Exploring the global

digital ID landscape
Clear leaders, varied paths, and steps
to realize their potential

Coley Felt and Will LaRivee

The Atlantic Council GeoTech Center has a Authors
mission to shape the future of technology
Coley Felt
and data to advance society.
Will LaRivee

Program director
Raul Brens Jr.

Cover: IMAGO/Zoonar via Reuters Connect. Acknowledgments

This report has been made
possible by the assistance of
the following GeoTech Center
© 2025 The Atlantic Council of the United staff: Trisha Ray, Ryan Pan,
States. All rights reserved. No part of and Marina Meyjes.
this publication may be reproduced or
transmitted in any form or by any means
without permission in writing from the
Atlantic Council, except in the case of brief
quotations in news articles, critical articles,
or reviews.
Please direct inquiries to:
Atlantic Council
1400 L Street NW, 11th Floor
Washington, DC 20005
 Exploring the global
digital ID landscape
Clear leaders, varied paths,
and steps to realize their potential

Coley Felt and Will LaRivee

Table of contents
Executive summary........................................................................................................................................2

Introduction.....................................................................................................................................................3

Analog identity................................................................................................................................................3

Identity in the digital domain........................................................................................................................4

Government goes digital................................................................................................................................. 4
Common digital ID............................................................................................................................................5

Benefits of digital IDs..................................................................................................................................... 7

Limitations of digital identities.....................................................................................................................9

Technical limitations ........................................................................................................................................9
Political limitations............................................................................................................................................9
International coordination...............................................................................................................................9
Social limitations ............................................................................................................................................. 10
Governments .....................................................................................................................................................11
Private sector ....................................................................................................................................................11
Civil society ........................................................................................................................................................11

Recommendations for design and implementation................................................................................ 11

Case studies.................................................................................................................................................. 12

Estonia............................................................................................................................................................... 12
India.................................................................................................................................................................... 12
African Union.....................................................................................................................................................13
EU eIDAS ...........................................................................................................................................................13
United States.....................................................................................................................................................13

About the authors......................................................................................................................................... 15

About the program director........................................................................................................................ 15

Endnotes........................................................................................................................................................ 16
Exploring the global digital ID landscape

Executive summary
In an increasingly digital world, digital identity systems re- transform the delivery of government services and industry
present a fundamental transformation in how personal infor- interactions, though there are potential risks and limitations
mation is authenticated and managed, shifting from traditio- to be considered.
nal physical identification methods to electronic credentials Despite promising advantages, limitations across technical,
that enable access to digital services across government political, and social spheres present an array of challenges.
and private-sector platforms. These systems utilize authenti- Technical limitations include interoperability between diffe-
cated credentials that verify individual qualifications and per- rent systems, cybersecurity vulnerabilities, and accessibility
sonal information to establish trusted digital documentation, barriers in regions with limited digital infrastructure. Political
spanning use cases from health certificates to mobile identi- obstacles include insufficient regulatory frameworks, lack
fication for travel security and banking verification. of adherence to international standards, and coordination
The worldwide adoption of digital identity systems varies si- issues between jurisdictions. Social limitations center on
gnificantly across regions and implementation approaches. concerns over public trust, particularly regarding surveil-
Estonia’s comprehensive e-ID system, mandatory for all lance and privacy, along with unequal access that can fur-
residents, demonstrates transformative societal impact by ther marginalize vulnerable populations including refugees,
connecting organizations through distributed databases elderly citizens, and those with limited digital literacy.
and blockchain technology. India’s Aadhaar program serves Successful implementation of digital identity systems re-
a massive population, proving that large-scale digital identity quires coordinated efforts across sectors. Governments
systems can operate in developing countries while bringing must adopt user-first design principles, ensure interope-
previously undocumented populations into formal economic rability through technical standards, tailor systems to local
systems, albeit not without criticism. The European Union’s contexts, and establish effective public-private partnerships.
eIDAS framework mandates that all member states offer di- Private-sector actors should prioritize transparency, data se-
gital identity wallets to citizens and businesses, creating in- curity, and accessibility while implementing privacy-enhan-
teroperability across member states. The African Union has cing technologies. Civil society organizations play crucial
faced infrastructure and data-protection challenges, while roles in public education and representing user interests.
the United States remains fragmented with individual states
implementing mobile driver’s licenses without federal coor- As digital identity systems become the cornerstone of per-
dination. sonal identification, effective implementation depends on
building systems that genuinely serve user needs while
Digital identity systems offer a breadth of benefits including maintaining robust protections against misuse and public
enhanced convenience, improved access for underserved trust through transparency and accountability measures,
populations, stronger privacy protections through data mi- particularly ensuring the protection and well-being of margi-
nimization principles, and significant cost savings for or- nalized and disadvantaged populations.
ganizations. These systems hold tremendous potential to

ATLANTIC COUNCIL 2
 Exploring the global digital ID landscape

Introduction
Digital transformation has fundamentally altered how indivi- associated limitations of these systems. Through compre-
duals interact with governments and businesses worldwide. hensive analysis, the report provides practical recommenda-
At the heart of this transformation is the concept of digital tions to facilitate the widespread adoption of digital ID sys-
identity: the electronic representation of an individual’s cre- tems while safeguarding fundamental rights and ensuring
dentials and authentication information that gives access to inclusive access for all.
digital services. This report explores the global digital iden-
tity (ID) landscape, examining the wide-ranging benefits and

Analog identity
Tracing its origin to the Latin idem, or “the same,” an identity with other institutions. Again, considering the passport, a tra-
comprises the traits, qualities, behaviors, and choices that veler must carry their documents with them to cross borders,
define unique individuals, organizations, and entities. These and a passport booklet may not be accepted as a verifica-
largely static details amassed over time include basic tion method for other services, such as entering a school
identifiers, demographic information, employment details, facility or a place of employment.
and biometrics. Taken together, these data can establish Analog IDs also offer relatively easy vectors for identity theft.
authenticity and verify that a claimed entity is “the same” Simply by stealing a wallet or a paper file, a thief can im-
as a genuine entity, shaping how it interacts with others mediately access a trove of information. Printed documents
in the public sphere. Public and private institutions have lack password protection, biometric verification methods,
traditionally represented these consolidated verification and multifactor authentication requirements that limit visibi-
details with analog, or nondigital, identities (IDs). These lity to sensitive details about an entity. A criminal can use
material forms of authenticity include passports, business all printed information to perpetrate a host of identity theft
licenses, and insurance cards that prevent fraudulent activity crimes, seriously disrupting the personal and professional
and enable access to services otherwise unavailable to lives of victims.
anonymous entities.
Furthermore, analog IDs grow increasingly irrelevant as mo-
This verification method offers clear advantages of ease of dern societies digitize. Today’s public commons have trans-
control and challenge of replication. For example, as govern- formed from a physical place of interaction to a network of
ments issue just one tourist passport per citizen, travelers online connections and engagements. Community gathe-
can verify that no one else has access while concealing their rings, professional workflows, and financial transactions no
documents in their possession. Furthermore, while forging a longer require participants to occupy the same space, ins-
passport may be possible, duplication requires access to an tead connecting individuals, businesses, and devices across
original copy, and the authentic document can be verified the world in real time. Analog IDs cannot establish sufficient
with details generally stored in an external database. authenticity in this domain, and the sensitivity of certain in-
However, a physical form of identification also inherently im- teractions requires a threshold of verification that a physical
poses constraints on its effectiveness. It must be physically form of identity cannot provide. To meet this demand, new
present to provide its benefits, and one form of identity spe- forms of digital IDs offer promising alternatives.
cific to a single institution may have limited interoperability

ATLANTIC COUNCIL 3
Exploring the global digital ID landscape

Identity in the digital domain

Identification principles in the digital space largely mirror This repeatable framework to establish and verify an online
those in the analog world, where an entity must verify its persona can be crafted by any digital service provider, such
authenticity with a sufficient combination of unique details.1 as social media companies, healthcare networks, or e-com-
However, in the digital domain, real individuals are not li- merce platforms. The created domain-specific proxy entities
mited to a single digital counterpart; a physical entity may within these organizations establish trust between parties,
be represented by several discrete digital versions of itself, enabling the seamless exchange of information, goods, and
either in a single database or across multiple systems. While services.
this one-to-many ratio may be exploited with malicious in-
tent, the ability to create multiple digital identities can also Government goes digital
prove beneficial, enabling individuals to better organize or After decades of private-sector digital success alongside so-
protect their digital footprints. metimes cumbersome public-sector performance, govern-
In practice, the process of creation and confirmation of iden- ments and their service providers have begun to transition to
tity involves six key elements: the user, the identity provider, digital platforms. From portals for filing taxes to applications
the service provider, the established identity, the personal for small-business research grants, government agencies
authentication device, and the connections between each have expanded their online offerings to individuals and or-
actor.2 ganizations, streamlining previously clunky and often confu-
sing processes.4 These systems are far from perfect; bugs
To create an identity, the user first connects with the identity and failures do sometimes interfere with critical government
provider online, which may be internal to the service provi- functions or necessary assistance. The October 2013 launch
der or a third-party identity-as-a-service (IAAS) organization of HealthCare.gov famously failed to meet customer require-
specializing in managing identity data. The user then pro- ments, crashing within hours after launch, and only allowing
vides a unique set of attributes to the identity provider to six users to register on the first day.5 However, the site has
establish an account, which allows the real entity to exist in since been heavily overhauled, enabling tens of millions of
and interact with other entities online. This combination of users to register during open enrollment periods each year.6
attributes is recorded and managed by the identity provi-
der internally in a database or externally through blockchain Yet, as with private websites and nondigital service provi-
technology in a process known as identity and access ma- ders, users must still repeatedly expose elements of their
nagement (IAM).3 personal information to establish accounts, and those ac-
counts are often not connected across government entities,
Next, when a user attempts to access a digital service, each of which manages their data and digital infrastructures
the service provider must confirm that the attempt is from differently. The repeated requirement to release private
the genuine user by authenticating from a list of attributes information in exchange for access is not only a barrier to
shown in table 1. After verifying that the provided attributes access, but it also increases exposure to identity theft and
match those stored in the IAM system, the service provider fraud.
enables access to the user.

Table 1. Authentication attributes

Something the user knows Password, PIN, mother’s maiden name

Something the user is Biometric data (fingerprints, eye scan, etc.)

Something the user has One-time password, authentication device

Somewhere the user is Location data for user

A combination of the above Example: Combination of PIN and one-time password

Source: Jean-Marc Seigneur and Tewfiq El Maliki, “Chapter 17 – Identity Management,” in Computer and Information Security Handbook,
ed. John Vacca (Morgan Kaufman, 2009), 269–292, https://doi.org/10.1016/B978-0-12-374354-1.00017-0.

ATLANTIC COUNCIL 4
 Exploring the global digital ID landscape

Still, the potential benefits of digitized public services pro- The scope of these digital IDs varies widely across a broad
mise to revolutionize the way governments interact with their range of services. Some systems, such as California’s pro-
citizens, paying dividends through enhanced transparency gram and several other mobile vehicle license programs in
and public trust, and lowering service delivery costs by up to US states, remain limited to few functions, verifying age and
95 percent.7 By leveraging the power of digital connectivity address at select businesses and government agencies. 8
and the quality of available data, public officials can trans- Others, such as Estonia’s e-ID system, enable access to a
form their services into faster, safer, and cheaper alternatives comprehensive list of public services, from voting to mana-
for a more inclusive form of governance. To do so, they face ging medical prescriptions.9
the challenge of developing an integrated, streamlined digi- New digital IDs may also pair with analog IDs for a more ro-
tal infrastructure while sufficiently protecting user data and bust process. Estonia’s e-ID system combines a physical ID
respecting the rights of individuals. Card with an embedded SIM chip, a Mobile ID with encryp-
Common digital ID tion keys stored on a smartphone, and an online Smart ID
system. This diversification allows users to access services
Enter the modern digital ID. These systems offer a verifiable virtually or in person, and it also backs up digital systems for
one-to-one representation of a physical identity across a cases of reduced or disrupted connectivity.10
range of digital applications. When sufficiently scaled, this
enables a user to seamlessly access and engage with an
interconnected network of institutions. In return, those ins-
titutions can better trust the authenticity of a user to ensure
their services are achieving their desired effect.

ATLANTIC COUNCIL 5
 Table 2. A comparison of digital IDs across selected countries and US states

Services
System Overview Design and Access
Government Commercial
System
Birth/ Edu-

ATLANTIC COUNCIL
Ownership: ISO Health Vehicle Digital Docu-
Digital ID Digital/ Death Tax cation
Region Government Access Standard Ser- Voting Passports Licen- Bill Pay Signa- ment Banking
Concept Physical Twin Certifi- Filing Ser-
and/or (18013-5) vices sing ture Storage
cates vices
Commerical
Government
Australia Digital iD Yes and/or Com- Citizens No X X X X X X X X
mercial
Exploring the global digital ID landscape

Brazil Gov.br Yes Government Citizens No X X X X X X X X X X

Denmark MitID Yes Government Everyone Yes X X X X X X X X X X

Estonia e-ID Yes Government Everyone Yes X X X X X X X X X X X

eIDAs/eIDAs2/
EU Yes Both Everyone Yes X X X X X X X X X X
EUDI Wallet

6
Finland e-ID No Commercial Everyone No X X X X X X X X X X

India Aadhaar Yes Government Everyone No X X X X X X X X X X X

Kenya Maisha Namba Yes Government Citizens No X X X X X X

Singapore Singpass Yes Government Citizens No X X X X X X X X X X X

Sweden BankID Yes Both Everyone No X X X X X X X X X X

UAE UAE PASS Yes Government Everyone No X X X X X X X X X X

mDL (pilot) /
California California Identity Yes Government Citizens Yes X X X X
Gateway

Colorado myColorado Yes Government Citizens Yes X X

Source: GeoTech Center compilation consolidated tab here.

 Exploring the global digital ID landscape

Benefits of digital IDs

The breadth of emerging applications reflects the growing blic sphere, with the potential to boost the gross domestic
list of benefits that digital IDs offer customers of government products (GDPs) of these states by 3 percent to 7 percent
services. Digital identities serve as a catalyst for econo- by 2030.13
mic growth, a facilitator of more efficient delivery of public Similarly, digital IDs may also improve inclusion for nonci-
services, and a mitigator of fraud and waste. They provide tizens living abroad. India’s Aadhaar system allows foreign
benefits to the entire ecosystem of users from government nationals living in the country for more than 182 days—and
entities, financial institutions, and individuals. with a valid passport and Indian visa—to enroll with the
Linked digital IDs across organizations offer their users Unique Identification Authority of India.14 This capability al-
the convenience of single sign-on (SSO) solutions. Once lows visitors to more easily work with Indian financial institu-
connected through one service provider, the common iden- tions and telecom providers, streamlining business practices
tity provider gives the user the freedom to access any of and improving services for visitors.
the additional in-network service providers. In the United Vastly improving on analog identification methods, digital
States, the ID.me service already connects a host of fede- systems can strengthen the privacy of individuals, protec-
ral agencies, including the Department of the Treasury and ting against identity theft and allowing individuals to control
the Department of Health and Human Services, as well as the release of personal information. A digital identity reduces
several state-level government agencies and private retail the need to carry multiple cards or papers to prove authenti-
companies.11 Where once a user would have had separate city, consolidating those documents into an easily managed
accounts for applying for Veterans Affairs benefits and filing single digital wallet. Within that wallet, access to key iden-
tax returns, they can now access all services under a single tification data generally remains further protected behind
profile. passwords, biometric scans, or other verification measures
Modern digital IDs also improve access to public and private that physical cards cannot provide. Furthermore, these
services for a broader audience. An estimated 850 million wallets may also offer users the benefits of self-sovereign
people worldwide lack an official form of documentation, a identity, giving them the control to limit which details are
limitation most concentrated among lower-income countries displayed to each viewer. Self-sovereign identity embodies
in sub-Saharan Africa and South Asia.12 Unable to easily au- the concept of data minimization,15 and technologies sup-
thenticate their identity, these individuals struggle to attain porting selective disclosure will allow data to be shared in a
government financial assistance, participate in elections, privacy-preserving manner. For example, an individual may
or apply for higher education. They may also lack bank ac- choose to release just verified birthdate and employment
counts, requiring them to carry cash to complete transac- information when applying for a job, while protecting other
tions and contribute to commercial growth. As connectivity sensitive details. These measures prevent unnecessary and
spreads across these regions, digital registries enable pre- unintended exposure of identifying features that could be
viously excluded populations to participate in a broader pu- exploited or cause personal harm.

Emerging privacy-enhancing technologies

The growing list of privacy-enhancing technologies (PETs) includes several less-common technologies that
promise to improve the security and control of digitized personal data.
Zero-knowledge proofs (ZKPs) confirm whether an asserted fact is true or false rather than revealing the fact
to a viewer. Such a system can be used to verify age for voting systems or income for rental applications
without exposing a precise birthday or income amount.
Multiparty computation (MPC) methods enable several entities to jointly use data for computation while
eliminating the need for an additional party to use and verify the data’s accuracy. This process reduces the
exposure of specific data while enabling entities to generate insights from that data. Variants of these tech-
nologies were used for COVID-19 exposure notification measures based on location proximity and contact
data without revealing the identities of specific individuals.
Blockchain systems and other distributed ledger technologies (DLTs) can improve data accountability by
preserving a public record of previous instances of access, transfer, and processing. While the public nature
of DLTs can expose data to new privacy risks, their decentralized nature can improve data governance and
compliance if combined with other PETs.

ATLANTIC COUNCIL 7
Exploring the global digital ID landscape

Digital authentication systems also improve the security of flows and builds trust with users who increasingly see go-
identity management, which better protects the information vernment institutions as working for them.
stored in consolidated databases. Paper registries remain Finally, if regionally standardized, digital IDs can serve
vulnerable to duplication, forgery, loss, and theft. If digitized as catalysts for economic growth. Commonly accepted
in a properly designed database, personal information may frameworks allow users to seamlessly access foreign goods
be better sustained and protected through encryption, the and services while offering businesses international mar-
integration of decentralized blockchain systems, and other ket access beyond borders. The EU’s Digital Identity Wallet
privacy-enhancing technologies (PETs).16 Not only do ad- should offer both demand- and supply-side benefits for tran-
vanced databases improve security, but the user’s ownership sactions between individuals and institutions.18 For example,
of their personal data reduces the need for companies to the system will allow EU citizens to seamlessly access me-
store as much personal information as had been the case. dical prescriptions abroad and open bank accounts in non-
These digital ID systems can greatly improve organizational native countries. Simultaneously, it will enable businesses
efficiency, saving time and money for public and private ins- to easily seek foreign funding and sell products safely and
titutions. Estonia estimates that its e-governance processes securely to customers across borders. This ease of transac-
save more than 1,400 years of working time annually, as 99 tions promises to boost regional commerce and improve in-
percent of government services are available online twenty- ternational competitiveness for countries with such systems.
four hours a day.17 This access streamlines organizational

ATLANTIC COUNCIL 8
 Exploring the global digital ID landscape

Limitations of digital identities

While digital identity systems offer numerous benefits, seve- government services, financial institutions, healthcare pro-
ral technical, political, and social limitations still hinder their viders, and other critical sectors. There’s a fundamental ten-
adoption and effectiveness. sion between the efficiency these systems promise and the
potential for systemic privacy erosion. The main problem is
Technical limitations the balance between making things efficient and protecting
Digital ID systems often target specific services and plat- personal privacy. These systems promise to simplify our li-
forms and are frequently developed in silos, creating intero- ves, but they can also take away our freedom to keep parts
perability problems. Not only do bespoke systems present of our lives private.
interoperability challenges within local systems, but they
also create limitations for collaboration across governments. Political limitations
The absence of unified infrastructure and common dataset Governments play a crucial role in shaping environments for
architectures makes it difficult for partnerships across ser- digital ID systems to meet the needs of their users. Several
vices, sectors, and jurisdictions. Worse, the varied techno- national and political factors of poorly designed state sys-
logical infrastructure, data-collection methods, and standard tems may prevent digital ID frameworks from providing their
limitations can lead to security gaps and reduced reliability intended services to the public.
within systems. A successful digital ID system must be built atop an effective
Cybersecurity vulnerabilities also present their own set of national regulatory framework, providing sufficient oversight,
risks to digital ID systems. The centralized nature of some transparency, and stakeholder engagement. However, the
of these massive databases makes for attractive targets for rapidly evolving nature of modern technologies challenges
cyberattacks. Data breaches can expose large amounts of legislators’ abilities to keep pace with effective governance,
sensitive, personal information, which can lead to identity and many countries lack sufficient regulatory frameworks
theft, financial fraud, and other privacy violations. Moreover, for consumer protection and accessibility. The lack of suffi-
emerging technologies such as artificial intelligence and ma- cient data privacy rules may inhibit the integration of digital
chine learning are creating further cybersecurity liabilities, IDs, as potential users believe their data would be exposed
as advanced deepfake techniques and social-engineering to theft and exploitation. Additionally, an absence of cyber-
strategies present new avenues to bypass traditional iden- security requirements could limit the willingness of organi-
tity-verification methods with alarming precision. As digital zations and individuals to join integrated systems, where
identity systems become increasingly interconnected and their data may be exposed at different levels across multiple
comprehensive, the stakes of a single security breach es- systems. Furthermore, weak requirements for accessibility
calate dramatically—a successful intrusion could now ex- could limit digital inclusion of all populations, further isola-
pose extensive personal data across multiple platforms and ting and marginalizing disadvantaged and rural populations.
services. Another technical limitation of digital ID systems is Digital ID systems are built on trust, and a lack of sufficient
accessibility. Rural and developing regions may be limited regulatory structures can prevent that trust from taking root.
by the digital infrastructure available to develop, utilize, and Limited adherence to technical standards can also prevent
maintain these systems, so these e-government programs the development of an effective system at the national level.
run the risk of systematically excluding populations with res- Standards from the International Organization for Standardi-
tricted digital access. zation, like ISO 18013-5 (for driving licenses), can establish
As a result of limited digital infrastructure, particularly in de- common baselines for system design and use, but many go-
veloping regions, public trust concerns over privacy and data vernments do not take sufficient measures to incentivize or
control have become significant. The technical challenges mandate their adoption. The lack of adherence to a shared
of maintaining secure, reliable identity systems across areas technical framework can prevent sufficient interoperability,
with spotty telecommunications coverage and frequent result in uncertain levels of cybersecurity and data privacy,
power outages undermine citizens’ confidence in these pro- and significantly complicate the process of updating and
grams. Even in places like rural India, where Aadhaar has modernizing outdated systems. Critically, this results in a
been implemented, inadequate digital infrastructure leads disjointed system that is challenging and opaque for users,
to authentication failures that prevent people from acces- limiting their understanding of and trust in the system.
sing essential services, eroding trust in the system. Without
addressing these fundamental infrastructure gaps, govern- International coordination
ments will continue facing skepticism from citizens who While international standards exist, global adoption remains
experience digital ID systems as dysfunctional rather than uncoordinated. Digital IDs present a complex landscape
enablers of efficient, trusted services. of geopolitical risks, and without the implementation of
Privacy risks stretch beyond simple data collection to the consistent international standards, the centralization of per-
potential for comprehensive personal profiling and unin- sonal data around the world poses significant potential for
tended data sharing. Many digital identity systems link mul- control, surveillance, and human rights abuses. In October
tiple databases, creating the potential for creating digital 2023, the United Nations Development Programme (UNDP)
profiles that can track an individual’s interactions across released its Model Governance Framework for Digital Le-
gal Identity System.19 The model was created as a resource

ATLANTIC COUNCIL 9
Exploring the global digital ID landscape

for government and civil-society actors aimed at developing Potential users may lack a clear understanding of the be-
rights-based, inclusive digital ID systems. In addition to UN- nefits of enrolling in and utilizing government-owned digi-
DP’s framework, the Organization for Economic Co-operation tal ID systems, and this lack of understanding further limits
and Development (OECD) released its Recommendation of public-private trust. Historically, individuals have exhibited a
the Council on the Governance of Digital Identity in August greater willingness to entrust “big tech” firms with their data,
2023.20 Similarly, the recommendation aims to ensure that in large part due to the tangible benefits offered by those
digital identity is reliable, secure, and accessible, and that it companies. Users may feel inclined to skim or blindly agree
respects human rights and democratic values. While these to lengthy privacy policies required for online media or com-
initiatives are valuable, they have limitations as insufficient merce services due to their expectation for rapid gratifica-
governance frameworks, including the lack of enforcement tion from their products. The benefits of sharing personal
mechanisms, concrete guidance on balancing privacy pro- data with the government, however, may not necessarily ap-
tections, guidelines for cross-border interoperability, and re- pear as clear, so citizens may be less likely to volunteer their
gulation on public-private partnerships. data to state-run databases.
Moreover, the global implementation of digital ID systems Moreover, the collection of biometric data presents risks to
can create geopolitical tensions as countries with various security, equality, and public trust. Biometric measurement
privacy standards might be encouraged to adopt regulations systems, while advanced, can be compromised by malicious
that fundamentally challenge their sovereign approaches actors, and the features they use to verify identities cannot
to personal data and human rights. Thus, the enforcement be changed like usernames or passwords. Once exposed,
of robust international guidelines that consider sovereign these fundamentally personal details can be repeatedly
norms but also ensure safe and responsible use of digital ID exploited. Furthermore, facial recognition technologies de-
systems is crucial to widespread adoption. monstrate significant error rates, particularly for margina-
lized populations, leading to potential misidentification and
Social limitations systemic discrimination. Algorithmic biases in biometric col-
In addition to necessity and usability, the adoption of digital lection run the risk of widening privilege gaps, enabling easy
ID systems is fundamentally limited by public trust. The user access for some while creating artificial barriers for others.
must believe that they will gain the benefits offered by the Digital ID systems built on biometric recognition can enable
system while remaining protected by specific design and re- unprecedented government and institutional surveillance,
gulatory measures. transforming identity verification mechanisms into tools for
social control, used by authoritarian regimes to track, moni-
Most immediately, community-level concerns over surveil-
tor, and suppress their citizens.
lance and privacy violations prevent users from opting into
the systems. Personal data will not be voluntarily given up if Finally, digitizing personal identities can create many
there is no trust in the system, and if governments are not risks for marginalized communities. Systematic exclusion
transparent about the mechanisms used for the collection, exists for refugees and migrants who have limited or no
storing, and handling of personal data, misinformation can documentation. There are technological access disparities
further generate public trust concerns. Digital education is in the form of limited infrastructure in underserved
a critical component of building this trust, giving individuals communities, inadequate digital literacy education, and
the ability to understand how their data is used and equip- economic barriers to technology access. In addition to
ping them with skills to mitigate misinformation and disinfor- identification and technological challenges, communities
mation. Regional and generational disparities in digital skill may face discrimination in the form of biometric verification
levels can complicate public outreach efforts, so countries failures, such as algorithmic biases and systematic profiling.
with large digital divides and older populations may struggle These risks could increase social marginalization and
to build trust with their users. inequities across many communities.

ATLANTIC COUNCIL 10
 Exploring the global digital ID landscape

Recommendations for design and implementation

Despite these challenges, existing digital identity systems in world retain the advantage in talent and capacity for develo-
economies at different stages of development demonstrate ping digital systems, but policymakers must still shape per-
the real potential for such projects to improve modern socie- missive conditions for that development and ensure systems
ties. However, governments, private firms, and civil society are designed in alignment with societal priorities and values.
organizations must take several deliberate steps to fully ma- Governments should establish sufficient financial incentives,
terialize the benefits of these systems. such as grant programs for standards compliance, and esta-
blish legal protections for digital identity firms. They should
Governments also prioritize the interests of intended users, requiring legal
The role of governments is to implement a regulatory protections for their rights and opportunities for feedback.
framework that accepts and legally recognizes digital IDs These integrated partnerships can be used to accelerate
through incentives and penalties that can be enforced for the proliferation of safe and ethical digital identity systems.
all actors in the system. Public entities must approach each
digital identity project with a user-first mindset, designing Private sector
their systems around the needs, priorities, and concerns of Companies must also adopt a user-first approach, both
intended individual and organizational customers. Identity prioritizing the needs and recognizing the abilities of their
databases and applications must be built to enable or im- intended customers. Firms should engage with private in-
prove specific services for the entirety of the public, establi- dividuals to ensure they understand the public’s perspec-
shing clear incentives for adoption. Associated IAMs must tives on digitizing identity and the spectrum of digital literacy
be designed specifically to preserve and protect user data, skills. They should design their systems with data security as
provide full data sovereignty to intended customers, and im- the top priority, leveraging PETs and blockchain techniques
plement strict redress mechanisms to prevent and remedy to protect user information and maximize data sovereignty.
data breaches. Registration and usage interfaces must be They should also employ data minimization principles, limi-
accessible and understandable to ensure systems are ac- ting access to and transfer of sensitive data to only those
cessible to the widest possible audience. Furthermore, po- qualified and necessary to provide essential services. Fur-
licymakers should establish regular public engagement and thermore, companies should prioritize accessibility, maximi-
feedback mechanisms to provide users with the ability to zing opportunities for all citizens to enroll in and utilize digital
ensure new systems meet their needs. identity ecosystems.
Governments must ensure interoperability between agen- Private firms must design their systems to maximize trans-
cy applications to break down silos and expand usage parency for intended stakeholders. Users must understand
across public services. This process begins with the establi- who has access to each element of their identity, what that
shment and adherence to standards for data management data can be used for, and how it is stored and transferred in
and usage. From these standards, Governments must also the identity-management process. Agencies and institutions
craft a baseline digital public infrastructure stack, such as using digital identity must know where the information comes
the India Stack, aligning approaches from common iden- from to trust its source and verify its authenticity. Governments
tity, payment, and data-transfer architectures.21 With these must have oversight of each step in the data custody chain to
frameworks in place, individual organizations can design confirm the protection of their citizens’ information and provi-
bespoke applications to meet their individual needs. de guidance to maximize adoption and improve public trust.
Identity frameworks must be tailored to local needs, consi- Such an open process would help incentivize participation to
dering the unique socioeconomic requirements of their increase and accelerate access to services.
populations. One of the primary reasons citizens will adopt
Civil society
a digital identity is that it makes their interactions with the
public and private sectors easier. If there is no benefit to Organizations in the space between the public and private
the end user, this can be a major block to adoption. Hybrid sectors must work to educate the public on the promise
analog and digital systems should be integrated, such as in of digital identity systems, clearly articulating their benefits
Estonia’s e-ID ecosystem, to ensure customer access across while addressing their risks. Nonprofit organizations should
connectivity and digital literacy spectrums.22 Public officials work to identify local perspectives, address knowledge
must expand in-person registration opportunities, particu- gaps, and correct misperceptions regarding digital identi-
larly to areas of low broadband coverage, via regional sa- ties. These efforts can help create a more informed public,
tellite sites and pop-up offices. They must also recognize better prepared to meaningfully contribute to debates on
and adapt to levels of public trust in institutions. Particularly the design and usage of digital identities.
when operating in cultures with lower faith in government, These teams should also represent user equities through
developers must take an incremental and flexible approach independent advisory roles in the development of identity
to integrating their systems, clearly demonstrating benefits, frameworks. Civil society groups provide the unique ability
acknowledging challenges, and responding directly to pu- to leverage the combined expertise of thought leaders in
blic concerns and feedback with real changes. academia and industry while remaining intellectually inde-
Finally, government officials must design public-private pendent. Organizations can then contribute these perspec-
partnerships to leverage commercial expertise for their tives to critical conversations via their access to policyma-
identity frameworks. Technology companies around the kers and networks of subject matter experts.

ATLANTIC COUNCIL 11
Exploring the global digital ID landscape

Case studies
Estonia tem will protect their data and successfully deliver on its pro-
mises. Estonia’s e-ID currently serves as the gold standard
Estonia presents itself as a unique but crucial use case for
for safe, secure, and effective digital ID systems.
understanding the development and adoption of digital ID
systems. Now considered one of the most digitized, trans- India
parent, and least corrupt countries in the world ,23 Estonia
Launched in 2009 by India’s Unique Identification Authority
took a new path to digitizing its society. With a population of
(UIDAI),33 Aadhaar is the world’s largest digital ID program
only 1.3 million,24 the goal for Estonia’s centralized digital ID
with over 1.3 billion enrollees as of September 2023. The
system was to provide services to all citizens, not only those
system assigns a unique twelve-digit number linked to bio-
fully integrated into digital society. Introduced in 2002, e-ID
metric and demographic data. UIDAI partnered with private
has now operated successfully for more than twenty years.25
companies to establish enrollment centers nationwide, re-
The e-ID data kept by the Estonian government is distributed
gistering 600 million Indians in the first five years,34 while
across interoperable databases and connects almost 700
also preventing duplicates through biometric verification.
organizations and public-sector entities26 to avoid a single
contact point. The data is also decentralized and backed up Aadhaar has been transformational for marginalized Indians
through a data embassy,27 a data center located in Luxem- who previously lacked formal documentation. Before the
bourg under the “Tier 4” level of security—the highest level program, many rural Indians couldn’t leave their villages,
for data centers. Established in 2017, this Estonian-owned rent housing, or open bank accounts due to missing iden-
data center located outside its territorial borders has the tity papers—over a third lacked birth certificates before
same rights as a physical embassy, such as immunity. This 2010.35 Aadhaar, which translates to “base” or “foundation”
innovative concept of duplicative and distributed data limits in English, at its core was developed as a foundation for the
the impact of a potential data breach and is secured against improvement of economic and social lives of Indians.36 As
spoofing attacks with blockchain technology. of 2023, more than 93 percent of the population is registe-
red,37 with Aadhaar serving as the foundation for economic
Estonia’s Identity Documents Act requires all residents to
and social participation.
have a digital ID (e-ID), mandatory at age fifteen. The e-ID
uses two personal identification numbers—one for identity The Aadhaar system provides a model for other developing
verification and one for legally binding e-signatures—and countries seeking to adopt a similar digital identity system.
integrates with banking (nearly 99 percent28 of Estonian Contrasting with other systems, which primarily focus on digi-
banking is online), loyalty programs, and health insurance. tal authentication, the Aadhaar system is primarily designed
This comprehensive system earned Estonia a 74.2 percent as a tool for social inclusion. Millions of underprivileged In-
score29 on the OECD’s 2023 Digital Government Index, well dians now receive benefits and subsidies directly because
above the 60.5 percent average. of welfare programs linked to Aadhaar.38 However, Aadhar
has also faced criticism for further marginalizing populations
However, Estonia’s e-ID has attracted criticism. A 2017 se-
in rural and remote areas due to unreliable internet connec-
curity lapse signaled the risk of reliance on the technology,
tivity, electricity blackouts, and faulty biometric scanners at
resulting in the Estonian government removing security ac-
service delivery points.
cess for almost 800,000 affected identity cards. Users were
forced to update their digital security certificates and while Nevertheless, Aadhaar has integrated the unbanked into the
there was no known data theft, the security flaw had the po- formal financial system, allowing more than 523 million bank
tential to expose a citizen’s full identity, allowing bad actors accounts to be opened.39 The program does face significant
to access hundreds of public- and private-sector services. security challenges: In November 2017, more than 200 offi-
This incident raised concerns around Estonia’s reliance on cial government websites40 accidentally exposed 130 million
e-ID and the severe consequences of a data breach. Aadhaar numbers and personal data.41 This security flaw is
not unique—app-based errors, third-party leaks, and dupli-
Estonia also launched e-Residency in 2014,30 offering trans-
cate Aadhaar cards are just some of the criticisms of India’s
national digital identity verification to access EU business
Aadhaar program.
services online. This has created an attractive ecosystem to
start and run location-independent EU companies entirely In response to these criticisms, the UIDAI released a two-tier
online, expanding market access for companies. The pro- security system42 in 2018 to increase the privacy and security
gram generated €31 million31 for Estonia’s economy in the of Aadhaar numbers. The measure introduced a temporary
first half of 2024 alone, with over 120,000 e-residents and sixteen-digit number, the virtual ID, for every Aadhaar user
33,000 companies by the end of 2024. that allows authentication without using their actual twelve-
digit number. In addition to the virtual ID, the creation of
Estonia’s success is largely due to the country’s high level
a “limited know-your-customer (KYC) service” prevents
of digital literacy, as the government has mandated techno-
agencies from collecting Aadhaar numbers. More recently, to
logy and computer skills be taught in schools from an early
better secure biometric authentication processes, the UIDAI
age.32 This ensures that citizens understand how to access
launched an AI-enabled mechanism in 2023,43 enabling
e-services—including filing taxes, voting in federal elections,
more comprehensive fingerprint verification. The security
viewing healthcare records—and that they trust that the sys-

ATLANTIC COUNCIL 12
 Exploring the global digital ID landscape

method confirms the liveness of the collected fingerprint, not be collected without means of privacy protection.
reducing the potential for spoofing attempts. Following Through partnerships like those with Estonia, African
years of negotiations, India passed its first cross-sectoral countries can simultaneously develop robust infrastructure
law on personal data protection,44 the Digital Personal Data and regulations to increase both adoption rates and
Protection Act, in 2023. The act requires individual consent continental interoperability.
prior to the processing of personal data and provides the
user with “the right to access, correct, update, and erase EU eIDAS
their data.” However, the law lacks a strong regulator Implemented in 2014, the European Union’s Electronic
and exempts the government from privacy regulations, Identification, Authentication and Trust Services (eIDAS)
undermining its effectiveness. regulation52 creates a standardized, secure, and interoperable
Despite criticisms, Aadhaar demonstrates successful large- framework for digital identification and transactions across
scale digital ID implementation in communities with limited EU member states. eIDAS aims to eliminate digital barriers
digital integration, revolutionizing e-government access for between countries and facilitate seamless cross-border
marginalized populations while highlighting the need for ro- digital interactions for citizens, businesses, and government
bust security frameworks and comprehensive regulations. entities.
The latest update, eIDAS 2.0,53 addresses accelerated tech-
African Union nological innovation and the shift toward digital-service de-
African Union member countries agree45 that an interope- livery by introducing the European Digital Identity Wallet.54
rable digital ID is essential for the smooth movement of With the aim of simplifying verification processes, eIDAS 2.0
people, goods, and services across the continent. However, also highlights interoperability among member states for a
effective data-privacy frameworks must be established first consistent digital market. The EU Digital Wallet Consortium
to protect user data and build public trust. is a public-private joint venture55 focused on leveraging the
The rollout of Kenya’s digital ID, the Maisha Namba, has benefits of this wallet. Member states must fully implement
been halted numerous times46 due to its noncompliance digital identity wallets by 2026, adhering to the existing eI-
with the country’ Data Protection Act of 2019. Critics argued DAS guidelines.
the Maisha Namba was unconstitutional and posed potential Unlike India’s centralized Aadhaar system, eIDAS establi-
human rights violations.47 Though the ban was lifted in Au- shes a collaborative framework where each member state
gust 2024, the legal battle created a backlog affecting more develops its own electronic identification systems while
than a million applicants and demonstrates the crucial role ensuring mutual recognition and compatibility. Citizens can
data-protection frameworks play in digital ID adoption. use their national digital identities to access public services
South Africa exemplifies a better approach by revising iden- in other EU countries such as remotely submitting tax de-
tification laws while developing its digital ID. The draft Natio- clarations, enrolling in universities, opening bank accounts,
nal Identification and Registration Bill of 2022 aims “to esta- and completing administrative procedures. For businesses,
blish a single, inclusive and integrated national identification the regulation simplifies cross-border digital transactions
system for South Africa applicable to citizens, residents and through consistent legal frameworks for electronic identifi-
foreigners,”48 while ensuring third-party data sharing com- cation and trust services. Furthermore, the European Digital
plies with the Protection of Personal Information Act of 2013. Identity Wallet will harmonize standards and processes, re-
However, frameworks must be developed with interopera- duce costs, and enhance security and privacy protections
bility in mind, as different national approaches create both across the EU, promoting digital innovation and economic
technical and governance challenges across the continent. integration.

In an effort to increase technical and legal interoperability United States

across Africa, Estonia has partnered with countries on nu- While the United States lacks a national digital identity pro-
merous cooperative initiatives. The opening of Enterprise gram, a growing number of states are embracing mobile dri-
Estonia’s trade office49 in Kenya facilitates investment by Es- ver’s licenses (mDLs). Louisiana introduced the first digital
tonian companies in the nation’s public and private sectors. ID in the United States in 2018, enrolling 66 percent of eli-
In Namibia, Cybernteica, an Estonian information technology gible adults by 2023.56 By August 2024, fifteen states and
company, has partnered with the Namibian government50 to Puerto Rico had mDL programs, with eleven more states and
implement the Nan-X system, enabling e-government capa- Washington, DC planning similar initiatives. Current uses are
bilities and interoperability. Namibia is developing its techni- limited to select identification processes and Transporta-
cal infrastructure first, which will make it easier to share data tion Security Administration verification at certain airports,
across ministries, agencies, and departments, as well as with though states plan expanded applications in travel, banking,
the private sector—enabling interoperability. In terms of Na- and government services. With the enforcement of the REAL
mibia’s laws, the draft Data Protection Bill51 aims to serve as ID beginning on May 7, 2025, four states have received
the first comprehensive data privacy legislation. wavers for their mDLs, authorizing residents of those states
The primary barriers to wider digital ID adoption across to continue to use their mDLs at participating airports57.
Africa are inadequate digital infrastructure and insufficient The National Institute of Standards and Technology (NIST)
data governance frameworks. Digital ID systems cannot released Digital Identity Guidelines in 2004,58 outlining tech-
operate without proper infrastructure, and user data should nical requirements for federal agencies to employ digital ID

ATLANTIC COUNCIL 13
Exploring the global digital ID landscape

services. However, NIST’s guidelines serve as standards, not These recent efforts to establish federal regulation around
law. Bills aiming to establish a government-wide approach the adoption and use of digital IDs in the United States de-
to digital identity improvement (by creating an Improving Di- monstrate the importance of standards to ensure interope-
gital Identity Task Force within the Executive Office of the rability across the country. Because these mobile driver’s
President) were introduced in the 118th Congress in the US license systems are developed and operated by the private
Senate59 and the House of Representatives.60 The Senate sector, it is critical that the federal government implements
Homeland Security and Governmental Affairs Committee regulation to foster safety and compatibility.
referred an amended bill to the full Senate in 2023; in the
House, the bill was referred to the Committee on Oversight
and Accountability in 2024. Neither version of the Improving
Digital Identity Act received a floor vote. To date, the legisla-
tion has not been reintroduced in the 119th Congress.

ATLANTIC COUNCIL 14
 Exploring the global digital ID landscape

About the authors

Coley Felt is an assistant director at the GeoTech Center where she contributes to projects at the
intersection of geopolitics and emerging technologies. Prior to joining the Atlantic Council, she
earned a master’s degree in global security with a concentration in cybersecurity at Arizona State
University where she researched international technology policy and disinformation. Felt is profi-
cient in Spanish and her areas of interest include artificial intelligence, the Internet of things, and
data ethics.
Felt holds a bachelor’s degree from the University of Washington where she completed undergra-
duate research focused on artificial intelligence and the future of warfare and studied international
relations and Spanish.

Will LaRivee is a resident fellow at the Atlantic Council’s GeoTech Center, where he researches
the interplay between international security issues, global political currents, and the technology
frontier.
Prior to joining the GeoTech Center, LaRivee served as a strategic planner at Headquarters Air
Force, where he managed portfolios for manned and unmanned combat aircraft. He is a graduate
of the Air Force Fighter Weapons School. He has served operational tours flying F-22s in Alaska
and Hawaii, where he integrated joint US capabilities with Indo-Pacific allies and partners.
LaRivee holds a master of arts in security studies from Georgetown University’s School of Foreign
Service and a bachelor of science in economics from the US Air Force Academy.

About the program director

Raul Brens Jr. is director at the GeoTech Center, part of the Atlantic Council Technology Programs.
In this capacity, he is responsible for directing the center’s research, strategy, program develop-
ment, and policy implementation in science and technology. As a former diplomat, he brings nearly
two decades of combined expertise in science and technology research and policy and internatio-
nal diplomacy. Before joining the Atlantic Council, Brens had a career in academia and the public
sector, focusing on science and technology policy, research, and development, and social- and
health-policy issues.
Brens has made significant contributions to public policy efforts in the United States and Australia,
particularly in projects aimed at assisting vulnerable social groups and employing emerging tech-
nologies to combat climate change and tackle other societal challenges. He previously served as
an international affairs advisor to the under secretary and chief scientist at the US Department of
Agriculture, where he worked on international science and technology research, development,
and research security, focusing on climate and food security issues.
Brens also served as a diplomat at the US Department of State, working on international security,
nuclear nonproliferation, nuclear energy, nuclear cooperation, and management of the nuclear fuel
cycle issues. He has led large-scale projects bridging data divides within the federal, state, and
territory governments of Australia to draw data-driven insights into vulnerable cohorts and improve
service delivery, earning recognition from the United Nations Convention on the Rights of Persons
with Disabilities.
At the outset of his career, Brens conducted interdisciplinary research in earth and atmospheric
sciences as a research scientist. His work included research and development in Australia’s agri-
cultural sector, specifically aimed at mitigating greenhouse gas emissions through the adoption of
cutting-edge technologies. Brens is also a former science and technology policy fellow with the
American Association for the Advancement of Science. Alongside his extensive academic achie-
vements, Brens is fluent in Spanish. He holds PhD and MSc degrees in geosciences and geoche-
mistry and a bachelor’s degree with a dual major in earth sciences and history, with a focus on
international relations.

ATLANTIC COUNCIL 15
Exploring the global digital ID landscape

Endnotes
1 Juanita Blue, Joan Condell, and Tom Lunney, “A Review of Identity, Identification and Authentication,” International Jour-
nal for Information Security Research 8, no. 2 (2018): 795, https://infonomics-society.org/wp-content/uploads/ijisr/publi-
shed-papers/volume-8-2018/A-Review-of-Identity-Identification-and-Authentication.pdf.
2 Jean-Marc Seigneur and Tewfiq El Maliki, “Chapter 17 – Identity Management,” in Computer and Information Security
Handbook, ed. John Vacca (Morgan Kaufman, 2009), 269–292, https://doi.org/10.1016/B978-0-12-374354-1.00017-0.
3 Blue, Condell, and Lunney, “A Review of Identity,” 799.
4 “E-file Options to File Your Return,” US Internal Revenue Service, last modified October 28, 2024, https://www.irs.gov/filing/
e-file-options; and “America’s Seed Fund,” US Small Business Administration, https://www.sbir.gov/.
5 “The Failed Launch of www.HealthCare.gov,” Harvard Business School, November 18, 2016, https://d3.harvard.edu/plat-
form-rctom/submission/the-failed-launch-of-www-healthcare-gov/.
6 “Marketplace 2024 Open Enrollment Period Report: Final National Snapshot,” Centers for Medicare & Medicaid Services,
January 24, 2024, https://www.cms.gov/newsroom/fact-sheets/marketplace-2024-open-enrollment-period-report-final-natio-
nal-snapshot.
7 Paula Algarra et al., “How Digital Technology Can Delivery Government Services More Cost Effectively,” Inter-American
Development Bank, March 30, 2023, https://blogs.iadb.org/ideas-matter/en/how-digital-technology-can-deliver-govern-
ment-services-more-cost-effectively/.
8 “Mobile Driver License,” American Association of Motor Vehicle Administrators, https://www.aamva.org/topics/mobile-dri-
ver-license#?wst=d5a5f5751f7474b62a5bb2b374692b61.
9 “e-Identity,” e-Estonia, Accessed November 2024, https://e-estonia.com/solutions/estonian-e-identity/id-card/.
10 “e-Identity,” e-Estonia.
11 “About Us,” Id.me, Accessed November 2024, https://id.me/.
12 “Identification for Development Global Dataset,” World Bank, Accessed November 2024, https://id4d.worldbank.org/glo-
bal-dataset.
13 “Digital ID to Unlock Africa’s Economic Value if Fully Implemented, Say Experts,” United Nations Economic Commission for
Africa, February 20, 2024, https://www.uneca.org/stories/digital-id-to-unlock-africa%E2%80%99s-economic-value-if-fully-im-
plemented%2C-say-experts.
14 “I Am a Resident Foreign National, Can I Enroll for Aadhaar?,” Unique Identification Authority of India, Accessed November
2024, https://uidai.gov.in/en/circulars-memorandums-notification/296-english-uk/faqs/enrolment-update/aadhaar-enrol-
ment-process/16483-i-am-resident-foreign-national-can-i-enrol-for-aadhaar.html.
15 “What is Data Minimization and Why is it Important?,” Kiteworks, Accessed June 23, 2025, https://www.kiteworks.com/
risk-compliance-glossary/data-minimization/
16 “Emerging Privacy-enhancing Technologies,” Organisation for Economic Co-operation and Development (OECD), March 8,
2023, https://www.oecd.org/en/publications/emerging-privacy-enhancing-technologies_bf121be4-en.html.
17 “e-Governance,” e-Estonia, Accessed November 2024, https://e-estonia.com/solutions/e-governance/government-cloud/.
18 “European Digital Identity,” European Commission, Accessed November 2024, https://commission.europa.eu/strate-
gy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en.
19 “UNDP Model Governance Framework for Digital Legal Identity System,” United Nations Development Programme Digital
Legal ID Governance4ID, in collaboration with Norwegian Ministry of Foreign Affairs, (Accessed November 2024), https://
www.governance4id.org/.
20 OECD, Recommendation of the Council on the Governance of Digital Identity, OECD/LEGAL/0491, Accessed November
2024, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0491.
21 Sreevas Sahasranamam and Jaideep Prabhu, “Digital Public Infrastructure in the Developing World,” Stanford Social Innova-
tion Review, March 25, 2024, https://ssir.org/articles/entry/digital-public-infrastructure-developing-world.
22 “Estonia among the Least Corrupt Countries, Rising to 12th Position Globally: Report,” Invest in Estonia, e-Estonia, March
2024, https://investinestonia.com/estonia-among-the-least-corrupt-countries-rising-to-12th-position-globally-report/.
23 “Estonia among the Least Corrupt,” Invest in Estonia.
24 “Estonia: Population, Demographic Situation, Languages, and Religions in Estonia,” Eurydice (network), European Commis-
sion, July 15, 2024, https://eurydice.eacea.ec.europa.eu/national-education-systems/estonia/population-demographic-situa-
tion-languages-and-religions.
25 “e-Identity: Estonia’s e-ID: The Cornerstone of a Seamless Digital Society,” e-Estonia, (Accessed October 2024., https://e-es-
tonia.com/solutions/estonian-e-identity/id-card/.
26 Jake Maxwell Watts, “One Country’s Uber-Convenient, Incredibly Invasive Digital ID System,” Wall Street Journal, May 9,
2019, https://www.wsj.com/articles/the-digitization-of-your-identity-11557403060.
27 “e-Governance: Data Embassy,” e-Estonia, Accessed November 2024, https://e-estonia.com/solutions/e-governance/da-
ta-embassy/.

ATLANTIC COUNCIL 16
 Exploring the global digital ID landscape

28 “Estonia Country Commercial Guide,” US Department of Commerce, March 15, 2024, https://www.trade.gov/country-com-
mercial-guides/estonia-market-overview.
29 “Estonia among the Best Countries to Provide Digital Public Services according to the OECD,” e-Estonia, January 31, 2024,
https://e-estonia.com/estonia-among-the-best-countries-to-provide-digital-public-services-according-to-the-oecd/.
30 “e:Identity: e-Residency,” e-Estonia, Accessed October 2024, https://e-estonia.com/solutions/estonian-e-identity/e-residen-
cy/.
31 Sten Hankewitz, “Estonian e-residents Contribute Millions to the Economy,” Estonian World, June 3, 2024, https://esto-
nianworld.com/business/estonian-e-residents-contribute-millions-to-the-economy/.
32 “Estonia: The Most Advanced Digital Society in the World,” Global Ties KC, April 25, 2024, https://globaltieskc.org/estonia-
the-most-advanced-digital-society-in-the-world/.
33 Billy Perrigo, “India’s Supreme Court Rules Aadhaar Is Constitutional,” Time, September 28, 2018, https://time.com/5409604/
india-aadhaar-supreme-court/.
34 Michael Totty, “Addressing Its Lack of an ID System, India Registers 1.2 Billion in a Decade,” Research Brief, UCLA Anderson
School of Management, April 13, 2022, https://anderson-review.ucla.edu/addressing-its-lack-of-an-id-system-india-registers-
1-2-billion-in-a-decade/.
35 Michael Totty.
36 Ted O’Callahan, “What Happens When a Billion Identities Are Digitized?,” Faculty Viewpoints: K. Sudhir and Shyam Sunder,
Yale Insights, March 27, 2020, https://insights.som.yale.edu/insights/what-happens-when-billion-identities-are-digitized.
37 Manya Rathore, “Share of Population Covered under Aadhaar in India as of Financial Year 2018 to 2023,” Statista, July 24,
2024, https://www.statista.com/statistics/1170678/india-share-of-population-covered-under-aadhaar/#:~:text=As%20of%20
financial%20year%202023,to%20all%20across%20the%20country.
38 India’s Ministry of Electronics & IT underscored that “Aadhaar has been a powerful tool in bringing people into the formal
financial system.” See Press Release 2067940, Press Information Bureau, Government of India, October 24, 2024, https://
pib.gov.in/PressReleasePage.aspx?PRID=2067940#:~:text=Aadhaar%20has%20been%20a%20powerful,into%20the%20
formal%20financial%20system.
39 Press Release 2067940, Press Information Bureau, Government of India.
40 “Over 200 Govt Websites Made Aadhaar Details Public: UIDAI,” Times of India, November 19, 2017, https://timesofindia.india-
times.com/india/210-govt-websites-made-public-aadhaar-details-uidai/articleshow/61711303.cms.
41 Tech2 News Staff, “130 Mn Aadhaar Numbers Were Not Leaked, They Were Treated as Publicly Shareable Data: CIS,”
Firstpost, May 3, 2017, https://www.firstpost.com/tech/news-analysis/130-mn-aadhaar-numbers-were-not-leaked-they-were-
treated-as-publicly-shareable-data-cis-3702187.html.
42 Anuj Srivas, “Data Breaches, Leaks: UIDAI Rolls out New Security Measures,” Wire, January 10, 2018, https://thewire.in/tech/
data-breaches-leaks-uidai-rolls-new-security-measures.
43 Sneha Kulkarni, “Aadhaar Authentication to Become More Secure with New System; Know Details,” Economic Times, last
updated March 1, 2023, https://economictimes.indiatimes.com/wealth/save/aadhaar-authentication-to-become-more-secure-
with-new-system-know-details/articleshow/98324038.cms?from=mdr#google_vignette.
44 Anirudh Burman, “Understanding India’s New Data Protection Law,” Paper, Carnegie Endowment for International Peace,
October 3, 2023, https://carnegieendowment.org/research/2023/10/understanding-indias-new-data-protection-law?lang=en.
45 African Union, Interoperability Framework for Digital Identity in Africa, African Union, February 2022, https://au.int/sites/de-
fault/files/documents/43393-doc-AU_Interoperability_framework_for_D_ID_English.pdf.
46 Chris Burt, “Kenyan High Court Pauses National Digital ID for Third Time in 4 Years,” Biometric Update, July 25, 2024, https://
www.biometricupdate.com/202407/kenyan-high-court-pauses-national-digital-id-for-third-time-in-4-years.
47 Ayang Macdonald, “Kenya’s Digital ID Delivery Back On; Court Sets Aside Latest Injunction,” Biometric Update, August 13,
2024, https://www.biometricupdate.com/202408/kenyas-digital-id-delivery-back-on-court-sets-aside-latest-injunction.
48 Melody Musoni, Ennatu Domingo, and Elvis Ogah, Digital ID Systems in Africa, ECDPM Discussion Paper 360, European
Centre for Development Policy Management, December 2023, https://ecdpm.org/application/files/5517/0254/4789/Digi-
tal-ID-systems-in-Africa-ECDPM-Discussion-Paper-360-2023.pdf.
49 Kevin Rotich, “Estonia Opens Trade Office in Nairobi with 8 Firms,” Capital Business (Kenya), April 14, 2023, https://www.
capitalfm.co.ke/business/2023/04/estonia-opens-trade-office-in-nairobi-with-8-firms/.
50 “Estonia’s Thriving Digital Partnership with Africa,” e-Estonia, July 10, 2023, https://e-estonia.com/estonias-thriving-digi-
tal-partnership-with-africa/.
51 “Data Protection Laws in Namibia,” DLA Piper, 2025, https://www.dlapiperdataprotection.com/index.ht-
ml?t=law&c=NA#:~:text=freedoms%20of%20others.-,Save%20for%20the%20constitutional%20right%20to%20priva-
cy%2C%20Namibia%20has%20not,and%20for%20matters%20connected%20therewith.
52 “eIDAS Regulation,” European Commission, last updated May 5, 2025, https://digital-strategy.ec.europa.eu/en/policies/ei-
das-regulation.
53 “eIDAS 2.0: A Beginner’s Guide,” Dock.io, June 9, 2025, https://www.dock.io/post/eidas-2.
54 “EU Digital Identity Wallet Home,” European Commission, Accessed October 2024,, https://ec.europa.eu/digital-buil-
ding-blocks/sites/display/EUDIGITALIDENTITYWALLET/EU+Digital+Identity+Wallet+Home.

ATLANTIC COUNCIL 17
Exploring the global digital ID landscape

55 “Members”, European Wallet Consortium, Accessed June 23, 2025, https://eudiwalletconsortium.org/about-us/members/

56 “Mobile Driver’s Licenses (MDL) State Adoption,” IDScan.net, Accessed November 2024, https://idscan.net/mobile-drivers-li-
censes-mdl-state-adoption/?srsltid=AfmBOooTmfS5RCAaBxqcZ-TvY8Edog6vppp4trABtA1UmShfNIdK3CJY.
57 “REAL ID Mobile Driver’s Licenses (mDLs),” Transportation Security Administration, Accessed June 23, 2025, https://www.
tsa.gov/real-id/real-id-mobile-drivers-license-mdls
58 Ash Johnson, “Path to Digital Identity in the United States,” Information Technology and Innovation Foundation, September
23, 2024, https://itif.org/publications/2024/09/23/path-to-digital-identity-in-the-united-states/.
59 Improving Digital Identity Act of 2023, S. 884, 118th Cong., https://www.congress.gov/bill/118th-congress/senate-bill/884/text.
60 Improving Digital Identity Act of 2024, H.R. 9783, 118th Cong., https://www.govtrack.us/congress/bills/118/hr9783.

ATLANTIC COUNCIL 18
Atlantic Council Board of Directors

CHAIRMAN *Paula J. Dobriansky William Marron *Gil Tenzer

*John F.W. Rogers Joseph F. Dunford, Jr. Roger Martella *Frances F. Townsend
Richard Edelman Gerardo Mato Clyde C. Tuggle
EXECUTIVE CHAIRMAN
EMERITUS Stuart E. Eizenstat Erin L. McGrain Francesco G. Valente
*James L. Jones Tara Engel John M. McHugh Melanne Verveer
Mark T. Esper *Judith A. Miller Tyson Voelkel
PRESIDENT AND CEO
Christopher W.K. Fetzer Dariusz Mioduski Kemba Walden
*Frederick Kempe
*Michael Fisch *Richard L. Morningstar Michael F. Walsh
EXECUTIVE VICE CHAIRS Alan H. Fleischmann Georgette Mosbacher Ronald Weiser
*Adrienne Arsht Jendayi E. Frazer Majida Mourad *Al Williams
*Stephen J. Hadley *Meg Gentle Virginia A. Mulberger Ben Wilson
VICE CHAIRS Thomas Glocer Mary Claire Murphy Maciej Witucki
*Robert J. Abernethy John B. Goodman Julia Nesheiwat Neal S. Wolin
*Alexander V. Mirtchev Sherri W. Goodman Edward J. Newberry Tod D. Wolters
Marcel Grisnigt Franco Nuschese *Jenny Wood
TREASURER Jarosław Grzesiak *Ahmet Ören Alan Yang
*George Lund Murathan Günal Ana Palacio Guang Yang
DIRECTORS Michael V. Hayden *Kostas Pantazopoulos Mary C. Yates
Stephen Achilles Robin Hayes Alan Pellegrini Dov S. Zakheim
Elliot Ackerman Tim Holt David H. Petraeus
HONORARY DIRECTORS
*Gina F. Adams *Karl Hopkins Elizabeth Frost Pierson
James A. Baker, III
Timothy D. Adams Kay Bailey Hutchison *Lisa Pollina
Robert M. Gates
*Michael Andersson Ian Ihnatowycz Daniel B. Poneman
James N. Mattis
Alain Bejjani Wolfgang Ischinger Robert Portman
Michael G. Mullen
Colleen Bell Deborah Lee James *Dina H. Powell McCormick
Leon E. Panetta
Sarah E. Beshar *Joia M. Johnson Michael Punke
William J. Perry
Karan Bhatia *Safi Kalo Ashraf Qazi
Condoleezza Rice
Stephen Biegun Andre Kelleners Thomas J. Ridge
Horst Teltschik
John Bonsell Brian Kelly Gary Rieschel
William H. Webster
Linden P. Blue John E. Klein Charles O. Rossotti
Brad Bondi Ratko Knežević Harry Sachinis
*Executive Committee
Philip M. Breedlove *C. Jeffrey Knittel Curtis Michael Scaparrotti Members
David L. Caplan Joseph Konzelmann Ivan A. Schlager List as of July 2025
Samantha A. Carl-Yoder Keith J. Krach Rajiv Shah
*Teresa Carlson Franklin D. Kramer Wendy R. Sherman
*James E. Cartwright Laura Lane Gregg Sherrill
John E. Chapoton Almar Latour Jeff Shockey
Ahmed Charai Yann Le Pallec Kris Singh
Melanie Chen Jan M. Lodal Varun Sivaram
Michael Chertoff Douglas Lute Walter Slocombe
*George Chopivsky Jane Holl Lute Christopher Smith
Wesley K. Clark William J. Lynn Clifford Sobel
*Helima Croft Mark Machin Michael S. Steele
Ankit N. Desai Marco Margheri Richard J.A. Steele
Dario Deste Michael A. Margolis Mary Streett
*Lawrence Di Rita Chris Marlin Nader Tavakoli
The Atlantic Council is a nonpartisan organization that ­promotes
constructive US leadership and engagement in ­ international
­affairs based on the central role of the Atlantic community in
­meeting today’s global ­challenges.
© 2025 The Atlantic Council of the United States. All rights reser-
ved. No part of this publication may be reproduced or transmitted
in any form or by any means without permission in writing from
the Atlantic Council, except in the case of brief quotations in news
articles, critical articles, or reviews. Please direct inquiries to:
Atlantic Council
1400 L Street NW, 11th Floor
Washington, DC 20005
(202) 463-7226
www.AtlanticCouncil.org