Campbell Steven A practical path to universal digital identity is emerging: build privacy-first identity systems that are interoperable across sectors, easy to adopt on mobile, and strong enough to withstand modern fraud. The most promising approaches combine trusted governance with open standards, so people can prove what they need, when they need it, without turning identity into a surveillance tool.
Why digital identity must be built for real life
Access is the first barrier: many people still can’t reliably prove who they are in ways that institutions accept, which blocks essential services. A 2025 Carnegie Endowment analysis notes that an estimated 850 million people globally lack access to official identification, underscoring how large the inclusion gap remains.
At the same time, expectations have changed. People want a secure sign-in experience that works across devices, doesn’t require repeated document uploads, and reduces exposure of sensitive data. A modern digital identity approach needs to work online and offline, handle recovery safely, and adapt to different risk levels—from opening a bank account to accessing a school portal.
Standards are finally catching up in 2025
Interoperability used to be a slogan; now it’s becoming a deliverable. In May 2025, the W3C announced that the Verifiable Credentials 2.0 family of specifications was published as W3C Recommendations, providing a standardized way to express digital credentials that are cryptographically secure and machine-verifiable.
This matters because standards reduce “vendor lock-in” and make cross-ecosystem verification realistic. The W3C framing also reinforces the core roles—issuer, holder, verifier—so solutions can scale without a single central database becoming the weak point.
When systems align to these shared models, verifiable credentials become easier to issue, present, and verify across different industries, not just within one closed platform.
Governments are moving to identity wallets
Policy momentum is accelerating identity wallet adoption, especially where cross-border trust is required. The European Commission’s European Digital Identity initiative describes a regulatory approach where Member States provide digital identities, and the European Digital Identity Wallet is part of the framework.
Many wallet programs also emphasize privacy and user control as design goals rather than optional add-ons. For example, eIDAS 2.0–related overviews describe local storage on the wallet and user control over what information is shared, reflecting the direction large regulatory ecosystems are taking.
For organizations building services in or adjacent to the EU, these shifts influence architecture decisions now—because wallet-based journeys change how onboarding, authentication, and attribute sharing are designed.
Trust and safety need modern guidance
Fraud is evolving fast, and identity programs have to keep pace with synthetic identities, deepfakes, and account takeover attempts. In July 2025, NIST released SP 800-63-4, updating its Digital Identity Guidelines to reflect the changing digital landscape and to specify requirements for meeting identity assurance levels across proofing, authentication, and federation.
What “good” looks like in practice
The strongest programs operationalize security and usability together, rather than trading one for the other. When teams map a service journey to clear assurance targets, it becomes easier to justify controls and measure outcomes.
In practice, this often means focusing on a few fundamentals:
- Risk-based onboarding flows that match checks to the transaction’s impact.
- Phishing-resistant authentication options for high-risk actions.
- Privacy-by-design decisions that minimize data exposure and retention.
NIST’s guidelines emphasize assurance levels and requirements that help structure these decisions consistently across services.
How organizations can ship identity faster without sacrificing control
Rolling out a trustworthy identity layer is usually slowed down by integration complexity: legacy systems, fragmented data, and inconsistent verification steps across channels. One approach is to use building blocks that support issuing, holding, and verifying credentials, alongside revocation and real-time validity checks.
For example, EveryCRED offers a platform for issuing and verifying credentials, including a decentralized wallet for holders, revocation support, and a white-label verifier portal that organizations can customize and integrate with existing systems—useful when teams want to move from pilots to production without rebuilding core components from scratch.
The outcome to aim for is repeatability: once a credential is issued, it should be reusable across multiple services, with clear rules on what can be shared and how it can be verified.
The roadmap to inclusive adoption
Digital identity succeeds when it becomes part of a broader digital public infrastructure mindset—identity that connects to services through safe, interoperable rails. UNDP’s work on digital public infrastructure positions digital ID as one of the population-scale building blocks that countries design and govern to enable secure, interoperable systems.
Design principles that scale
To make adoption durable across regions, sectors, and demographics, focus on principles that reduce friction while improving trust:
- Portability across providers and services, so users aren’t trapped in one ecosystem.
- Selective sharing, so only the minimum necessary attributes are disclosed.
- Simple UX, so identity is usable for everyday people, not just experts.
- Clear governance, so accountability is visible when things go wrong.
When these pieces come together, verifiable credentials can reduce repetitive verification, support privacy-preserving checks, and improve user experience—while still meeting the compliance and fraud-resistance expectations that 2025-era systems demand.
