Digital identity ecosystems hinges on wallets, transparency, trust: DRCF
The Digital Regulation Cooperation Forum (DRCF) has released key findings from its 2023/24 workplan. In a blog post, the DRCF describes how the plan’s “joint horizon scanning work into the future of digital identity, exploring how it may evolve in the medium term” has yielded fresh insights on the regulatory implications of a digital identity sector that is evolving at a rapid pace.
Three consistent themes emerge. The first is the shifting development of digital identity technology and markets. The second is trust, interoperability and standards. The third concerns accessibility, or the “digital divide.”
Future of digital identity faces multiple paths
A word that features prominently in the findings is “uncertainty.” There is little consensus between stakeholders on whether decentralized identity systems are destined for mainstream penetration or a niche market. No one is sure exactly which direction digital identity will take among the several branching options that have emerged.
For instance, if mobile digital wallets take off, it will have a huge impact on how widespread adoption of digital identity by consumers takes shape. A recent Gartner survey predicts “at least 500 million smartphone users will regularly make verifiable claims using a digital identity wallet built on distributed ledger technology by 2026.” If those numbers continue on an upward trend, it will create a natural path for digital ID to flourish.
AI is noted as both a security tool and security threat. While it already plays a role in digital identity through facial recognition and other algorithmic applications of biometrics, it is also increasingly available to bad actors looking for ways to circumvent authentication and ID verification measures – for example, through deepfake injection attacks. The DRCF has already launched a pilot of its “AI and Digital Hub,” a resource that offers informal advice to innovators developing AI and digital products.
A noteworthy point about the burden of cost in deploying digital identity says most stakeholders expect the party deploying the system for ID verification to pay the cost. “However, it was suggested that individuals may have to pay to access certain ‘premium’ features” – in other words, the sort of freemium, in-app purchase model that has perpetuated in digital apps.
Trust, interoperability, standards are foundational tools
Trust is, as usual, identified as the key ingredient to making digital identity systems viable for most people as tools for sensitive transactions such as banking. Trust itself is distilled into a few factors. Transparency in data processing is one. Another is regulatory standards – but few agree on how they are likely to develop.
The final element concerns the provider of digital ID services. Stakeholders surveyed by the DRCF pointed to big tech organizations with “large market shares and brand loyalty” among firms “well placed to gain public trust.” (This apparently fails to take into account that thus far, few of those companies have posted perfect records on the first two points.)
Whether or not digital identity will close or widen the digital divide is also an open question. For every argument about increased access to support services, there is another about vulnerable groups that may get left behind. Some noted the risk of digital identity pushing out existing ways to access services, such as with physical ID. The rate at which this could happen is, again, uncertain.
Key players still emerging in early stage of gold rush
The DRCF’s findings say that because digital identity is still a relatively new technology, “it is not yet clear who the most important players will be and whether any barriers to effective competition will emerge.” Large tech firms, especially those that already offer a digital wallet like Google and Samsung, are again flagged as likely leaders. Government, banks, telecoms operators and dedicated digital identity-focused startups also get the nod.
Main considerations for member regulators of the DRCF more or less mirror the key findings. Digital identity wallets from big firms may be trustworthy, but they could choke out competition, especially if bundled with the operating systems of mobile phones – again, as is the case for Google and Samsung.
Regulators will need to underline the need for digital ID organizations to maintain transparency, as well as “the appropriate technical measures to secure data and the requirement for privacy by design in digital identity wallets.” For AI, the focus is on balancing beneficial innovation with fraudulent misuse, and on enshrining supports for those who have been the victims of AI fraud.
In yet another instance of a recurring echo, the DRCF notes that decentralized identity systems may offer users increased control over their data and how it is shared – but most people are unlikely to jump on board unless they understand the tech. “Regulators will need to ensure that organizations that seek to process personal information as part of that sharing process are supporting users to have sufficient knowledge for users to make an informed decision as to what data they wish to share.” And digital literacy is named as a policy priority.
In summary, “it is important that future digital identity systems are transparent, robust and secure to ensure consumer protection.”
The DRCF intends to maintain a “watching brief” to identify further emerging cross-regulatory opportunities and issues. It also notes that individual member regulators will also continue to consider areas specific to them; for example, Ofcom’s Online Safety Act (OSA) and its requirements relating to digital identity and age assurance.
The DRCF includes the Office for Communications (Ofcom), the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA).
Article Topics
decentralized ID | digital identity | Digital Regulation Cooperation Forum (DRCF) | digital wallets | identity verification | interoperability | standards
Comments