Legal and Regulatory Frameworks around Digital Organization Identity and AI Implications: Shaping Accounting Interpretation, Dr Malgorzata Sulimierska, Ashwinth Sankar

Dr Malgorzata Sulimierska and Ashwinth Sankar
Department of Accounting and Finance
University of Sussex
United Kingdom

Abstract: Digital organization identity (DI) infrastructures are governed by complex, often overlapping, legal and regulatory regimes that fundamentally dictate how identity signals - including data attributes, credentials, and associated proofs of existence - are formally established, securely exchanged, and subsequently validated across digital environments. This complex landscape is driven by simultaneous, yet sometimes conflicting, forces: the imperative for seamless digital interaction, the need for robust fraud prevention, and the commitment to jurisdictional sovereignty and privacy norms. While supranational efforts, most notably the EU's eIDAS 2.0 Regulation, strive towards a harmonised, interoperable framework for cross-border digital identity assurance, distinct national approaches - such as the UK Trust Framework, Italy's SPID (Sistema Pubblico di Identità Digitale), and Poland's mObywatel - embed unique operational rules, security standards, and societal values regarding digital trust. This inherent regulatory fragmentation is not merely a technical obstacle; it critically affects how digital identity artefacts and the associated evidence of transactions are interpreted and used in statutory and financial accounting practices. This paper explores the intricate interaction between these varied regulatory infrastructures, the emergence of AI-driven manipulation risks, and the interpretive routines of accounting professionals. Digital Organization Identity (DI) is fundamentally a set of technical attributes, verifiable credentials, and cryptographic mechanisms necessary for reliable authentication and authorisation in the digital world. However, the rise of sophisticated Generative AI (GenAI) technologies introduces a significant, novel risk: the potential for AI to easily and convincingly manipulate or spoof digital identities and their associated evidence, thereby raising the challenge of how to protect from evolving forms of digital fraud. The interpretive challenge for accounting actors shifts from verifying a paper signature to assessing the veracity and non-repudiation of AI-vulnerable digital identity signals validated by a delegated trust system.
Findings: Recent initiatives, such as the UK’s Financial Conduct Authority (FCA)-led AI Testing Sandbox and strategic plans for a unified national Tech Stack, underscore the urgency of integrating regulatory, technical, and interpretive capabilities to address AI and digital risks. However, the essential role of accounting and assurance actors in these digital governance experiments remains conceptually underdeveloped. This paper demonstrates that national DI frameworks create divergent criteria for what constitutes authoritative evidence and assurance level, directly leading to inconsistency in digital identity validation and assurance practices across borders (EU Commission, 2023; Innovate Finance, 2025). This fragmentation forces accounting professionals to adopt a patchwork of jurisdictional rules, complicating cross-border financial reporting and auditing.
Contribution: This paper’s central contribution is the development of a shared, working definition of digital organization identity that rigorously accounts for the significant regulatory mandates, underlying technological constraints, and diverse professional interpretive practices across the UK, Italy, and Poland. This definition will be co-informed by detailed legal analysis, professional judgment standards in assurance, and national policy frameworks. By doing so, the study directly addresses the current fragmentation that severely limits cross-border consistency in the validation and assurance of digital identity signals, offering a foundation for future RegTech and assurance standard-setting in the age of AI.
Keywords: Digital Identity, eIDAS 2.0, Regulatory Technology (RegTech), Accounting Interpretation, Trust Framework, SPID, mObywatel, Financial Conduct Authority (FCA), AI Fraud.