The internet was originally created to connect computers, not humans. The design choices of the past render today's internet inadequate in safeguarding ethical and democratic values.

User data is collected, owned and managed by a handful of powerful organizations, leading to a reality where your digital identities are defined by what Google knows about you. Meanwhile, trust is broken on the internet - without a thorough background check, nothing can be verified or trusted. Social media platforms have become breeding grounds of misinformation, scams, hate speech and bots.

Self-Sovereign Identity (SSI), or Decentralized Identity, represents a suite of human-centric technologies designed to empower individuals with full control over their digital identities and personal data. Users granularly decide what information they share, allowing them to, for instance, verify their age without exposing their entire ID card. Or proving to landlords that their incomes are sufficient without handing over their bank statements.

The W3C-standardized SSI data model defines a trust relationship involving three key roles: the Issuer, Holder, and Verifier. As an illustration, a government (Issuer) issues a passport (Credential) to a citizen (Holder). Traditionally, when a citizen checks in at a hotel (Verifier), they must physically hand over their passport to the receptionist, who then verifies and copies the passport, which can be time-consuming and susceptible to serious security risks, such as fraud and identity theft. Verifiable Credentials offer a significantly more secure and seamless authentication process.

Several democracies are actively developing VC-based digital credentials to empower their citizens. In alignment with the eiDAS 2 regulation, the European Commission is realizing its vision of a cross-border European Digital Identity for all EU residents in a horizon of 2027.

The European Digital Identity will be available to EU citizens, residents, and businesses who want to identify themselves or provide confirmation of certain personal information. It can be used for both online and offline public and private services across the EU.

Aiming to be compatible with the European Digital Identity, we have already engaged with eiDAS regulators and other professionals in the field. Here is our conversation.

At present, various types of Verifiable Credentials are in development, each carrying its unique advantages and limitations. Balancing the delicate trade-off between security and privacy can be challenging.

In our specific use case, we have made a deliberate choice to partner with Rarimo, which has developed an innovative solution to convert linkable credentials (including Biometric Passports) into unlinkable credentials. It allows for both Selective Disclosure and Issuer Unlinkability.

• Selective Disclosure allows users to select the type and amount of data shared with the Verifiers. For instance, one can verify their age without revealing their name to access a service, aligning with the Data Minimization principle outlined in GDPR.
• Unlinkability separates users’ actions from their identities. There are two layers of unlinkability. Verifier Unlinkability and Issuer Unlinkability. Verifier Unlinkability prevents Verifier-Verifier collusion, but not Verifier-Issuer collusion.