Digital ID Isn’t Coming — It’s Already Here
Public debate about “digital identity” often treats it as a looming government scheme: a card in an app, a top-down system, an innovation waiting to arrive. In reality, digital ID is already the plumbing of modern life. From bank logins to phone settings, from government portals to the “Continue with Apple” button, most people already carry and use multiple digital IDs every day. The question is not whether digital ID will exist, but how to govern and safeguard the systems already in place.
The everyday digital ID
Consider Sweden. Its BankID system, operated by major banks, has reached near-universal coverage: over 8.6 million people use it, in a country of 10.5 million. It underpins everything from banking to healthcare, logging more than a billion authentications each year. In India, Aadhaar has issued 1.4 billion unique IDs and processes over two billion authentications every month, including biometric face scans. The UK is migrating to a single government login; more than 11 million people already use GOV.UK One Login to access central services, with full adoption targeted by 2027. In the EU, the European Digital Identity Wallet became law in May 2024, setting the stage for interoperable IDs across member states.
Meanwhile, in the United States, Apple Wallet and Google Wallet now hold driver’s licences and state IDs in more than a dozen jurisdictions. The Transportation Security Administration recognises these at participating checkpoints. Agencies still advise carrying a physical card, but the direction of travel is clear: IDs in wallets are becoming standard.
These are not speculative pilots. They are real, widely adopted systems serving millions or billions of daily users.
The private layer: platforms and devices
Even outside formal government schemes, digital ID is part of daily life. The “Continue with Apple/Google/Facebook” button is a form of federated identity used by billions worldwide. Meta alone counts 3.48 billion daily users across its family of apps, and those accounts regularly double as logins for third-party services.
At the device level, operating systems issue unique identifiers: Apple’s IDFA and Google’s Advertising ID. These mobile advertising IDs are not perfect analogues of a passport, but they are persistent, system-managed identities that underpin whole ecosystems of apps and services. Users can reset them, yet they are relied upon for attribution, analytics, and targeted access. In many countries, SIM cards themselves require “Know Your Customer” verification, making the phone number another everyday identity token tied to real names and legal records.
In short, a smartphone is already a bundle of digital IDs: government apps, bank logins, platform credentials, advertising identifiers, SIM-based phone numbers, and increasingly, mobile driver’s licences.
Why this matters
The way society talks about digital ID often obscures this reality. Critics warn of centralisation, surveillance, or exclusion, while advocates stress convenience, security, and efficiency. Both sides risk missing the point: the debate is not about whether digital ID will exist, but about the standards and governance around the systems already here.
There are obvious benefits. Properly designed, digital IDs can slash fraud, speed up public services, and make cross-border transactions easier. In the EU’s vision, a citizen could prove age, identity, or qualifications anywhere in the bloc using a single wallet app. In the Nordics, bank-grade eID has become so embedded that it is difficult to imagine life without it.
There are equally obvious risks. Poorly governed digital IDs can entrench surveillance, expose biometric data to misuse, and exclude those without the necessary devices. The challenge is to ensure inclusion, voluntary adoption, and privacy by design.
Governance, not denial
Global initiatives already map out responsible approaches. The World Bank’s ID4D principles call for inclusivity, user control, and strong safeguards. UN development agencies recommend minimising data collection, enabling selective disclosure (for example, proving “over-18” without sharing the full ID), and providing independent oversight. The European framework for digital identity wallets enshrines interoperability and user agency, with technical standards to prevent lock-in.
Civil society voices warn of potential abuse, and those warnings should be taken seriously. A rights-based digital ID system must guarantee that participation is voluntary, revocable, and subject to legal redress. Governments and platforms alike need to prove that data minimisation and user control are more than slogans.
The false binary
The real danger in public discourse is the false binary: digital ID or no digital ID. The truth is more nuanced. Billions of people are already using digital IDs, often without realising it. Every Aadhaar authentication, every BankID login, every “Continue with Google” click, every mobile driver’s licence presented at airport security—these are digital ID transactions in practice.
Dismissing digital ID as a “future proposal” blinds society to the reality of today’s infrastructure. By the same token, embracing digital ID without conditions risks sliding into surveillance without consent. The debate must move beyond whether to have digital ID, and focus instead on how to govern, standardise, and safeguard the ones already in use.
The choice ahead
Digital ID is not an on/off switch. It is a continuum of systems that already mediate access to services, platforms, and rights. The key decision is whether those systems are governed by transparent, interoperable, rights-respecting standards—or left to proliferate in fragmented, opaque, and unaccountable ways.
Policymakers, platforms, and the public should recognise the reality: digital identity is here. The task now is to make it trustworthy.
