In brief
The federal government has published the Technical Manual for the Technological Solution for Diverse Institutions (“Technical Manual”), which defines the mandatory requirements governing interconnection, system operation, internal searches, and cybersecurity that private‑sector entities must comply with in order to connect to the National Identity Platform (“PUI”).
Key takeaways
1. On 23 January 2026, the government issued the Technical Manual, establishing the interconnection, operational, internal search, and cybersecurity obligations that private entities must comply with in order to connect to the and establishes, on a mandatory basis, how private entities must interconnect with the platform.
2. The definition of “Diverse Institutions” includes companies from sectors such as financial services, health, telecommunications, insurance, transportation, and any entity managing databases useful for identifying individuals.
3. The Technical Manual establishes a model of interoperability through web services, internal searches in three phases (basic data, historical data — up to 12 years — and continuous data), and cybersecurity controls and imposes a robust compliance regime aligned with OWASP and NIST standards and requires SAST/DAST/SCA reports with zero vulnerabilities before operation.
4. Non compliance may result in substantial fines, as well as civil, administrative, operational, and reputational liability.