The adoption of digital IDs is expanding globally, with regulations such as EUDI enabling more people to utilise it, as well as the realised benefit of a more seamless online identity verification process. But their wider adoption raises new questions, from privacy and data concerns to further security risks, despite additional security being one of its perceived benefits. Global SVP at Endava, David Lewis, shares his views on the advancements of digital IDs and the challenges to overcome, prompting us to think about its implications on businesses and the role of AI in identity verification.
How would you define identity, and what sets digital identity apart from traditional concepts of identity?
Identity is a set of qualities, beliefs and traits that define an individual or a group. Identity is both a personal and social construct which continuously changes throughout its lifetime.
Digital identity is an attempt to identify a set of attributes that uniquely identify us and is almost exclusively used to highlight our differences for the purposes of identification – in most cases digital identity is contextualised for interactions and transactions in a digital world.
How would you describe the concept of digital identity in a simple way?
A digital identity is one or more attributes that is believed to uniquely identify you (e.g. a fingerprint). It is the encoding of the identification attributes into to 1s and 0s - a.k.a. binary. This data is then stored on an integrated circuit (or chip) which is embedded into a host, such as a plastic card. A great example of this is a smart card or a debit card.
Enhanced security is known as one of the biggest benefits that digital ID provides. Why is this, and what role does it play in safeguarding personal data and reducing cyber threats?
Enhanced security refers to an enhancement of the identity verification process, this includes the application of advanced encryption, greater utilisation of biometric data and multi-factor authentication – this enables an individual to use their digital identity for higher “value” transactions (e.g. passports for travel).
Enhanced security also increases control over what data is disclosed (e.g. confirming age without sharing the full DOB), this is often referred to as “selective disclosure”.
What are the most exciting advancements in digital IDs today, and how could they redefine our digital interactions?
Enhanced regulations such as the European Digital Identity (EUDI) will increase the universality of digital identity enabling more people to have access to, and benefit from a digital identity.
On the flip side, what concerns do individuals and organisations most commonly have about digital ID, and how can these be addressed?
A digital identity should serve as a non-repudiable means performing a transaction; however, a digital identity alone is not always adequate to mitigate risks such as identity theft.
For a digital identity to protect the consumer and a business during a transaction initiated by the consumer (e.g. updating an order for groceries) several dependent systems and processes must also be in place to protect the transaction and its participant(s).
In this case IDAM (Identity and Access Management) systems and processes are required to (1) only allow the digital identity holder access to the grocery order they have placed and (2) to limit the number of business users that are allowed to view, update or delete orders.
What’s a commonly overlooked aspect of digital ID that could lead to challenges for enterprises down the road?
The challenge for organisations is not inherent to the digital identity itself – there are of course numerous challenges that still need to be overcome, hence regulatory requirements such as European Digital Identity (EUDI) are in place to facilitate their resolution.
The issue I have observed most often is how and where an organisation manages digital identity. Digital identity transcends privacy, legal, compliance, digital & kinetic security, human resources and many more business functions. Identity is not exclusively a “cybersecurity” domain and, depending upon your organisation, requires a multi-disciplinary and innovative approach to managing it as both a service, facilitator and risk.
What key technologies are driving innovation and shaping the future of digital ID?
The most prominent technology “influencers” in the digital identity space underly decentralising identity, provisioning digital wallets and data encryption (in-flight and at-rest).
How is AI influencing the evolution of digital ID, and what potential benefits or risks do you foresee?
Adversarial machine learning such as adversarial deepfakes are problematic for voice and image authenticity which in-turn has created some detection challenges that continually need to be overcome for digital identity verification.
Artificial intelligence (i.e. human simulation and synthetic intelligence) and in-particular intelligent agents (Agentic AI solutions) will require their own (legal) digital identity, at some point in the future, to pay income tax, for example.
Digital ID is seen by organisations such as the World Bank and the Bill & Melinda Gates Foundation as a key tool in reducing poverty and inequality. What’s your perspective on the role of digital ID in addressing these global challenges?
Digital identity is a driver for normalisation and this in-turn (coupled with many other things) will reduce some manifestations of inequality.
A counterpoint to this is that in recent advances in machine learning applications, in particular — where it’s being applied to human simulation, such as natural language processing (NLP) and large language models (LLMs) — there is a risk of creating a knowledge singularity which, in turn, would create or exacerbate knowledge inequality, potentially widening the gap between those who have access to these technologies and those who do not.