As identity infrastructure scales, governance becomes the differentiator

Biometrics bound to credentials increasingly underpin the trust infrastructure of digital life, yet as digital systems reach deployment, they are facing stress tests that highlight the importance of governance. Headlines this week on Biometric Update, from a crypto breach to a false arrest lawsuit, show the challenge of operationalizing governance, whether the biometrics themselves work as advertised or not.

Trust and governance

The UK government’s self-inflicted digital ID quandary is instructive when it comes to public trust: it is not achievable by fiat. An existing system built on independent certification is already doing a lot of the work that the public doesn’t trust the government to handle. It is fortunate, in that light, that the one of three expert panels the government has now set up is with DVS providers.

Certification is increasingly recognized as a trust signal, and as Kantara points out, marketing isn’t compliance but compliance might be the best marketing.

The EU Council’s proposal for European Business Wallets seeks to extend high trust to cross-border commerce from a basis of EUDI Wallets and solid governance. The latter includes reliance on standards, including for IAD.

Biometric injection attack detection is the tool that distinguishes legitimate user biometrics from synthetic or deepfake spoofs that bypass presentation attack detection systems, and thus ensures the reliability of remote interactions. The latest market report and buyer’s guide from Biometric Update and Goode Intelligence forecasts IAD checks will spike to more than 300 million in 2028.

Meanwhile, India may have to steer the governance of its DPI towards increased local control for “strategic autonomy,” senior government officials suggest. India and China are both grappling with how to maintain trust in DPI as it converges with AI.

A new kind of constant surveillance could become normalized in the U.S. via the biometric smart glasses Meta is hawking and the mobile facial recognition app ICE is distributing to state and local police. Public trust in both organizations could benefit from firm and clear governance as their ambitions expand.

Age of mistrust

The step after “trust but verify” is enforcement, which is the stage Australia has reached in its age assurance process. Some platforms have done a poor job following the rules so far, so the government is drafting a digital duty of care that would empower eSafety to levy much larger fines.

Academia is a pillar of public trust, which makes the prompt resolution of allegations by Yoti against a pair of American universities all the more important. A week after raising them, the company is considering its legal recourse.

The reliability of academic reports is crucial to downstream analysis, like the patents at the heart of FaceTec’s allegations against iProov and Jumio ruled valid by an IP appeals body.

Please let us know if you come across any podcasts, newsletters or other content we should share with the people in biometrics and the digital identity community through the comments below or social media.

Article Topics

biometrics  |  digital ID infrastructure  |  digital identity  |  trust infrastructure  |  week in review