Digital identity is well and truly established as one of the most significant technology trends on the planet.
As a result, a revolution in how individuals interact with public institutions and even private organisations is in full swing.
In this report, we’ll highlight the five most transformative digital identity trends set to shape the landscape in 2022 and beyond.
We’ll illustrate these trends with several examples: from Europe to the USA, Australia and New Zealand.
We’ll also see the foundational role of digital identity in the digital economy.
First, let’s start with a definition and look back at some of the landmarks of the past years.
What is a digital identity?
A digital identity is a set of validated digital attributes and credentials for the digital world, similar to a person’s identity for the real world.
Usually issued or regulated by a national ID scheme, a digital identity uniquely identifies a person online or offline.
- It can include attributes such as a unique identity number, social security number, vaccination code, name, place, and date of birth, citizenship, biometrics, and more, as defined by national law.
- With specific credentials such as an eID card (Germany, Italy, Spain, or Portugal), a derived digital driver’s license on a mobile phone (in several US states), a unique biometric-related ID number like in India, a mobile ID (Finland, Belgium or Estonia) or a Digital ID Wallet (EU initiative, Australia, etc..), it can be used to authenticate its owner.
- These credentials may also include a digital identity certificate to sign electronically (give consent), obtain a seal (protect integrity), and a stamp (set time).
This dossier specifically targets sovereign digital identity frameworks piloted or supervised by a national agency.
Trusted Digital Identity
for Everyone Everything Everyday
Digital ID milestones
Let’s review the big ideas that gained traction in the past few years before looking at the future.
This overview will provide some reliable indicators as to where we are heading.
National ID schemes increased in number, visibility, and reach
- At the ID2020 summit in May 2016 in New York, the UN initiated discussions around digital identity, blockchain, cryptographic technologies, and its benefits for the underprivileged. Four hundred experts shared best practices and ideas on how to provide universal identity to all.
- Numerous new National eID programmes (including card and mobile-based schemes unrelated to ID2020) were launched or initiated. Examples include new projects in Algeria, Belgium (mobile ID), Cameroon, Ecuador, Jordan, the Philippines (PhilSys ID), Kyrgyzstan, Italy, Iran, Japan, Senegal, Taiwan, Thailand, Turkey, Ukraine, major announcements in Denmark, the Netherlands, Bulgaria, the Maldives, Norway, Liberia, Poland, Jamaica, Sri Lanka, and Zambia. Some of these programs now include biometrics, the majority in the form of fingerprints.
- Schemes such as the Gov.UK Verifyinitiative started in 2016. In August 2021, the government published its new version of its digital identity and attributes trust framework.
- Australia launched the first phase of its digital identity program in August 2017.
- Germany announced in February 2021that its citizens would be able to store a digital version of their national ID card on their phone and use it as a digital ID (with a PIN for authentication) by fall 2021.
- Canada is also progressing with its federal digital identity scheme named Pan-Canadian Trust Framework, piloted by the Digital ID Authentication Council of Canada, a non-profit organisation (DIACC). A national proof of concept project for a unified login authentication service called Sign In Canada started in the fall of 2018.
- Aadhaar (India’s national eID scheme)crossed the 1 billion users mark in 2016. At the end of August 2021, over 1,3B Aadhaar electronic IDshave been generated (99% of adults). This digital identity can be obtained based on biometric and demographic data. mAadhaar is the official app available in 13 languages on Android and iOS (2019). It essentially acts as a virtual ID card.
Example of digital identity: Canada’s vision (September 2018)
New technologies and regulations supporting the transformation ahead
- The United Nations (UN) and World Bank ID4D initiative aims to provide everyone on the planet with a legal identity by 2030.
- Digital driver’s license projects (also known as mobile driver’s licenses) gathered momentum in countries including the USA, Korea, UK, Australia, Denmark and the Netherlands.
- In April 2021, the US Department of Homeland Security Office of Strategy and Policy opened a public request for comment for digital ID security standards and platforms. The goal is to enable Federal agencies -The TSA (Transit Security Administration)- to accept these credentials for official purposes across the country.
- Tests of blockchain technologies took place: in Estonia, to aid the development of a ground-breaking transnational e-residency program; in the UK, to see how it can be used to help make efficient welfare payments to citizens. Blockchain-based self-sovereign identity has been explored for decentralised digital ID architecture since 2018.
- Smart borders and airports emerged at a faster pace. Combined with the 1,2 billion ePassports now in circulation and a strong push behind biometrics (particularly face recognition), they offered travellers a taste of cross-border movement that is as secure as it is swift and seamless.
- The security industry has been working hard to enhance IAM (Identity and Access Management) and ID verification solutions with, in particular, new secure onboarding apps, including facial recognition with liveness recognitionfeatures. Progress is visibly impressive. For example, with the help of artificial intelligence, the accuracy of the best facial recognition algorithms has increased by a factor of 50 in less than 6 years.
- New ID wallet solutions are set to give a serious push to digital identification schemes worldwide. This recent technology defines a secure mobile app to store digitalised and encrypted versions of ID documents, be it an identity, a driver’s license, vehicle card registration, healthcare credentials etc.…
- In other words, citizens can have all their ID credentials at hand in a single, secure source for identification and ID verification services. Such wallets enable citizens to prove their identity and rights online and in-person to law enforcement officers, health professionals, or citizens. Crucially, the wallet allows the holder to share what is necessary to verify a transaction and nothing more.It makes sense when you think about it.In many use cases, what matters is a particular attribute or entitlement – age, address, the right to vote (citizenship) or benefit from welfare programs.
- Essential for 500m citizens, the European Union’s Electronic Identification and Signature (eIDAS) regulation came into force in July 2016. It requires mandatory cross-border recognition of electronic ID by September 2018. This means existing, and future national digital identity schemes must be interoperable in the EU. However, member states are not forced to implement a digital ID scheme.
- At the end of 2020, 19 digital identity schemes were interoperable in Europe in 15 countries: Germany, Belgium, Croatia, Denmark, Estonia, Italy, Spain, Latvia, Lithuania, Luxembourg, the Netherlands, Portugal, the Czech Republic, Slovakia, and the UK (GOV.UK verify).
- In June 2021, the European Commissionhas suggested creating a digital ID wallet that can be used across the EU by more than 80% of the EU population by 2030. Read more about this project below.
New standards emerged, fostering compatibility and interoperability.
- A new ICAO working group on digital travel credentials was created, led by Australia. The LDS2 conception phase – ‘the future of the ePassport‘ – was undertaken by the ICAO NTWG Logical Data Structure 2 Sub-Group.
- The ISO SC17 WG10 – Task Force 14 “Mobile Driving Licence” started to work on verification standards for Mobile DL and defined the scope of offline verification. 2018 and 2019 saw draft specs of offline and online verification appear for a new work item.
- Interoperability tests were organised in Japan (2018), in the USA (2019), in Australia (2019), in the Netherlands and in the USA in 2021. The ISO/IEC 18013-5 standard was finalised and published in September 2021. Initially designed to cover the specifications of mobile driver licenses, this ISO standard goes far beyond as it clearly defines the security and communication protocols for digitalised documents to be verified and trusted. As such, it can be referred to for any mobile document initiatives.
- The IATA mobile ID working group started in 2017. In December 2020, IATA launched its Travel Pass, a mobile app that helps travellers store and manage their verified certifications for COVID-19 tests or COVID-19 vaccinations. Its ultimate goal is to integrate travel credentialsusing its One ID principle.
- The(US) NIST Digital Identity Guidelines(NIST SP 800-63-3) were published in June 2017 (official edition-.) The new version -aka NIST Digital Identity Guideline SP 800-63-4- started in 2020 and is in draft mode as of August 2021. These recommendations for open standards could help improve national identity, credentials, and access management.
- In addition, industry alliances have defined, and standardised cryptography and protocols in frameworks and technologies such as OpenID connect, W3C Web authentication (FIDO2) and JWTs. These ubiquitous building bricks can help initiate robust digital identity ecosystems.
Digital identity – The five forces
To start with, don’t expect any slowdown in the momentum we’ve experienced over the past months. In its latest report, ABI Research forecast over 850 million citizens will be equipped with a form of mobile identity by 2026.
The following two years will see some of the most accelerated evolutionary changes experienced so far by public stakeholders and their partners in the field of secure digital identity.
In particular, we think these changes represent essential considerations for authorities that want to make digital mobile identity and online services defining features of their modernisation processes in the years to come.
We expect to see:
- More access to the Internet and evenmore mobility
- An accelerated shift to digital-first servicing boosted by the COVID 19 pandemic
- Greater demand for security and trust
- More calls for public supervision of digital identification systems
- Even more national ID initiatives and implementations
Let’s dig in.
#1. Easier access to the Internet and even more mobility
ID is getting digital quickly and will become ever more mobile.
Of course, it doesn’t take an expert to recognise we’ve entered an era in which mobile usage and connectivity dominates.
But it’s worth emphasising that the trend shows no sign of abating. And the implications for digital ID are profound.
Government policies, massive investments by telecom operators, falling prices of subscriptions and phones make it all the easier to access the Internet globally.
At the same time, global smartphone penetration is hitting the roof, bringing all the right and necessary infrastructures to launch mobile-based digital identities successfully.
Look at some of the facts:
- Google – a company that knows a thing or two about the future of technology – is steadily moving towards a mobile-first world.
- Over 5B people already have access to the Internet at the end of 2021. The global online Internet penetration surpasses 66%. Over 92% access the Internet via mobile devices.
- 55% of global internet traffic is mobile in Q1 2021, according to Statista. Mobile devices are now the primary means of accessing the Internet for users. Mobile connections take the lion’s share of web traffic in mobile-first markets like Africa and Asia.
- The global smartphone penetration rate is estimated to have reached over 78% in 2020. This is based on an estimated 6.4 billion smartphone subscriptions worldwide and a global population of around 7.8 billion.
- According to the GSMA, a new decade of growth has begun for smartphones in Sub-Saharan Africa. Adoption reaching 50% in 2020 and is expected to hit up to 65% by 2025.
The lesson for all digital ID stakeholders is clear: prepare for mobile-first solutions.
#2. An accelerated shift to digital-first servicing
The pandemic accelerated trends such as the digitisation of government, and citizens – left with no choice- embraced technology at levels only anticipated for five or ten years in the future.
Let’s take two examples:
- In one year, the number of digital identities issued by the Italian national scheme exploded to 24m as of September 2021 -from 8 in June 2020- according to AGID (Agency for Digital Italy.)
- Over 30m users (from 14m in mid-2020) regularly use FranceConnect to authenticate and access 900+ online services as of December 2021.
According to Deloitte, those governments able to address the challenges with success became the most trusted institutions in twenty years for the first time.
Not only more and more governments are fast equipping their citizens with a trusted mobile ID, but they also seem to be accelerating the dematerialisation of public services to enhance the quality of service delivery.
Gartner predicts that by 2023 over 60% of governments will have tripled citizen digital services.
Public agencies have a more mature vision and associated digital strategy and implement digital identity and valuable services in parallel.
Those service-rich online portals offer the necessary tangible benefits to citizens: the assurance they will be able to do more online, have access to almost all available services remotely and will save significant time. Such a virtuous circle will further boost adoption by citizens and encourage government bodies to dematerialise even more.
In Denmark, NemID (soon to be called MitID), the domestic digital ID scheme, is now reaching 100% adoption, which enabled the government to make online access mandatory to public services in the country.
Of course, the scheme was designed to be inclusive in the first place, and as such, offers specific authentication means to the elderly, for instance.
The pandemic presents an opportunity for systemic change and tackle weaknesses such as id theft and fraud.
We need to acknowledge that most existing systems are simply not delivering the progress we need to achieve in secure identification and authentication.
In its March 2021 report, Gartner states that citizen digital identity is one of the top trends that can transform public services in the coming months. The company predicts that standards will emerge by 2024 and make it easier to leverage the technology.
The global pandemic changed digital identity from “nice to have” to “must-have” for governments.
So, here is another takeaway.
Government can seize this moment as an opportunity for transformation.
#3. Greater demand for privacy and trust
The following two years’ key challenge for public authorities will be to create harmonious digital bonds that secure the relationship between new mobile identities and broader society.
This bond is only possible through a general framework of trust built on personal data protection and security guarantees.
In 2018-2021, we had seen those measures taken to bolster security and combat fraud are generally well accepted by citizens. These are, of course, sovereign matters par excellence.
Robust security measures will respond to new demands for trust in all exchanges between citizens and public authorities.
With the explosion of data harnessed by extraordinary advances in technology and the spread of connected devices, the latest surveys show that citizens are more and more worried.
Users demand robust data privacy processes; they want to control their data and decide on what piece of data they share and with whom.
To address those new needs for privacy, the next generation of mobile ID is coming to the market in the form of a Digital ID Wallet.
Highlighting the significance of this shift, Gartner has positioned ‘Identity Wallets for Citizens’ at the peak of its Hype Cycle Wave for Digital Government Technology in 2021.
What exactly is a digital ID wallet? Quite simply, it is a mobile solution that enables citizens to store, manage and selectively disclose identity-related data from different sources and for other purposes.
Those Self Sovereign Identity friendly wallets are gaining more and more momentum around the world and are taking various flavours and shapes. There is certainly more than one way of doing this!
For example, the ISO 18013-5 standard, which defines specifications of mobile documents, is built-on privacy by design principles and gives citizens the power to select the identity attribute they want to share without disclosing their complete identity.
Decentralised identity schemes and Verifiable Credential standards from W3C are also trying to achieve the same goal, giving more control to citizens over their data.
The recent months saw an avalanche of new regulations regarding privacy protection worldwide.
From Europe to Brazil (Lei Geral de Proteção de Dado has been in effect since September 2020), from India and China to California and Africa (South Africa’s POPIA went into effect on 1 July 2020), privacy laws have been passed or are being updated.
The General Data Protection Regulation of May 2018 (GDPR) for the European Member States represents a significant step toward data protection and privacy. It’s a unique privacy framework impacting twenty-eight countries, including the UK.
California CCPA and CRPA
The California Consumer Privacy Act (CCPA), voted at the end of May 2018, is now effective as of 1 January 2020.
It’s is a significant step forward for privacy rights as the state is often seen as a trendsetter in this domain.
CPRA (California Privacy Rights Act), passed into law in November 2020, is another layer that creates new rights and expands existing ones for California residents.
The law is potentially a model for a US (i.e., federal) data privacy law.
In that sense, the CCPA and CRPA have the potential to become as important as the GDPR.
In August 2017, India’s supreme court ruled privacy a “fundamental right” in a landmark case, illustrating that biometric data protection is now on top of the regulators’ list in the world’s largest democracy.
Modi’s new government enhanced privacy protection laws in 2019.
A Personal Data Protection (PDP) legislation is being prepared with similarities with the EU’s GDPR and Californian CCPA. The bill is currently being reviewed (December 2021).
Privacy demands rigorous accountability. Citizens expect nothing less.
We saw in 2018-2021 the emergence of a global consensus on privacy, its fundamental principle being that mismanagement of personal information will not be tolerated and that companies that do not protect data adequately could be hit with massive fines.
Read more in our 2021 dossier on data protection regulations.
Take a look at these key takeaways:
- Citizens are expecting greater security and control over their data
- New digital identities are taking the form of a Digital ID Wallet
- The 2022-2023 period represents a perfect opportunity for public authorities to revitalise the sovereign bond with citizens. In doing so, they can prove it is not some obscure relic of the past but a symbolic, identity-rich vehicle for collective trust
#4. Public supervision will be critical to sustaining growth in the digital economy
Faced with an increasingly challenging economic landscape, governments inevitably search for new sustainable, harmonious growth opportunities.
As regulatory environments take shape, close collaboration between the financial world, central and local public authorities, and digital communications operators will support effective solutions and implement best practices.
Of course, the natural source of new business opportunities is not digital identity itself but the myriad of applications it enables.
This domain is where banks and other operators will see a bottom-line return on investment.
As already outlined, the march of the digital ID is well underway.
Therefore, the focus will be on adopting the new structures and regulations needed to govern the associated services and transactions.
So what does this mean in practice?
The role of public authorities will be to:
- Build and nurture national momentum.
- Support and coordinate local government investments through which local transformations, close to the community, can operate effectively and efficiently.
- Ensure that these multiple local initiatives create a coherent and interoperable spectrum of solutions: mobile citizens will need to find similar service modes wherever they may be.
In the years ahead, the market will follow these initiatives.
#5. More national initiatives and implementations
In the years ahead, the market will follow these initiatives.
How can we be so sure?
Because evidence of the uptake of digital ID and associated services is multiplying.
It gives us the most unambiguous signals that a tipping point is reached.
EU’s proposal: Digital Identity for all Europeans
In its June 2021 proposal, the European Commission specifically suggested creating a digital id wallet.
According to the report (June 2021), digital identities based on digital wallets stored securely on mobile devices were identified as a primary asset for a future-proof solution.
This new form of ID would allow the EU’s 450m residents to access public and private services.
Why a new proposal?
The current eIDAS regulation « falls short » of addressing new market demands, says the Commission.
There’s more. The former regulation was limited to the public sector, complex for third parties and lacked flexibility.
In other words, eIDAS did not reach its potential. Only 60% of EU residents have access to trusted id schemes. Only seven are fully mobile.
By contrast, with this new digital identity framework, at least 80% should use digital IDs by 2030.
The EU id wallet could work across the EU and include electronic attestations of attributes such as ids, driving licenses, diplomas or health certificates and access a broad range of services. It will not be compulsory.
The harmonised wallets issued by the Member States would come in a smartphone app.
Private platforms such as Facebook or Google would be « required » to accept the wallet.
Citizens would then use their EU id wallet instead, as Margrethe Vestager, the EU Commissioner for Digital Europe, puts it.
The project will need to be discussed with EU members. An agreement on technical details is expected by fall 2022.
To become a law, the proposed plan will request validation by the EU lawmakers of the European Parliament.
Digital identity and the USA
As congressman Bill Foster puts it in June 2021:” It’s time for the United States to catch up to the rest of the developed world on digital identity.”
The (US) National Strategy for Trusted Identities in Cyberspace had explored a more global system of interoperable identity service providers (public and private).
The NIST Digital Identity Guidelines are formerly known as NIST SP 800-63-3. NIST published the official edition in June 2017, with an extended edition in 2020 and a new draft this summer.
The bad news?
The initiative launched by the Obama administration never gained momentum as no service providers adopted the framework.
As CSO online stated, the country lacks a comprehensive digital ID strategy (17 September 2020.)
According to POLITICO, the Digital Identity Act of 2020 is coming back (Improving digital identity Act.)
In summary, the design of a coherent ID scheme in the country would need to tackle the unique aspects of the federalist structure, the role of the private sector and challenging privacy and security aspects.
For the moment, several US states have taken the lead and launched or planning to launch digital driver’s licenses (aka mobile driver’s licenses) with the ability to use id credentials online.
Learn more and read our dedicated web dossier on mobile driver’s licenses.
Australia and New Zealand digital ID initiatives
- New Zealand’s Digital Identity Trust Framework legislation has been drafted this year. It was introduced to parliament in September 2021. It will define rules for the delivery of digital identity services. Identity providers will then be accredited. (progress of the bill)
- Australia has decided to delay launching an enhanced version of myGovID and include facial verification capabilities. Due by mid-2020, the scheme is now operational. More than 6m Australians and 1m businesses are already using the digital identity credentialing app, available since June 2019. My GovID and myGov (online government services) are now connected.
So why is digital identity so important?
The benefits of digital identity
Digital identity is playing a foundational role in our digital economy.
Discover more with the video below from the World Economic Forum (Davos 2019) and read our paper on the dividends of digital identity.https://www.youtube.com/embed/1-V7lyxrOmw?rel=0&enablejsapi=1&origin=https%3A%2F%2Fwww.thalesgroup.com
More resources on digital identity
- Learn from our October 2020 webinar: Mobile ID in the 21st Century
- Discover our July 2021 webinar: Digital Identity
- Mobile ID in the 21st Century (6 October 2020)
- Mc Kinsey – 31 August 2020: How government can deliver the promise of digital ID
- Digital identity is a national security issue – Forbes August 2021
- Europe wants to go its way on digital identity –Tech crunch- June 2021
- Giving voice to digital identities worldwide (February 2021) – The Secure Identity Alliance
- A technical deep dive into digital credentials – Verifiable Credentials and ISO/IEC 18013-5 Based Credentials – UL Whitepaper
Article from Thales