From data to trust, democracy in the age of artificial intelligence

By Prof.dr. Almir Badnjević, Director of Agency for Identification Documents, Register and Data Exchange of Bosnia and Herzegovina

Processing data produces information. Understanding information creates knowledge. Applying knowledge enables decisions. This simple yet decisive relationship is the foundation of modern society, public administration, the economy, and democracy. When data is accurate, information is reliable, and knowledge is applied responsibly, institutions function with stability, citizens make rational decisions, and society progresses. When this chain is disrupted, space emerges for manipulation, insecurity, and loss of trust.

In the past, this process was slower and more transparent. Information passed through editorial procedures, the number of communication channels was limited, and the time between events and public reaction was long enough to allow fact-checking, expert analysis, and institutional response. Traditional media carried clear responsibility, while society had recognizable points of reference. Manipulation existed then as well, but it required more time, more resources, and significantly more complex organization.

Today, we live in a time of radically accelerated change. Digital platforms, social networks, algorithmic content distribution systems, automated communication patterns, and tools based on artificial intelligence have transformed not only the speed of information flows, but the very nature of the public sphere. Content is created in seconds, multiplied in minutes, crosses borders without barriers, and shapes perception before facts have the opportunity to be explained. What once required teams of people, production houses, and serious budgets can now be produced by a single individual with a laptop and publicly available software.

This is why disinformation is no longer merely a media issue. It is a matter of institutional security, social cohesion, economic stability, and the protection of democratic order. Modern influence campaigns do not rely only on false claims. They use deepfakes, synthetic audio and video content, networks of fake accounts, coordinated inauthentic behaviour, automated commenting, fake domains impersonating institutions, psychological profiling of audiences, and precisely targeted messages designed to deepen divisions. Their objective is not always to convince citizens of one lie. It is often enough to create doubt in everything, weaken the sense of security, and generate the belief that truth no longer exists.

When a society loses the ability to distinguish authentic from false, legitimate from impersonated, and verified from manipulative, the foundations of the democratic system are endangered. Trust becomes the central point of defence. For that reason, democracy in the digital era is not defended only by laws, parliaments, and electoral procedures. It is defended by an infrastructure of trust.

By infrastructure of trust we mean secure digital identity, reliable registries, qualified electronic signatures, time stamps, protection of data integrity, interoperability of public systems, secure communication channels, and accessible digital services that citizens genuinely use. When a citizen can prove identity in the digital space without fear of misuse, when a document carries legal validity and an electronic trace, when institutions exchange data accurately, rapidly, and securely, when public services function without interruption, and when official information can be verified, the space for manipulation narrows and societal resilience grows.

In this context, digital identity is not an administrative convenience. It is the foundation of secure participation in modern society. A qualified electronic signature is not merely a technological tool. It is a mechanism of legal certainty, accountability, and efficiency. Central registries are not simply databases. They are pillars of accuracy upon which decision-making, rights protection, and public policy depend. Interoperability is not a technical luxury. It is a condition of a modern state.

Bosnia and Herzegovina, despite its complex institutional structure, offers an important lesson for the wider European space. Complex systems can build functional digital solutions when expertise, standards, and clear vision exist. Systems of identity documents, central records, digital identity, electronic signatures, and secure data exchange demonstrate that even institutionally complex states can develop mechanisms that strengthen legal certainty, facilitate access to services, and contribute to institutional stability. IDDEEA in this process represents far more than an administrative agency. It is a critical digital infrastructure of the state connecting identity, data, security, and interoperability.

However, technology alone is not enough. Artificial intelligence is both a challenge and an opportunity. It dramatically lowers the cost of producing false content, increases the credibility of manipulation, and accelerates the spread of synthetic narratives. Yet the same capabilities can be used to detect bot networks, identify coordinated campaigns, uncover deepfake content, analyse anomalies in the digital space, assess risks, and provide early warning to competent authorities. The key question is not whether AI will be used. The key question is who uses it, for what purpose, and under what rules of accountability.

For this reason, a modern regulatory framework that keeps pace with technological development is essential. Transparency of algorithmic systems, clear rules of platform accountability, privacy protection, security of data processing, the possibility of independent oversight, and internationally harmonized standards are becoming integral parts of democratic resilience. Regulations within the European digital legislative framework point in the right direction, but rules without operational capacity are insufficient. Institutions that understand technology are needed, together with skilled professionals capable of acting in real time and systems able to adapt to threats that evolve day by day.

Particular attention must be given to electoral processes, crisis situations, and critical public services. It is precisely in such moments that disinformation can produce the greatest damage. False notifications about voting procedures, fake institutional websites, manipulation related to health or security incidents, attacks on trust in public registries, or coordinated campaigns aimed at destabilization can have direct consequences for social peace and institutional legitimacy. Resilience therefore requires continuous system testing, response scenarios, reserve communication channels, technical readiness, and clear coordination among all competent actors.

No state today can respond to these threats alone. Digital attacks and information campaigns do not recognize borders. A server may be located in one country, an operator in another, the target in a third, while the consequences are regional. This is why regional early warning systems, the exchange of technical threat indicators, joint exercises, coordinated response protocols, and cooperation among CERT teams, regulators, electoral bodies, academia, and competent agencies are of crucial importance. The speed of cooperation must exceed the speed of the threat.

Yet no technology and no institution can replace an educated and aware citizen. Long-term resilience begins in the classroom, the university, the newsroom, and the family. Media and digital literacy, the ability to verify sources, understanding how algorithms operate, a culture of evidence-based dialogue, and the development of critical thinking represent the most valuable investment of any society. A citizen who understands how manipulation is created becomes less vulnerable to its effects.

Equally important is the role of the private sector. Digital platforms, telecommunications operators, financial institutions, technology companies, and cloud service providers shape the infrastructure of modern society. Their responsibility cannot be secondary. Product security, procedural transparency, cooperation with competent authorities, supply chain resilience, user protection, and investment in security standards are part of a broader public responsibility.

In the past, the strength of a state was measured by territory, military power, and natural resources. Today, it is increasingly measured by the ability to protect identity, ensure data integrity, preserve continuity of public services, and maintain the trust of citizens under pressure. Cyber resilience is therefore not only a matter of networks, servers, and software. It is the capacity of a society to preserve truth when under attack, functionality when facing crisis, and democratic legitimacy when confronted with manipulation.

Investment in digital identity, secure registries, interoperability, skilled professionals, media literacy, the ethical use of artificial intelligence, and international cooperation is not a technical expense. It is an investment in stability, development, and the future of democratic society.

About the author

Prof.dr. Almir Badnjević is Director of Agency for Identification Documents, Register and Data Exchange of Bosnia and Herzegovina (IDDEEA).

Article Topics

Bosnia and Herzegovina  |  digital trust  |  Identity and Data Exchange Agency of Bosnia and Herzegovina (IDDEEA)