KILT, Youverse and Key State Capital on challenges for decentralized identity in EU

The digital world is facing a host of problems when it comes to proving people’s identity, ranging from privacy and security to friction and slow verification. Decentralized digital identity is one of the solutions for these issues, according to its supporters, and is being embraced all around the world – particularly in the European Union.

But will the EU with its standards, specifications and regulations be able to bring its citizens the benefits of decentralized identities? Biometric Update asked industry stakeholders from Kilt, Youverse and Key State Capital to share their insights into decentralized IDs role in the EU Digital Identity (EUDI) Wallet project and its supporting regulation, the eIDAS 2.0.

EU lagging on decentralized identity standards

On a global level, Europe may be lagging in standards related to Decentralized Identifiers (DIDs) and verifiable credentials, says Ingo Rübe, CEO of digital identity blockchain company Kilt. At the same time, the U.S. and some initiatives in Asia are embracing these standards which could lead to incompatibility in the long run.

“I have the fear that with eIDAS 2.0, we are basically decoupling ourselves from the rest of the world,” says Rübe. “It is really not such a great idea to build something that is not based on international standards. And this is what we’re currently doing.”

Many practitioners working within EU projects fear that their work will be in vain in the long run, he adds. DIDs and verifiable credentials, so-called real decentralized identity, will likely prevail globally, leaving Europe with no choice but to adopt them. With time, the industry will start noticing incompatibilities, including the European digital passport that is usable only in Europe and not in the U.S. and other areas, he explains.

“You have a lot of things built on permissioned private blockchains and stuff where the EU put a lot of money into it,” says Rübe. “And of course, everyone knows that this is not where it’s going to be in the long run. But still, lots has already been done, and it’s always very, very hard for people to admit that actually they should change things in the core.”

A positive move is that eIDAS 2.0 regulation acknowledges the need for decentralization. The old eIDAS regulation was very much centralized: The basic idea is to have one very secure data center that holds all the data, he adds.

However, new insights have shown that centrally storing data is not as secure as once thought. Around a decade ago, technologists started realizing that centralization can create honeypots for attackers, while decentralization means that attackers have to target millions of digital wallets to access information.

“That is, I think, common sense, but it is very, very complicated to get the common sense into policymakers,” says Rübe. A large part of the issue is that the industry has invested a lot in centralized services, he adds.

The 3 challenges of decentralized IDs

The push toward digital IDs in Europe could be criticized for the time it has taken for policymakers to define regulations and standards. But Pedro Torres, founder and CEO of decentralized reusable identity company Youverse, believes that the upside is that the continent is going for standards that are well thought out.

Most of the standards for the EUDI Wallets and its Large Scale Pilots are based on the World Wide Web Consortium (W3C) standards.

“It should be something that everyone can adopt,” says Torres. “Because [Europe] is a big market, 500 million people in terms of identities, it is something that other areas of the world will probably follow closely.”

Summed up in three words, the benefits of decentralized identity are privacy, security and convenience. Challenges remain in all three categories, according to Torres.

Users can use their digital credentials without involving a centralized entity, ensuring privacy. However, many organizations, such as service providers or merchants will still be able to store different information from verifiable credentials in their databases, he points out.

“There’s a long way to go to actually fully protect privacy,” says Torres. “One of those ways, which is planned but still waiting to be adopted, is selective disclosure. I should be able to just provide the information that’s required.”

A subscriber to a streaming site like Netflix, for instance, should be able to prove they are over 18 without providing any additional information.

As for security, more work needs to be done to ensure the devices that hold the identity wallets which are usually smartphones. Youverse believes that a smarter way to go about verifiable credentials would be to bind them to the biometrics of the person who holds them.

Finally, one challenge to the convenience of digital credentials could become the government, which tends to move slower than the private sector when it comes to creating user-friendly apps.

“If you have commercially driven organizations trying to put wallets everywhere, they compete with each other, and then the best wallet wins,” says Torres, “You will have much better wallets, much better convenience, adoption, interoperability, than just one [wallet] per European country.”

European vs US model

While the EU is taking a slow approach, governments around the world are jumping on the decentralized ID trend. Nearly 60 percent of the 117 countries developing digital IDs are also working on some form of decentralized digital ID, according to data from investment firm Key State Capital.

The EU has a “bad track record” for developing technologies because they regulate them before they are even developed. At the same time, markets such as the U.S. regulate them long after they’ve already appeared on the market, says Thibault Serlet, partner at Key State Capital. One of these technologies is AI, which the EU is attempting to reign in with the AI Act.

“Most people are not using AI in their day-to-day yet,” says Serlet. “And yet, the EU has already created these very complicated frameworks by non-technical people. And something similar is happening with digital identity where the EU has created eIDAS 2.0.”

Blockchain-based ID projects started appearing in 2014 and most of them didn’t seem to gain any success until 2020.

“We really only got, from a technological perspective, three years and a very small handful of very niche case studies of the technology being deployed,” says Serlet. “And the EU has already gone ahead and created very rigid technological standards for what the government can and cannot do, purely based of how they imagine this future technology could look.”

Despite these challenges, the market for decentralized IDs is expected to grow. Analysis from market research companies such as Precedence Research predicts that the digital ID industry could grow to $203.5 billion by 2034. And by 2035, between 25 and 35 percent of all deployed digital identity systems will be decentralized, according to the investment firm.

Article Topics

decentralized ID  |  decentralized identifiers (DIDs)  |  digital wallets  |  eIDAS  |  EU  |  EU Digital Identity Wallet  |  Key State Capital  |  KILT  |  Youverse