Current reflections on our blog, ORCID: We won’t be sold
Nine years ago, Laure Haak, the founding Executive Director of ORCID, outlined the steps taken by the founding team to ensure ORCID’s sustainability into the future. Reflecting on this blog post nine years later, we appreciate how the sturdiness of the framework established early in ORCID’s history has allowed us to keep pace with an ever-evolving world, while keeping true to our values and our principles.
In 2025, we find ourselves in a situation where the political climate around the world is rapidly changing the landscape of research and academic funding, and its effects, while still uncertain, are being felt widely across different regions and stakeholder groups. Although ORCID is formally constituted as a US non-profit, we operate very much as an international community-driven organization, with a governance body drawn from our global community, and indeed a globally based team with staff members on every continent apart from Antartica. Over 50% of our team is based in Europe, and of ORCID’s 1,412 member organizations, over three quarters are based outside of the United States.
In this blog post, we provide updates on the topics covered in Laure’s 2016 blog post, reflecting on the progress we’ve made in the intervening nine years, while remaining true to the earlier vision.
In 2016, we said
ORCID was founded to deliver a specific goal: every researcher who wants to have a unique lifelong identifier should have one and be free to use it in their daily work. Every time a researcher, scholar, or other knowledge worker shares their ideas, they should be able to connect their identifier to their ideas. Every expression of knowledge — in whatever form it takes — should be connected to the people who created it and the places and spaces where the ideas were developed. This is summed up by our vision of a world where all who participate in research, scholarship, and innovation are uniquely identified and connected to their contributions and affiliations across disciplines, borders, and time.
2025 Update: still true
We consider this sentiment to be our north star, and we constantly work to expand the “expressions of knowledge” supported by the ORCID record. The fifth of our ten Founding Principles states that “Researchers will be able to create, edit, and maintain an ORCID identifier and record free of charge.” Not only are we committed to ensuring that researchers are free to use their ORCID record in their daily work, but we also strive to make it ever easier for them to do so.
Earning Your Trust
In 2016, we said
For this vision to become reality, the research community needs to adopt and implement ORCID identifiers. And for that to happen, ORCID must fulfill our charter as an organization worthy of the trust and respect of the community. We need to remain open — both in terms of access to the identifiers and associated data, and in terms of continuance of operations.
Trust starts with transparency and consistency. We make ourselves accountable to those who use and support ORCID activities through our principles, business model, governance, how we handle disputes, and how we involve the community.
2025 Update: still true, and we’re rising to meet evolving threats
Though the issues surrounding the ideas of trust have changed dramatically since we launched our Trust Program in 2016, the way that ORCID thinks about individual control, accountability via public scrutiny, and integrity via strict provenance tracking has changed very little. ORCID has worked to earn and keep the trust of our community by remaining true to our founding principles and our core values of openness, trust and inclusivity, and by ensuring that our technology is reliable and safeguards our users’ privacy. But while trust takes a long time to earn, we know it can be lost much more quickly, and we must constantly strive to maintain the trust we’ve earned by monitoring and managing key technological, reputational, and financial risks.
The ORCID Public Data File is currently hosted by Figshare, an independent third party, on servers that reside in Ireland and Germany. The ORCID Registry source code is also hosted by an independent third party, in this case Github, and is collected and archived by the non-profit Software Heritage Foundation.
ORCID Principles
In 2016, we said
We are grounded by 10 principles that guide our work. These principles emphasize our commitment to respecting the privacy and data sharing needs of our users and being a reliable, inclusive, and open partner with the research community. Our users control whether their data are shared and with whom; ORCID makes all data made public by users available under a Creative Commons ‘zero’ license, a vital feature for anyone seeking to re-use and build upon data from the registry. The registry itself can be accessed using an open API, and is built using open source code. As a non-profit organization we do not profit from the information entrusted to us by researchers and scholars.
2025 Update: still true
ORCID believes that principles are promises, and they are made to be kept — period. No changes have been made to any of our 10 founding principles — we view them as a cast-iron promise to our community about how we will conduct ourselves, as true now and into the future as they were when ORCID was first established. We invite you to familiarize yourself with our principles and hold us to account if we ever waiver from our commitment to them.
Our Business Model
In 2016, we said
ORCID is a membership organization. Our goal is to be 100% supported by membership dues and, thanks to community support, we expect to get there in 2017. While we are building our membership base, we have received support in the form of long term community loans (due to be repaid starting in 2021), subawards from the Andrew W. Mellon Foundation, the US National Science Foundation, and grants from the Alfred P. Sloan Foundation and the Leona M and Harry B Helmsley Trust. As a membership organization, we are by design responsive to our community. Our members drive and control our future growth.
By design, we are also independent and cannot be sold. ORCID Inc. is a not-for-profit 501(c)3 organization registered in the United States. As such, we are subject to laws of the US Internal Revenue Service that specify that we cannot be purchased or otherwise managed by a commercial entity.
2025 Update: still true
Although it took a couple of years longer than expected, in 2019, we achieved full financial sustainability, with our operating income exceeding our operating expenses, and have been 100% supported by fees from our member organizations ever since. Our membership is broadly diversified both across sectors and geographically; we count funders, policy makers, publishers and vendors among our membership, however the broadest slice of membership, both in numeric and financial terms, comes from universities and other research institutions around the world, making up 70% of our membership base. Over 75% of our member organizations are based in jurisdictions outside of the US.
Since 2019, ORCID has been 100% supported by fees from our member organizations, and over 75% of our member organizations are based in jurisdictions outside of the US.
Our status as a US-based non-profit has not changed, and as we are subject to laws of the US Internal Revenue Service, we still cannot be sold. Should ORCID ever cease to exist, our assets have to continue to be used exclusively for charitable, scientific, literary or educational purposes.
In 2024, we finalized all obligations from our original startup loans. Fifty-five percent of them were graciously forgiven by the original lenders, and were used to establish our Global Participation Fund, which provides grants aimed at decreasing barriers to ORCID participation in regions defined as having lower- or lower-middle income economies. The remainder of our startup loans have been repaid in full with interest and we are now debt-free. It is worth noting here that with the exception of a small COVID-era loan which was available to all US-based employers, we have never relied on grant funding from the US government to cover ORCID’s operational expenses.
Our membership renewal rate remains strong at around 97%, even as we have instituted an annual fee increase to keep up with the global inflation rate which affects our cost base as much as it does any other organization.
In 2024 ORCID established a formal long-term capital reserve fund to ensure the sustainability of the organization into the future, which can only be used with the explicit authority of our Board.
Thanks to the support of our members, we have consistently generated a modest operating surplus in each year since 2019, which enabled us in 2024 to establish a formal long-term capital reserve fund. Intended to help ensure the sustainability of the organization into the future, the long-term reserve can only be used with the explicit authority of our Board, and only for the following purposes:
- To fund periodic one-off investments necessary to deliver ORCID’s mission and strategic objectives
- To underwrite unforeseeable short-term operating cash shortfalls in order to maintain operational stability and continuity in fulfilling ORCID’s mission, in accordance with the measures and goals of the Board approved annual budget
- To facilitate the orderly wind-down of the organization should ORCID’s mission become fulfilled
- To fulfill the transition of the mission to a successor organization should ORCID no longer be viable in its current form.
Our Governance
In 2016, we said
To ensure we abide by these principles, we are governed by a volunteer Board. The ORCID Board of Directors, as per our bylaws, is elected from our membership and the majority must be from non-profit organizations. We endeavor to ensure that Board membership is balanced by region and community sector, and we reserve a seat on the Board for a non-member researcher. Our first elections will occur this year, in November. If you are an ORCID member please watch your inbox for more information – and be sure to cast your vote!
The ORCID Principle that researchers are able to create an ORCID iD and edit and maintain an ORCID record free of charge is enshrined in our bylaws, and any proposed change to that provision needs to be approved not only by the Board of Directors, but also by our members. Any changes to our bylaws would need to be voted on by ORCID’s membership. At the time of writing, more than 70% of ORCID members are research-performing organizations or funders, placing the future of ORCID squarely under their control.
2025 Update: still true
ORCID continues to hold Board elections every year utilizing a nominations process that gives ORCID members a direct voice in ORCID’s direction and priorities. All ORCID member organizations are eligible to nominate a representative to stand for election to serve as a Member-Director on the Board. In addition, we now reserve two seats on the Board for Researcher-Directors who are practicing scholars and do not need to be affiliated with an ORCID member organization.
Our Researcher-Directors also co-chair the ORCID Researcher Advisory Council, established in 2022, which aims to bring a broader and more diverse set of perspectives to our work than the Researcher-Directors alone can do, aiming to balance representation across discipline, geography, and career stage.
Each year our Nominating Committee selects a slate of community-nominated candidates that is balanced and diverse to ensure that: all of the skills needed to govern the organization are present among Board members; the many different sectors and regions that make up ORCID’s community are represented, and the ORCID bylaw requirement that a majority of Board seats are occupied by individuals from not-for-profit organizations is met.
Our Researcher-Directors also co-chair the ORCID Researcher Advisory Council, established in 2022, which aims to bring a broader and more diverse set of perspectives to our work than the Researcher-Directors alone can do, aiming to balance representation across discipline, geography, and career stage. You can follow our Board election news, including calls for nominations, here.
Dispute Management
In 2016, we said
ORCID offers tools for storing and managing data in the ORCID Registry. ORCID does not edit or curate data; that is the responsibility of the individual in concert with members to whom they grant access permissions. While ORCID does not control the data in the ORCID Registry or individual records, we are committed to supporting a transparent and accurate data environment. We have a set of procedures for receiving questions about the Registry, APIs, and our policies. Most queries are managed by our fabulous help desk. For those queries where data accuracy is questioned, we have a specific dispute procedure for receiving and managing the query. Let us know if something doesn’t look right!
2025 Update: still true
We continue to stay true to our policy that ORCID does not edit or curate data. We enable anyone who might benefit from using the ORCID Registry to be able to obtain and use an ORCID iD. Any rigid definition of who would “qualify” for an iD would likely unintentionally exclude people for whom an ORCID iD would be useful due to the wide diversity of circumstances researchers find themselves in around the world. It is specifically by not setting any such criteria on who can register for an ORCID record that we ensure inclusivity and encourage the persistence of ORCID iDs. We want to encourage budding researchers to establish their ORCID iDs as early in their careers as possible, as undergrads — even if they have not yet created any formally recognized research outputs. Similarly, we don’t wish to exclude independent researchers such as citizen scientists or those currently unaffiliated with a formal academic institution due to career breaks or retirement.
While ORCID has always carefully maintained metadata about the provenance of each item added to an ORCID record, in 2024 we made it easier for users of ORCID data to visualize this information with the introduction of “Trust Markers.”
While ORCID has always carefully maintained metadata about the provenance of each item added to an ORCID record, we have made it easier for users to visualize this information with the introduction of “Trust Markers.” Each item on an ORCID record is now accompanied by a Trust Marker that makes it easier to understand which data has been contributed by the record holder themselves, or by one of our member organizations via their authenticated integration with the ORCID registry. We’ve also added Record Summaries, which make it easier to understand the provenance of an entire record at a glance, which are available both at the top of each ORCID record and in machine readable form via our APIs.
The flip side to that openness and inclusivity is the inevitable inclusion of individuals who may not be considered by the broader scholarly community to be legitimate researchers and that some of the data that they choose to share on their records may not be considered by others to be objectively true. Our dispute procedure, in place since 2012, has withstood the test of time, with our helpdesk having successfully handled over 400 disputes, the majority of which are found to be due to genuine errors and are resolved amicably. When a dispute is raised and the data in the disputed record cannot be substantiated by the record holder, we “lock” it, removing it from use and visibility. We have also introduced automated spam detection processes, so problematic records, usually created to try to commercially gain from ORCID’s strong position in search engines and other indexes, can be identified and locked quickly. We are currently able to identify and lock over 2,200 spam records per week with 99% accuracy. All the same, if something doesn’t look right, we still invite you to let us know!
Involving the Community
In 2016, we said
In my first post-launch blog back in 2012, I wrote about how the O in ORCID stands for open. ORCID is strongly committed to openness. Of our 10 principles, seven deal directly with openness in at least one of its meanings. In addition to providing free access, no barriers to access for individuals, democratic and transparent governance, and open source software, we also are open … when it comes to working with the community. We know that, for any standard to be implemented, it must work for any individual regardless of discipline or location, and for any organization regardless of whether it is non-profit, governmental, commercial, etc. We live and breathe collaboration; it is our lifeblood.
2025 Update: still true
Nine years later, we look for every possible opportunity to collaborate with members of ORCID’s broad community on as many of our initiatives and projects as we can. Standing interest and working groups such as the ORAC, our Consortia Interest Group, and Funder Interest Group meet regularly to discuss and give feedback on in-progress projects, or initiatives under discovery. For example, our recent release of expanded Work Type vocabulary (that includes outputs common for Arts and Humanities scholars) and our implementation of Record Summaries, discussed above, were reviewed by ORAC.
We used insights gleaned from an open community review process to refine the workflow-based criteria we use in our Certified Service Provider program. We host numerous Webinar series that showcase the diverse sectors and ORCID use cases from around the community and give our members a platform to share their knowledge with others, and members of our Engagement Team regularly present at webinars and in-person events around the world.
Reliability
In 2016, we said
ORCID iDs need to be embedded in the systems and services that research depends on: from publisher submission systems to funder databases to electronic lab notebooks to university personnel systems. The ORCID registry is itself a piece of research infrastructure, and ORCID iDs are components in other infrastructures. This interdependency is a strength and a challenge. We need to effectively communicate our plans and problems. We cannot hide. We’ve had an open development board since our launch. We have an international team managing API support, a community suggestions board, and a 24/7 user help desk. When we make a mistake we admit it — quickly. And we fix it — quickly. We rely on the community to do the same.
Nearly 6,000 systems that we know of are integrated with our API; yet more that we don’t know about are using our anonymous API. Together, these systems access data from our APIs between 150M and 200M times each month, with over 99.99% uptime.
2025 Update: still true, but it’s about more than just reliability
The ORCID registry is now firmly established as an indispensable piece of research infrastructure, with ORCID iDs embedded into numerous workflows to facilitate efficient and accurate identification and exchange of research metadata. Nearly 6,000 systems that we know of are integrated with our API; yet more that we don’t know about are using our anonymous API. Together, these systems access data from our APIs between 150M and 200M times each month. And all of this is achieved with over 99.99% uptime.
Connecting ORCID with external systems and services used for research does more than evidence the reliability of ORCID: it eases administrative burden for researchers, as their data can be machine-read and reused by those systems, reducing or eliminating the need for them to rekey their data into multiple platforms or applications. It also strengthens the integrity of the scholarly record itself as data added by our member organizations’ validated external systems such as universities, publishers, or funders, is accompanied by a Trust Marker that can be embedded into research integrity workflows to get a comprehensive picture of a researcher’s outputs and affiliations.
Cybersecurity and technology risks comprise the largest fraction of ORCID’s total identified risk profile, and threats are ever growing. The actual impact on the community of any single cybersecurity breach against ORCID is likely to be limited — we do not hold any sensitive information, and the majority of the information we hold is publicly available in any case. However, given ORCID’s central position as a key component of the scholarly infrastructure, and the global trust that we’ve worked hard to build to gain that position, the impact to ORCID’s reputation of a significant incident could be devastating.
While we have been fortunate not to have been the target of a significant cyber-attack to date, with cyber threats growing in complexity and frequency, in 2024 we formally launched a new multi-year cybersecurity program, commencing with the selection of an external fractional CISO (Chief Information Security Officer) to help us prioritize mitigation of the most significant of risks, as well as identify as-yet unknown risks and address any gaps in our cybersecurity defence strategy.
If there is one area that has evolved quite a bit since 2016, it’s that we have a much clearer understanding about the important role that ORCID — and the member organizations that support our work — have to play in helping to maintain trust in the global research ecosystem.
Insurance
In 2016, we said
We recognize that trust is the key to adoption and sustainability. If you decide you don’t like what we are doing, you effectively have an insurance policy. Our openness means that, if circumstances require, the community could recreate ORCID by collecting and re-assembling our parts. You can use our CC0 public data, our open software source code, our open documentation together with the community we are helping to build, to create a new community-led alternative and ensure the continuation of the ORCID vision.
ORCID is open. We are built by you and for you. Together we can achieve our vision for the benefit of the global research community.
2025 Update: still true – ORCID is open access, open source
ORCID has always taken steps to ensure that our work can persist if, for whatever reason, ORCID in its current form ceases to be viable. Measures include:
Making our annual public data file available openly via an independent data repository.
ORCID’s Public Data File has been published annually since 2012, presenting a snapshot of the publicly available data found in the ORCID registry at the time of publication. Hosted by Figshare, an independent third party, on servers that reside in Ireland and Germany, it has been downloaded more than 190,000 times, serving as a data source for a diverse range of projects such as the analysis of relationships and individual trajectories within the research community, scientific migrations, collaboration networks, and the adoption of ORCID across disciplines and locations. It is published under a CC0 public domain dedication, subject to our Public Data File Use Policy. We are currently working with the non-profit CLOCKSS archive to establish long-term digital preservation of our public data in their twelve archive nodes located at leading research libraries around the world.
Open-sourcing our software and making our code freely downloadable
The software developed by ORCID is open source and published in a set of open repositories, again hosted by an independent third party, in this case Github. We welcome contributions to our code base. Pull requests can be submitted via Open Source project Github pages. The ORCID Registry source code is collected and archived by the non-profit Software Heritage Foundation, and we are currently working to improve the consistency and completeness of those archives across all of our code repositories.
Our privacy policy confirms our position that, to the extent possible, we will extend the data subject rights found in the GDPR to everyone whose data we process, regardless of where they are located.
Ensuring full compliance with GDPR and other international privacy regulations
Although privacy regulation is rapidly evolving around the world, the European General Data Protection Regulation (GDPR) remains the “gold standard” against which most other regulations are compared. Our recent privacy policy update confirms our position that, to the extent possible, we will extend the data subject rights found in the GDPR to everyone whose data we process, regardless of where they are located.
We remain committed to the policy that ORCID will provide only the minimum non-public data to regulators, enforcement agents, courts and/or other government entities as we deem necessary to comply with the law, and to the extent allowed, we will promptly provide information about any government data requests received to the relevant record holders.
By taking this approach, we aim to meet the highest level of privacy rights for all record holders and other stakeholders around the world.
ORCID is built to be persistent and independent — now and into the future
ORCID strongly believes that the best way to persist in a world that is rapidly changing is by staying true to the values and principles that earned us the trust of our community in the first place. As stated in our 2016 blog post, ORCID: We won’t be sold, trust starts with transparency and consistency. Over the nine years since, ORCID has remained true to our mission and values. We will continue to hold ourselves accountable to those who use and support our activities around the world through our principles, business model, governance, and operational processes, fiercely defending our independence and holding ourselves transparently accountable to our community in every way we can.
