Globally, the COVID-19 pandemic proved to be a turning point for digital public service delivery. Governments introduced instantiations of what has now come to be recognised as digital public infrastructure (DPI) for delivery of welfare, banking, health and education. Across most of these efforts, a foundational technological element to enable DPI-based public services is digital ID—authenticated credentials that help service providers (governments and others) verify individual qualifications and personal information. 

The evolving landscape of Digital ID

Since its launch in 2015 and 2020 respectively, the World Bank’s Identification for Development (ID4D) and Digitizing Government-to-Person Payments (G2Px) initiatives have catalysed more than $2.3 billion in active and pipeline financing for implementation of digital ID systems, covering 550 million people across 60 countries. However, as per their own estimates, roughly 800 million people around the world still do not have access to an official ID; with many more without digitally verifiable identification. 

The latter is now an emerging talking point in discussions around digital ID—governments are issuing digital IDs, but what is the process for the verification of these digital credentials? For instance, Aadhaar, known to be the largest national digital ID project globally, was launched in 2009. By 2015, 93% of India’s adult population was registered under the system, with recent announcements indicating 99% coverage (roughly 1.4 billion people). However, digital ID-mediated service provision in India was still dependent on the widespread use of physical photocopies, resulting in personal data misuse and potential for fraud. To overcome this, UIDAI launched the Aadhaar app in January 2026, in an attempt to promote data minimisation in line with the Digital Personal Data Protection (DPDP) Act 2023, enable selective credential sharing and better consent controls for people. Marking a notable shift in digital ID design, this shift indicates a growing preference towards Verifiable Credentials (VC) and digital wallets for personal data sharing. 

The noticeable shift to digitally verifiable credentials and its resulting ecosystem

Even though digital rights activists have consistently warned us about large-scale ID implementation and its associated risks—state surveillance, personal data privacy risks and concentration of power amongst market players—the EUDI wallet in the EU, the African Union’s Digital Trade Protocol under the AfCFTA efforts, the ID-LAC in Latin America and the Caribbean and the upcoming ASEAN digital intergration framework show a strong inclination towards digital ID that functions not just domestically, but across national borders. Two common features across all these state-led digital ID efforts are, a) common and open standards for interoperability across the region, and b) the use of VCs as a data-sharing architecture.

Undoubtedly, VCs have a lot to offer. They allow people ownership of their personal information, and reduce dependencies on institutions that previously shared data on their behalf (often without permission). This is made possible through an issuer-holder-verifier model, that allows people (holders) to store their digitally-issued, cryptographically signed, tamper-proof credentials in a digital wallet and disclose information to service providers only when necessary with complete visibility of the data flow. This model of identity data-sharing has been under development by those who broadly believe in moving from traditional and centralised data collection to a Self-Sovereign Identity (SSI). 

If recent trends are to be believed, there is an inclination towards implementation of this model. Big Tech giants are now integrating ID in their digital wallet offerings—Apple, Google and Samsung now allow users to use information from their U.S. passport, to create a digitally verifiable credential that can be presented at more than 250 airports in the U.S. During the launch of the Aadhaar app in India, Google and Samsung showcased their upcoming digital wallet offerings for the Indian market. For many, this may not seem like a big development considering the scale at which personal data has been commodified for digital transactions over the last decade—online payments, e-commerce, electronic health records and even digital certificates for education. However, what rings alarm bells is the speed and scale at which states and Big Tech are starting to cooperate to implement VCs and digital wallets infrastructure to enable identity data-sharing. Critical to note here is that states are now willing to lean into the capabilities of Big Tech for critical functions such as identity verification. 

Considering that implementing VCs and digital wallets are a large-scale coordination exercise (between regulatory entities, standard-setting bodies and technical operators), states relying on Big Tech for the provision of technical infrastructure and market-based solutions is part of a playbook that has been seen before in the implementation of DPI in India. As per these models of development, the success of VCs and digital wallets are likely to be dependent on public-private partnerships. This risks moving digital ID functions that were previously under the remit of the state, towards complex, decentralised ecosystems with increased private sector participation. This creates many unknowns around the risks of turning towards digital verification at population-scale for the EU, African Union, LAC and ASEAN. 

Aspirations for digital sovereignty may not bode well for cross-border verification

This is where the debate becomes uncomfortable, because identity sits at the heart of sovereignty. States have always claimed the authority to define and recognise their populations, assuming the role of extending protection to individuals on this basis. But, cross-border verification and private-sector participation complicates that claim. When identity credentials rely on common standards, foreign-issued wallets, or Big Tech platforms, questions of control and power quickly arise. Who governs the rules of verification and issuer-verifier trust? Whose laws of acceptance apply when credentials cross borders? And how much sovereignty is quietly traded for convenience as Big Tech gets involved in these public functions?

Some governments are already drawing lines. The EUDI wallet is as much a sovereignty project as a usability one, designed to primarily enable cross-border recognition for those residing within the bloc—by agreeing on a common set of standards for ID verification and passing laws that expect member states to set up the required technical infrastructure for the adoption of digital wallets.

The risk with such an approach is that we drift toward a fractured world of digital identity spheres, where verification works seamlessly within regions but breaks down at their edges. To draw a parallel, this is not unlike the modern passport regime that affords varying degrees of mobility based on the traveller’s origin country. If one country’s digital ID credential is trusted instantly while another’s is subjected to extra scrutiny, verification becomes a new layer of inequality. 

In this regard, VCs may offer agency and ownership, but it can also exacerbate exclusion if its implementation is dictated by state interests. Migrants, refugees, and stateless people are often those with the least access to formal identity systems. If cross-border movement becomes too tightly coupled to digital credentials that are functioning on the claims of digital sovereignty, those already on the margins may find themselves further locked out. 

And yet, resisting this shift is not realistic. If digital ID is indeed on track to become universal, then verification will shape who moves, how easily, and under what conditions. Common standards can enable mobility without threatening sovereignty, but only if they are developed in public interest—opening up avenues for people to participate in the development of public technologies like digital ID and negotiating for individual rights over data that is shared in cross-border contexts. Current trends show high involvement from states and Big Tech, but the geopolitical nature of cross-border verification and trust will need multilateralism that centres people, and a conception of identity that is not just restricted to state-led definitions.