to thoroughly investigate the parts that have not been connected so far. However, in the case of receiving it, I think it is relatively easy to investigate in this case. I think it may be difficult for the government to see how it is issued, how it is issued by the private sector. Even if I say in the previous case, whether it is used after it is issued by a copy machine or a convenience store, whether it is used, I think we must do this in the initial stage, or we may not know who is a stakeholder. I think it will not be a discussion on how to switch from volume. In either case, I think it is necessary to investigate what is lacking when there are two people to three people.

Chairperson KUNIJI: That's why you're saying it's a trust chain or a network, not just a chain.

Committee Member Kasai: On the other hand, the burden on the verification machine, and the difference between the previous case and this case is whether the user is charged or free of charge, there are quite a few differences, so I thought it would be necessary to consider how to place the real specific case and how to share the cost.

Chairperson KUNIJI: Thank you very much. That's a big point when you try to popularize it in reality. What else would you like?

Dr. Yokota: , I would like to talk about something meta. There are probably various things that can be issued by the private sector, and one of them is a work certificate as a use case. There are various things that can be issued, so I think it is likely that the recipient side does not know how to interpret this case. I was wondering where it was written about that. In other words, the way of issuance is completely different between Company A, Company B, and Company C, and the recipient side also wants to do something about the difference in the way of receipt between City A, City B, and City C. I think this is probably within the scope of the VC this time, but I was not sure who is in charge of adjusting it. Can this be done with the standard form of issuance?

Chairperson KUNIJI: This is what you want to say about how to issue VC in the program you are showing now.

Dr. Yokota:

Chairperson KUNIJI: Is this something someone out there is thinking about? For example, it is written that the government should standardize the items that must be included in the work certificate in order to apply for it. Is this something someone is thinking about?

Digital Agency (Sawada): is proceeding in various ways, and I am not aware of the details, but I have heard that while something like a standard format is being created and issued, it is not yet the case that everything is standardized in the actual workplace in Children and Families Agency.

Dr. Yokota: administrative law, it is probably the case that some ministry or agency will take the lead in standardizing the standards used in the administrative work of local governments. On the other hand, I think that we will be discussing the establishment of a system that can provide the technical requirements to meet the standards. I have to go so far as to say that this is necessary. I think that this is necessary in the sense of guiding the design of the system.

Dr. Nakamura: My name is Nakamura From the current perspective, for example, I think that (I) -1 on page 22, which I mentioned earlier, corresponds to the clarification of the requirements for VC that can be accepted by the government. For a moment, I wondered if the keyword was expressed in "how to define the requirements such as trust standards". Since there is a phrase "when there is a consignment relationship", I understand that even if there is no consignment relationship, what kind of technical requirements the certificate issued by the company should meet in order to be accepted must be clarified first. What do you think?

Chairperson KUNIJI: THAT'S FINE. It's about building a big infrastructure.

Digital Agency (Kusunoki): There are various levels, and the requirements under the Code of Civil Procedure are quite simple, and it is possible to confirm whether it has been officially issued, and if you are asked if it has been issued, you can answer. However, I believe that individual decisions can be made based on the nature of the administrative work and the threat model regarding the extent to which security control measures will actually be technically taken. In any case, for example, the certificate of employment has two layers, and it has been pointed out that the function will not be made unless the document can be received properly in terms of how to prepare the content items, the confirmation method of the undercarriage, the technical method, and technical interoperability.

Digital Agency (Kusunoki): That's a big difference. It won't be an official document.

Chairperson KUNIJI: (Japan): Are you referring to the point at issue? If not, I would like to ask a follow-up question first. What do you think?

Committee Member Itakura: If you say it is related, it is related. Here, too, you just mentioned the cost, but as it says "distribution of publishing tools and apps," each business operator will probably not develop anything, and companies will register and publish with SaaS or the set of SaaS they have been using, so it was discussed, but I wonder if it will be so expensive. One thing that is different from the public one is that the VC does not prove whether the content is correct, which is a matter of course. But I think there is a fair amount of danger that what is done in VC will make you think that receiving is the right thing to do. Because I'm a sole proprietor, I give my certificate of employment to the blue full-time staff and send it to nursery schools and after-school clubs, but I can write it easily, and it is important for everyone to use it while understanding that the content is not correct even if it is done with this. I thought that if I did not say that much, the moment I got this, I would think that the content was also correct. This is probably quite digital and tends to be the case, but the other day, I was taught by a professor of the Code of Criminal Procedure that there is an overseas paper that says that warrants are actually issued in about three seconds when an electronic warrant request is made, although there is an urban legend that warrants are still examined relatively easily from long ago. I didn't read the original, but it's a transcript. In other words, if we have too much trust in what comes in electronically and start doing it even with sloppy Certificate of Employment, the number of nursery schools has increased for a while, so it has not become a social problem so much that we are having trouble with waiting lists. However, if lies increase easily in places that affect everyone's lives, this could destroy the trust infrastructure, so I think it is better to do it, of course. As I just said, there will be SaaS, so I don't think it will be that expensive, but I am talking about the contents. I thought that I could not leave it if I did not know the contents.

Chairperson KUNIJI: This is an old but new problem. Thank you.

Mr. Matsumoto: Mr. There is a digital identity wallet in the EU, and there is a business wallet. As individuals want to prove their attributes, companies also want to prove their attributes. A business identity wallet is to do that with verifiable credentials, and I think if we include that, we will be able to see the relationship between the two sides. However, it is out of this category, but the specifications are quite close. We are aiming for the same system. Also, I understand very well that there will be a big difference between the public sector and the private sector, but in the case of eIDAS within the EU, it is relatively the same, both for the public sector and the private sector. It is the same as GDPR and the like, and the underlying idea is that the authorities do not believe unconditionally. In Japanese case, the Electronic Signatures in Global and National Commerce Act itself is a law for the private sector and it is not applied to the public sector. In a sense, the system is not the same, but there is a problem of whether it is really good or not. Including that point, I think we need to consider how to view reliability and trust, including the possibility that both the public and private sectors must be the same. I will repeat myself, but the Electronic Signatures in Global and National Commerce Act is the people. Therefore, it is probably the EU's view that a framework of trust utilizing the Electronic Signatures in Global and National Commerce Act should be considered, and that a similar mechanism should be applied to the public sector. In the EU, the idea of "from the people to the government and from the government to the people" is not strong. Recently, the EAA also came up with a public EAA, so I think it is the government that has clarified its authority. The other thing is that there should be a higher layer of discussion on how to deal with the issue between the government of Japan and the government of foreign countries, and I feel that a mechanism such as a third party certification will be necessary, including that.

Chairperson KUNIJI: I think it is safe to say that what you have just said is within the scope of the argument that unless we secure international interoperability in the end, we will end up with the Galapagos Islands. In other words, in Japan, there is a strong sense of trust in the government, and the private sector wants us to conduct a proper verification. However, in the future, if we do not do it in a world where the Japanese government will not believe us, we will not be able to achieve interoperability.

Dr. Yokota: , you always ask us to consider the protection of Japanese nationals living abroad.

Chairperson KUNIJI: , it's a story about whether they believe the passport or not.

Dr. Yokota: . This is probably the same for both the public and private sectors, and Japan needs to take a long-term view of the future of mutual recognition of the fact that such a system has been established. At the very least, the DIW Advisory Board must have discussed whether it would be easy for foreigners who come to Japan to use it, or what would happen if Japanese living abroad used what they had acquired in Japan overseas. I was thinking that it could not be helped if I said too much this time because it was a short-term issue, but I think it would be better to be aware of these issues once again. However, it would be better to exclude such a short-term issue. I think it will probably be omitted from this report. In general, Japanese government agencies are too indifferent to making other countries trust Japan, and they have had difficulties with the Act on the Protection of Personal Information, so I think we need to be aware of this.

Chairperson KUNIJI: This year's report should be written from a medium - to long-term perspective, and we should be aware of that.

Dr. Yokota: Yes. I have a feeling that it would be a good idea to include it.

Digital Agency (Kusunoki): I think we will have frank discussions on this and do what needs to be done. The Government of Japan is not necessarily indifferent to such interoperability with other countries. For example, the Government of Japan's Certification Authority of the GPKI has obtained WebTrust certification, and we have firmly included external audits, so we will do it as necessary. On the other hand, the European framework you pointed out is that Europe is originally a region, and there are multiple countries in this region, and there are very unique circumstances in Europe, such as how to turn it into a digital single market. Whether this is really a global rule or an initiative based on regional circumstances in Europe will be discussed in detail. Japan's relationship with Europe is not limited to Europe, and we have contacts with many countries, including the United States and Asia, and at present, the interoperability of digital identity wallets has not been realized even in Europe. I would like to have down-to-earth discussions on this.

Chairperson KUNIJI: : This is not a question of whether or not we will incorporate the European way of thinking. Rather, we must aim for interoperability within the international environment.

Digital Agency (Kusunoki): What we can see now is that the United Nations or ICAO has a solid framework for international border control and driver's licenses, and Japan is naturally included in it. In terms of other cross-border use cases, the Japan-EU Digital Partnership is working on the so-called academic record issue, but it is difficult to look at specific use cases, and I believe that how to ensure it internationally is a theme that needs to be firmly discussed in detail.

Chairperson KUNIJI: We will put that on the agenda for the time being. Thank you very much. I believe that you have made most of your comments on Point 2. Is it OK to change the position from private to public? I understand. To summarize the discussion so far, from the public sector to the private sector, when an independent wallet is assumed, what should be considered as requirements? Based on the reasons why they want to do it, they want to realize something like selective disclosure from the independent wallet, so they want to think about it with a sense of speed. From the private sector to the public sector, a great variety of players, including individual business operators, will produce various kinds of products. As such, how will standardization be considered at the protocol level as well as at the semantic level? Then, when many players become involved, how will a trust chain be established? If we cannot do these things, which I think is a matter that will affect both sectors as a whole, the cost will explode and the product will become unusable. We would like to prevent this from happening, and we also need to model who will realistically bear the burden and how. The other issue is the one that came up at the end. In the end, this issue will go beyond borders, so we need to work on something that properly takes that into account. In any case, issues such as the right of representation have already emerged as a rather urgent issue, so I cannot take time to talk about this issue. This time, I was too hasty and rather late, so I do not mean to say it is urgent, but I would like the main meeting to share and write a sense of crisis that if we do not move quickly, something that will not actually move will come out. I would like to ask all of you to freely discuss how we should think about the agenda for next year and beyond, including whether or not this kind of summary is acceptable. Can I go to the next one now? You can go now.

Digital Agency (Sawada): Finally, I would like to introduce some other opinions that have been expressed so far and initiatives to be taken in the next fiscal year and beyond. First of all, although I mentioned short-term initiatives, it is of course necessary to consider mid - to long-term initiatives. Therefore, the table on the left of page 27 is a reprint of the initiatives listed on previous pages. In addition to the issues raised at each meeting this fiscal year, Committee members have presented various issues, with the main ones listed on the right. For example, in the next fiscal year and beyond, we will continue to discuss issues such as how to ensure international inter-operability, which was already discussed earlier, electronic records that can be substituted for cards, sorting out the relationship with My Number Card's smartphones, and derived venture capital. We are currently considering three items to be addressed by Digital Agency in the coming fiscal year and beyond. First, continuing from this year's discussion, we need to specify and document risk measures and requirements for VCs and wallets for administrative use cases. At the same time, how will the government encourage related parties to demonstrate the effectiveness of such measures? This is the first point. The second is to involve actual players in individual use cases, materialize business and function requirements, and study specifications. Of course, with interoperability in mind, I will try to actually create it. This is the second point. Third, as I mentioned earlier, we will discuss each of the topics that could not be taken up or discussed this fiscal year. This is how we are currently thinking. That is all from the introduction by the secretariat. As this meeting is being held at the end of the fiscal year, I would like each of you to spend about two minutes passing around the microphone to speak about the progress of future initiatives and your expectations for the roles of the government, taking into account the mid - and long-term initiatives and Digital Agency's plans for the next fiscal year and beyond. First of all, I will read the opinion given by Committee Member Taki who was absent. "I think the secretariat's proposal for the" "medium - and long-term considerations" "is appropriate." Regarding the expectations on the administration for the next fiscal year and beyond, I believe it is very important to be aware of the Early Wynn, including today's two initiatives. I also understand that efforts are being made to the extent possible at this time through the completeness of the pre-developed list of considerations so as not to create too much technical debt for the Early Wynn. The completeness of the list is not limited to this study, but will be a reference document in the future. That is all. Then, I would like to pass the microphone in order. I think the seating order is fine as it is, so I would like committee member Kasai to start in about 2 minutes. Thanks for your help.

Committee Member Kasai: , I am speaking from the perspective of users or verifiers. Even if there is an existing system, consumers and the people themselves will resist any changes. Therefore, the legal system will need to be firmly established. As for how it should be, as I said earlier, we do not know how VCs are being used, not only in Digital Agency but also under a larger umbrella, including the ministries and agencies with jurisdiction. In some cases, they will clearly state that it is a challenge for the ministries and agencies with jurisdiction. For example, a copy of the residence certificate mentioned earlier. As for VCs, as I said earlier, we do not know how they are being used, so on the contrary, it seems that surveys by financial institutions and others will be necessary. This cannot be done individually and optimally at all, and unless we consider the government as a whole, there is a risk of failure. As Mr. Yokota mentioned, first of all, we need to clearly determine the grand design, and then, in order to gain the understanding of the people and businesses, we need to create successful examples or gain the understanding of the people through frequent use. Honestly, the frequency of issuance of work certificates and where it should really start will determine the future fate. Therefore, I think that VCs are good and can be used for such things, including My Number Card, which is of course an operating system, so that the people will accept them and include them in their wallets. This is the end, and I think that a system that can be used properly will turn around. Inevitably, in such a case, it will be a discussion on issuance, but I expect discussions on the entire use of VCs to continue.

Dr. Nakamura: My name is Nakamura . After various discussions in the technical working group, the topic of a VC issuance platform has come up, and at the bottom of page 27, you have written something like "differentiation from signed PDFs." I thought it would be good if we first discuss VC from a technical perspective and then share with everyone the theory that we need to properly use VC in the future. Also, from an academic standpoint, universities are starting to seriously consider the use of VC, and there are ID cards and micro-credentials. Discussions on micro-credentials have been going on for a long time, but just like the discussion here, it seems that there are many cases where people who are in a position to issue micro-credentials end up talking about how they can issue them, including how they can be used by everyone in the entire ecosystem, for example, exemptions from exams, and other advantages for those who receive micro-credentials. In that sense, I think it is a very close topic of discussion, so I thought it would be good to proceed with the discussion while considering these points together. That's all.

Sakae Fuji: The issues and opinions on page 27 are all important initiatives. What I think is that in addition to talking about how consumers can use it without confusion, considering that the private sector is coming in, I think we probably need to work out a way to create something that will not cause confusion in private sector. For that to happen, I believe it will probably be necessary to accurately convey the current thoughts of Digital Agency and the administration. For example, I mentioned earlier that My Number Card is equipped with smartphones, but on the other hand, Digital Agency also has a digital Authentication App that is connected by OpenID Connect. And now we're going to start talking about other VC wallets. From the point of view of the users and the private sector, it seems that there are several similar things running under different names, making it difficult to understand what to do in the end. We have been talking about derivative Wallet and derivative VC since last year. We have been discussing that it is a problem that something like a derivative minor is created. It was quite controversial last year, but it is a fact that it has led to the point where it is difficult to understand, so we create such things, abstract them, and establish them as services. I think this is not such a happy thing for everyone, so from the perspective of consumer protection as well, I think it would be good for them to carry out activities with an emphasis on sending the right message. In the same way, I think that interoperability is also important. When we consider international interoperability, it is inevitable that credentials used internationally and credentials used locally will be separated and separated according to use. As discussed below, we must consider presenting multiple credentials at the same time. When that happens, and you have credentials that you present internationally and credentials that you only use locally from the same wallet at the same time, the people who make the wallet start to wonder if they have to support two standards, and that's unfortunate. So, international is quite difficult, including the question of who is international. I think it will inevitably be a matter of the lowest common denominator, so it will be a difficult issue. However, I think we need to create a method that does not diverge from what is too local. I very much hope that this will lead to the sorting of requirements, the investigation of technology, and the formulation of policies on how to implement them, which were mentioned in many of the issues this time. That's all.

Mr. Matsumoto: Mr. , I would like to ask a question that is further outside the scope of today's discussion. At the time, I first became interested in this issue around 2000, when the Electronic Signatures in Global and National Commerce Act was established. At that time, I was still ignorant of the world, and I did not understand the gap between the existing business model, which presupposes paper documents, and electronic signatures. I thought a lot about what could be done with electronic signatures, but I found that it did not match the existing business model at all, and there was a gap. In particular, I later felt that although signatures had become possible, standardization of what to sign had not progressed at all. This was true even at that time, but we have been in a society that is premised on human vision, and we have not been able to break through that. I think that the DIW / VC this time is likely to be a trigger for breaking through that. Yes, but from my point of view, both DIW and VC are only one means, and we need to automate what does not need to be done visually, including other means, and we need to have a trust chain. I think that such a sense of to-be should be shared in some way. On top of that, I think it would be good to try it first. Since it is a complex system, there are many things that cannot be understood without doing it. Digital Agency also has the ability to execute, so I expect that. However, on the other hand, To-Be is To-Be, and I think that the current reality is that we should keep in mind international interoperability, which I mentioned earlier, and keep in mind that it will not hinder the next phase. That is all.

Dr. Yokota: Basically, I agree with everyone's opinion. In particular, what is the breakthrough this time is important in the mid - and long-term. The technology may change, but what I want to change is probably to accumulate technology to review the current way of administration. I think that's probably a very big part of this project. I think our basic policy is that we need to clearly state that we want to change the current situation where analog and digital are disconnected, such as by visual observation, but in order to change that, we also need to accumulate use cases from the bottom up. But when you go agile, you have to be careful that you don't take people off the ladder. What we are assuming is that there are cases in which when an advanced local government worked on a policy, the national government later broke the policy and ruined the way of doing it. In that sense, I would like you to secure trust in the overall policy at the same time. In other words, it may sound good to start small and grow big, but when we cut branches and leaves, if the system is such that people who bet on the cut branches and leaves lose money, no one will get on board. It is the same for private sector, local governments, and national actors in all sectors, and it is difficult if an increasing number of people think that what they have done has not led to success. So, where is the sandbox and where is the implementation? The profit structure is different for each actor, so I think it would be good if you could proceed while paying attention to these things. Also, the perspective of how to get the government on board is very important. The reason why similar systems are running and people in the government don't know what to do is probably the same, so it is very important to think of a system that allows people who are not familiar with digital to get on board with the idea that it is for everyone to feel at ease. In fact, over the past five years, I have strongly felt that what we have been able to communicate at the local government level is not being done at the national level, so I hope we can do this well. That's all.

Committee Member Itakura: , I would like to repeat what I said at the beginning, but it is more likely that businesses will confirm part of the copy of the residence certificate, especially the legal representation relationship, than I imagined. In short, I thought that you would proceed with it as if the deadline for the enforcement of the Act on the Protection of Personal Information had been reached. As for the certificate of employment, I said during the process that there would be such a need, but I would like you to do that. It can also be applied to the letter of separation, and even if you could do that, I would like you to proceed with it as if it would be a defeat if a copy of the paper copy of the residence certificate or a copy of the family register circulated when legal representation is required. Of course, I do not think we need to go that far. In most services, I think it is good to check the box that says, "Parents say it is good for children." However, when I was asked to explain the amendments to the Act on the Protection of Personal Information, many businesses seem to be worried about it. Therefore, it is a very urgent task to prove only the parent-child relationship with a very simple system, and I think we must proceed with the awareness that we will lose if a copy of the family register circulates. This is the worst case scenario. I mentioned earlier that Australians have introduced age restrictions, and they are doing it with the basic policy that only age should be checked and not even the Public Personal Authentication should be used in the first place. It is a matter of course that it is better not to take unnecessary information. It is truly a defeat to have the family register circulated, so if you proceed with it so that it does not happen, we will of course help you, but we will proceed with it. That is all.

Dr. Wakae: Thank you very much. Consumers have high expectations for this system, and I don't think it is desirable to require perfect authentication and to provide unnecessary information when obtaining the consent of a legal representative when using SNS for children. In that sense, if SNS allows selective disclosure of age, it will provide what users really want, and I think it will become a boost and spread. As a consumer, I expect the decentralized and non-mediated nature of DIW. I believe that the previous Technical Working Group's discussion on the publication platform has been eliminated, but I would like you to continue to focus on the distributed and non-mediated nature. Also, for consumers, being able to choose is very important, so in that sense, I think the perspective of how to create an ecosystem and a business in the future is quite important. Even if Apple and Google do it for free, I think it will work well by pulling in their own services. However, I think we have to think about what kind of business model there is for independent companies to survive. In fact, I think that there are some things that are being done at high cost in identity verification even now. Check the bank account for money laundering. Of course, this is an international issue, so it may not be possible for the Japanese government to change the legal rules on its own, but I think it would be a good idea to look for a long-term business model that also considers the point that it would be nice to introduce this system in a place where identity verification costs a lot. Support the independents. Considering that we will be able to make that choice properly, I think that certain legal rules for wallet business operators and OS business operators will become important, so I would like you to consider that in the medium to long term. That's all.

Chairperson KUNIJI: : Unless we move this issue forward with a certain level of urgency, digitalization will not be able to move forward. We also need to think about the world we are in, such as procedures involving users. In relation to this, I understand the opinion of the operators who seem to be supporting this issue, which Mr. Yokota mentioned earlier, that there will be no time for verification test and others to do, while at the same time working out clear policies at a fairly early stage in order to move this issue forward in such a way as to remove the uncertainties that various operators have in mind. However, I think that is not the case with the administration. I don't think so, but I think it is important to take steps to a certain extent and to gather opinions properly, but to move quickly. Among them, as shown on page 27, the Technical Review Group will present various issues. Each of them is very important. We do not know how you will organize the work in the next fiscal year to properly position the items on the list in the overall review. I think it would be good if you would put together the draft of the report with a sense of urgency. We can show you that. This will be the last in-person meeting, and I would like to ask the committee members to discuss this with me. It may be a little rough, but I would like you to trust me. So far, we have held various discussions among the chairs, and this is the one that is close to the highest level. However, I believe that it is important to produce output in this fiscal year in order to link it to the next fiscal year to some extent. Therefore, of course, I will show you the draft and ask you to discuss various issues. Depending on the situation, I may ask you to give me your opinion on this matter in particular. With your support, I would like to land within the fiscal year. Is that OK? Thank you. Then, from here, I would like to finish with the talk from the secretariat and then talk to Director-General Kusunoki, but first, the secretariat, please. Here's your change.

Digital Agency (Kitainoue): Thank you very much. Regarding the report you just pointed out, I would like to create a report that fully reflects the results of today's discussions. At this point, the secretariat is still in the process of drafting a proposal. At present, I would like to have a table of contents in this format, with a broad structure consisting of the background and objectives of the meeting, the specific results of the discussions, and a summary at the end. I believe that the opinions received today will basically focus on the second part. In any case, the secretariat will prepare a solid report and send it to the committee members around the second week of March. At that time, I would appreciate it if you could confirm it in writing and point it out. I understand that the points raised there will be taken seriously and reflected, and that the final decision will be left to the discretion of the Chair, as has been decided by the members. I appreciate your understanding. That's all for the report. In addition to the report, we will continue to receive administrative communications from the secretariat prior to the closing of the meeting. Today is the last meeting of the Advisory Panel this fiscal year. As for the next fiscal year, I would like to inform you as soon as it is decided. Thank you in advance. The minutes of today's meeting will be published on the Digital Agency website after being reviewed by the committee members at a later date. As a matter of course, once the report is finalized, it will be published on the Digital Agency website. We will ask you to confirm various matters after the meeting. Thank you very much. In closing, on behalf of the Secretariat, Mr. Kusunoki, Mayor of Group of Common Functions for Digital Society, Digital Agency, would like to say a few words.

Digital Agency (Kusunoki): I would like to thank all of you for your free and vigorous discussions. This fiscal year, we made a very quick progress, but at the beginning, we received many suggestions on how to deal with risks, what to do to realize it, and how to actually promote the use of VC and DIW. Digital Agency entered the second half of its fifth year, and consideration of Wallet has been changing shape for nearly four years. I believe that the first vaccine certificate issued by the Japanese government was a vaccination certificate issued in 2021. At that time, we did not take it very seriously, and because we were able to issue the certificate in less than a year, there were expectations that wallets were already being used in various places around the world, standardized, and internationally interoperable in 2026, which could have been done in five years. On the other hand, I think that it is not only us who are having a lot of trouble. Since Digital Agency was established, I think that not only the experts, including the ISO committee, but also the world as a whole is having a lot of trouble, not only by listening to the opinions of various experts, but also by collecting raw information. Probably, smartphones in My Number Card are used on a much larger scale than large-scale pilots in European countries. In the U.S., there are various initiatives for driver's licenses at the state level, but if you ask whether they are being implemented at the national level, I think the whole world is suffering in the same way. Similarly, the "Guidelines for the Treatment of Digital Identity in identity verification in Administrative Procedures, etc.," which had been difficult to issue in the past few years, were also released this year or last year, thanks to us, and just before that, NIST SP 800. 0-63, which had been a public draft, became an official version. In the first place, I am aware that we are doing something difficult, and I am very sorry that it has been held so few times. From the next fiscal year onward, we will start with what Digital Agency needs to do in the short term, including specifying the requirements required for administrative use cases and promoting the realization of individual use cases. While we have received opinions that it is not time to do verification test, I think verification test does it because it is a government office. However, the Code of Civil Procedure is a fairly well-made law, and I think it should be surprisingly simple for the government to issue VC, even under the current rules, so rather than just running away from it by calling it a verification test, I think we need to seriously think about doing what we can do first. Now, Mr. Vice-Minister for Digital Transformation, Chief Officer of Digital Agency has become Mr. Misumi, and while you are very interested in security and trust issues, it is important to move your hands and try them out, and you are urging us to move our hands properly instead of just discussing things. It would be ideal if we could do things quickly and think about them while running. Anyway, I would like to fully reflect today's opinions on these contents in the compiled materials to be released at a later date, so I would like to ask for the continued support of the committee members until the end. Thank you very much.

Digital Agency (Kitainoue): With that being said, I would like to conclude the "Expert Meeting on Sorting out Issues in Attribute Certification." Thank you very much.

Greater than or