Digital ID systems now critical infrastructure requiring sovereign cyber defence

Digital identity systems are increasingly being treated as critical national infrastructure requiring sovereign cyber defense, according to experts at ID4Africa’s 2026 AGM in Abidjan.

Speakers warned that AI-driven cyberattacks, ransomware and expanding digital public infrastructure (DPI) ecosystems are increasing risks to national identity systems across Africa and beyond. Several argued that cybersecurity must be embedded into digital ID systems from the design and procurement stage rather than added later as a separate layer.

Cybersecurity has become a growing policy priority globally. The European Commission last year announced a $1.4 billion technology investment package that includes cybersecurity, while researchers in Europe are also developing cybersecurity frameworks for the European Digital Identity (EUDI) wallet.

Several speakers at ID4Africa today argued that digital identity security is fundamentally tied to national sovereignty and trust infrastructure.

The Director General of Côte d’Ivoire’s National Agency for Information System Security (ANSSI), Guelpétchin Moussa Ouattara, described public key infrastructure (PKI) as being as essential to digital identity systems as roads are to an economy.

“Cybersecurity for digital ID is not a matter of choice, but one of survival and sovereignty,” he said, warning that interconnected digital infrastructure requires continuous protection through governance, technology and human oversight.

Ouattara also emphasized zero-trust principles and argued that countries must build sovereign trust systems rather than rely entirely on external providers.

“We don’t need to rent trust; we have to build our own trust systems that secure our critical infrastructure,” he said.

Dr. Albert Antwi-Boasiako, former Director General of Ghana’s Cyber Security Authority, similarly warned that cybersecurity must be understood as an ecosystem-wide challenge rather than an isolated technical function.

According to Antwi-Boasiako, increasingly sophisticated attacks and synthetic identity threats are pushing digital identity systems toward a point where distinguishing between a real person and a “digital ghost” may become increasingly difficult.

“If nations cannot secure the digital identities of their citizens, they cannot secure the nations themselves,” he said, arguing that cybersecurity safeguards must be integrated at the procurement and design stage of identity systems.

Researchers and cybersecurity specialists also warned that attacks on identity infrastructure are becoming larger, more sophisticated and increasingly AI-driven.

Experts from The Alan Turing Institute, the World Bank Group, Idiap Research Institute and Cy-Lab Africa highlighted three major trends driving cyber risk: increasingly large ransomware attacks, AI-generated phishing campaigns and a rapidly expanding attack surface linked to DPI investments.

According to speakers, ransomware incidents can cost developing economies up to 2.4 percent of GDP in some cases.

To counter these threats, experts proposed a four-pillar framework for assessing the cyber readiness of digital identity ecosystems, including national cybersecurity foundations, security-by-design principles, operational resilience and innovative risk management.

Senior Digital Specialist Ghislain De Salins said the World Bank is already supporting national ID agencies in countries including Ethiopia, Benin and Nigeria in pursuing ISO/IEC 27001 certification for information security management.

He recommended several baseline security measures for identity agencies, including appointing Chief Information Security Officers (CISOs), implementing multi-factor authentication (MFA), prioritizing software security updates and encrypting sensitive data.

Beyond national systems, speakers also argued that fragmented cybersecurity approaches could undermine cross-border trust and interoperability across Africa’s digital identity ecosystem.

Officials from Benin, Ethiopia, the Democratic Republic of Congo and Tunisia called for stronger continent-wide coordination through regulatory harmonization, interoperability standards and African Union engagement.

Marc-André Loko, Director General of Benin’s Information Security and Digital Agency, proposed additional cybersecurity protocols linked to the Malabo Convention and stronger legal recognition frameworks between countries.

Tigist Hamid, Director General of Ethiopia’s Information Network Security Administration, called for common interoperability standards and multi-stakeholder coordination while ensuring that frameworks reflect local realities.

Prosper Ntetika, President of digital transformation policy organization Think Tank Law & Technologies in the Democratic Republic of Congo, argued that African countries need legal “safe harbours” that allow room for innovation while maintaining cybersecurity protections.

Tunisia’s former Minister of Communication Technologies, Dr. Nizar Ben Neji, emphasized practical resilience measures including regular audits, emergency response planning, disaster recovery mechanisms and citizen awareness campaigns.

Speakers also pointed to Estonia and Singapore as examples of mature digital identity ecosystems built around security-by-design principles.

Estonia maintains a state-controlled PKI system in which the root certificate authority is never outsourced. The country also uses multiple independent PKI-based identity channels, including eID cards, Mobile-ID and Smart-ID, to ensure resilience if one channel is compromised.

Singapore’s GovTech and SingPass infrastructure, meanwhile, was cited as an example of operational resilience at scale. The system supports 4.5 million users across more than 2,700 integrated services and has reportedly recorded zero breaches in the last five years.

Singapore also deploys AI and machine-learning anti-fraud systems that monitor anomalies in real time and uses liveness detection in SingPass Face Verification to counter deepfake threats.

Article Topics

Africa  |  cybersecurity  |  digital ID infrastructure  |  digital identity  |  ID4Africa  |  ID4Africa 2026