Bond for the Future — A Path to Interoperable Yet Unlinkable Digital Identity

---

mashbean, Yvonne Cho, Frank Wu, Denken Chen 2025-11-13

This is the first public draft of this article; feedback of all kinds is welcome. Please send any comments to mashbean@gmail.com

Table of Content

Chapter 1 | Project Executive Summary

• 1.1 Digital identity control policies — Harm caused in the name of protection
• 1.2 Core proposition: Why does Taiwan need a civil society–led demonstrative backup digital identity? — My small, mountainous, yet potentially scarred hometown
• 1.3 Project Overview: “Prepared Arrival” Initiative
• 1.4 Project Implementation Overview and Objectives

Chapter 2 | Project Overview and Core Proposition (Introduction & Research Problem)

• 2.1 What is digital identity? What constitutes an ideal digital identity system?
• 2.2 Why Taiwan needs a private-sector version of digital identity
• 2.3 Analysis of International Governance Trends for Digital Identity and Privacy-Enhancing Technologies

Chapter 3 | Taiwan Experience Review and Problem Definition (Taiwan Experience & Problem Definition)

• 3.1 The Evolution of Taiwan’s Digital Identity System and Its Democratic Implications
• 3.2 Taiwan’s Digital Identity Crisis: Negative Cases Highlight the Need for Resilient Backup Solutions
• 3.3 Core Problems of the Current System, Limits of the Government Role, and Opportunities for Civil Society

Chapter 4 | Global Cases & Tech Trends

• 4.1 International Case Comparison
• 4.2 Technical inventory and considerations for “Bond for the Future”
• 4.3 The Digital Trust Challenges of Emerging International Technologies
• 4.4 Summary and Recommendations

Chapter 5 | “Bond for the Future”: Civil Digital Identity Backup Proposal

• 5.1 Introducing the features of “Bond for the Future,” redesigning digital identity in the context of Taiwan
• 5.2 Technical Architecture
• 5.3 Use Cases

Chapter 6 | Conclusions and Follow-up Recommendations

• 6.1 “Bond for the Future” as a Resilience Design for Democratic Systems
• 6.2 Recommendations for Government Digital Governance
• 6.3 Advocacy for Civil Society Public Participation
• 6.4 Conclusion

Appendix

• Appendix A | Glossary of Key Terms

---

Chapter 1 | Project Executive Summary

1.1 Digital identity control policies — Harm caused in the name of protection

In response to the anti-fraud needs of digital platforms, the digitization of government services, and increasingly strict regulations worldwide, countries around the world are formulating their own digital identity policies. Some countries are moving toward centralized management, such as India ¹ and China; conversely, influenced by the concept of Self-Sovereign Identity (SSI), regions that emphasize citizen autonomy and privacy, such as the EU, the United States, Japan, and Taiwan, tend to develop user-centric, decentralized digital identity solutions. These policies and related public services or commercial products include Digital Identity Wallets, Verifiable Credentials, Mobile Driver Licenses (mDL), and others.

Under these increasingly stringent cybersecurity and identity verification measures, we must ask: when “protection” is abused, does it instead cause more harm? Kyle Chayka, author of Filterworld: How Algorithms Flattened Culture, in his August 6, 2025 New Yorker column “The Internet Wants to Check Your I.D.” ² , cites the example of the UK women’s forum service “Tea.” The platform, originally designed for women-only registration, was well received and even seen as an effective space for excluding “harassing men”; however, after a data breach, users’ private communications (whispers) were linked to real identities and eventually surfaced on anonymous forums like 4chan, exposing female users to the risk of doxxing.

Kyle further pointed out that as countries begin to require stricter identity verification by law, side effects emerge. Whether it’s the UK’s Online Safety Act, the US’s Kids Online Safety Act, Australia’s ban on social media use for those under 16, or France’s requirement of age verification to access adult sites, these seemingly “enhanced protections” actually force users to hand over more personal data. The result is, on one hand, a sharp increase in VPN usage, reflecting public anxiety about data leaks—people would rather access domestic services via foreign IPs than give up their information. This situation also shows how costly practical control is when internet identity regulation varies across countries. On the other hand, gender-diverse and vulnerable groups worry they will face further exclusion and repression because their digital footprints become tied to their identities—“queer people have already fled Texas and Florida; now you want to link my ID to my adult search history?” ³

At the same time, countries are actively building Digital Public Infrastructure related to digital identity, enabling citizens, civil organizations, and commercial services to access government services more quickly. The intent is benevolent, but putting aside the real-name internet ID system in authoritarian states like China, democracies also face many challenges when shaping digital identity policies. Governments should ensure citizens can enter the digital governance discussion process and prioritize setting the right ordering and high-level principles to avoid technical and legal debt that becomes hard to address once digital infrastructure is in place. For example, when governments strengthen platform regulation and require platforms to collect personal data from users (such as age verification), they must define what custody obligations and cybersecurity standards apply to platforms, and consider whether compliance costs are manageable for smaller platforms.

When platforms are required to collect and store users’ sensitive information, the large volume of raw personal data imposes huge responsibilities and risks on them. If we move toward “unlinkable” digital identity design that separates “verification” from “identity,” users only need to present proofs that meet conditions without revealing their full identity, which can satisfy regulatory requirements while significantly reducing platforms’ custody costs and security risks. Current technologies based on zero-knowledge proofs are already capable of meeting use-case needs such as “I can prove I’m an adult without telling you who I am.”

From the perspective of protecting user privacy, this “zero-knowledge” approach contrasts with the past reliance on VPNs to bypass sovereign internet boundaries. A VPN is a powerful asymmetric tool that, to some extent, can hide digital footprints from administrators and evade platform service requirements of specific jurisdictions, but it fundamentally exploits loopholes in existing governance frameworks. Given foreseeable international cooperation, countries are likely to strengthen internet controls, and alliances of authoritarian regimes are rapidly evolving—such measures will eventually face limits. By contrast, “unlinkable” digital identities offer a more fundamental solution by avoiding the disclosure of unnecessary personal data from the outset and only delivering the required credential. In other words, if “verification” and “disclosure” can be thoroughly separated, it becomes possible to achieve both compliance and privacy without increasing risks for platforms or individuals. This represents the minimal-change path to the broadest possible consensus on privacy for democratic states, platform providers, and individual users.

Readers may find it hard to immediately link “cybersecurity regulation” with “digital identity services”; in fact, policymakers often treat them as belonging to different fields and authorities. But looking from outcomes backward, the two are actually two sides of the same coin. When, in the name of protection, we demand that service providers or network users hand over more personal data, not only do regulators and platforms gain more information—raising the risk of “phone home” behavior and abuse—but malicious actors (whether authoritarian regimes, surveillance-oriented service providers, or small criminal groups) find it easier to track users’ digital footprints. This means the real issue that must be included in policy debates is not “whether to authenticate,” but “how to design digital identity services following the principle of minimal disclosure,” raising the threshold for obtaining personal data. That is the key challenge we must confront when discussing digital identity public infrastructure, yet it remains underdiscussed internationally; this article aims to address that gap.

1.2 Core proposition: Why does Taiwan need a civil society–led demonstrative backup digital identity? — My small, mountainous, yet potentially scarred hometown

Current digital identity policies may appear to offer diverse choices, but they actually conceal three major risks. First, excessive data centralization: digital identity services from different channels ultimately converge in one place, creating a “many eggs in one basket” situation—if any link is breached, the risk of leakage rises sharply. Second, bureaucratic silos: different departments act independently, producing a Silo Effect that makes digital identity services hard to integrate or jointly upgrade, causing risky legacy systems to linger; even within the same government there are electronic services from different eras, creating vulnerabilities of varying severity. Finally, we cannot ignore that, amid frequent human-caused data leaks worldwide, Taiwan sits at a geopolitical risk hotspot, facing compounded threats such as geopolitical conflict, information warfare, and cyber attacks, so the fragility of digital services demands serious attention.

Against this backdrop, the promotion of digital identity must establish an Anti-fragile strategy. Its core comprises three aspects: Robustness, ensuring infrastructure can withstand shocks; Backup, so the whole can keep operating when some nodes are impaired; and Minimal Disclosure, minimizing unnecessary personal data collection. Only then can digital identity evolve from fragile infrastructure into resilient public services, avoiding a Maginot Line–style defense mindset that builds higher walls but lacks flexibility. The new era of Digital Civic Infrastructure should be designed from the outset to be hard to completely breach and able to flexibly reorganize when needed—creating new homes and enhancing citizens’ autonomy.

The Taiwanese government’s development of digital identity has been arduous, marked by multiple attempts and challenges: from the early Government Public Key Infrastructure (GPKI), the later-paused next-generation electronic national ID (eID), the virtual health insurance card introduced during the pandemic, leaks from the National Health Insurance database and household registration data, to the recent digital credential wallet project — all reflecting the difficulties in Taiwan’s system design. Civil society in Taiwan has a unique relationship with government that is both supervisory and collaborative; citizens place great importance on the risks of government digital identity policies, and public trust in government fluctuates with the circumstances.

In this context, when government departments leave a governance vacuum due to dispersed responsibilities, civil society prototypes can play a guiding role. For example, existing government services already allow citizens to download their own identity data. Although it is difficult in the short term for the authorities to directly issue a fully digitalized ID, civil society can still lead by example — the “Bond for the Future” project can help users “self-issue” a privacy-first, easily verifiable digital national ID to fill the last mile of the institutional gap.

Furthermore, Taiwanese civil society is rapidly strengthening its own version of “societal resilience.” From learning basic first aid, to households preparing emergency kits, the revival of low-frequency radio communities, and open-data communities focused on submarine cable security and information manipulation, citizens are actively building multi-layered response capacities to cover gaps the government cannot address in real time. In light of this, we believe a civil-society digital identity backup mechanism should be considered an important component of “societal resilience,” which is also the background for the “Bond for the Future” project.

The goal of “Having Preparedness” is to transform digital identity from a vulnerability that “causes harm in the name of protection” into a resilience foundation that “grows stronger in response to harm.” The current system lacks redundancy by design, and in extreme scenarios a citizen’s identity could very likely fail; a backup mechanism refers to a “rotatable list of trusted parties and the trust architectures behind them,” as well as “digital identity services that avoid single points of failure” — when one authority or node fails, the whole can still operate and individuals can still be identified securely and verifiably. Civil society prototypes can fill gaps in government systems and, amid the real-world challenges of siloed ministries, information islands, cybersecurity risks, and varying adoption by technical bureaucracies, offer viable avenues for exploration and preparation for different future possibilities, allowing digital public infrastructure to truly develop resilience on the basis of “individual autonomy, community autonomy.”

1.3 Project Overview: “Prepared Arrival” Initiative

Given the current situation, Taiwan urgently needs a digital identity system that can “continue to operate even if the government is incapacitated.” Traditional centralized databases cannot meet this requirement: whether due to network outages, database failures, or a government takeover, services can be paralyzed simultaneously. Ukraine’s DIIA mobile application, launched in 2022, became a lifeline for communication between citizens and government after the outbreak of war, providing emergency resources and information; however, its design lacked sufficient privacy and autonomy and remained highly dependent on the stability of the central government. With digital identity standards maturing and decentralization and autonomy gradually being realized, Taiwan has an opportunity to redesign and avoid repeating the mistakes of centralized services. Therefore, the “Prepared Arrival” initiative advocates building an open-source, modular, self-issued and self-verifiable digital identity service that enables society to quickly restore basic operations, community cohesion, and external interoperability in the face of disruptions or disasters.

This project adopts architecture based on Verifiable Credential (VC), Decentralized Identifier / Identity (DID), and Zero‑Knowledge Proof (ZKP) technologies, aligning with Taiwan’s digital wallet standards (largely consistent with the EU digital wallet) to seek higher future compatibility and to serve as a private-sector demonstration.

VCs can be understood as “electronic credentials” co-signed by issuers and holders, featuring composability and selective disclosure; DIDs provide individually rotatable identifiers for each person, no longer dependent on a single government or corporate service provider, forming a data-sovereignty path of “self-identification first, then layered government or corporate-backed VCs.” On this basis, ZKP technology further addresses the privacy need for “unlinkability,” allowing users to complete verification without revealing excess information. The “Prepared Arrival” initiative will first adopt ZKP and other standards that the Taiwanese government currently does not yet support in its digital identity policies (such as the digital credential wallet), and will consider testing solutions compiled by the Ethereum Foundation PSE ZKID working group as a demonstration for a minimum viable service (MVP).

Compared with other projects that also use VC, DID, and ZKP, the differences and inspirations of “Bond for the Future” are mainly threefold:

First, it emphasizes the security of self-attestation. Users can directly connect to the MOI identity database themselves and self-attest with a digital signature, ensuring data integrity and non-tamperability;

Second, it responds to Taiwan’s cybersecurity vulnerabilities. Taiwan has repeatedly been targeted by zero-day exploits; for about $3,000 on the dark web one can purchase registry data on up to twenty million Taiwanese citizens. Coupled with the 2021 New eID controversy, successive government data leaks, breaches, impersonations, and geopolitical conflicts, this underscores citizens’ need for more secure, self-controlled digital identities;

Third, it lowers the social communication and adoption barrier. Although international cryptographic standards like SSI and ZKP are maturing, decision-makers and the public remain unfamiliar with the new technologies and may even reject digital transformation due to distrust of public institutions. To address this, “Bond for the Future” not only provides prototype applications but also conducts public outreach through picture books and policy documents to make the technology easier to understand and accept.

“Bond for the Future” places privacy, unlinkability, and individual autonomy first, preventing centralized databases from becoming a hacker’s “honeypot.” At the same time, we emphasize that assurance levels must be equivalent to those of government services, and we preserve technical and institutional extensibility to foster a diverse, resilient Taiwanese digital identity ecosystem in the future.

1.4 Project Implementation Overview and Objectives

The “Prepared Arrival” project originates from the Ethereum Foundation’s Next Billion Fellowship Program, using Taiwan as a demonstration setting to attempt building a “copy of an identity card that remains usable when the government fails.” The core of the project is to create a prototype narrative of a civilian version of a digital ID, an integrated set of services that the public can actually use, and initial scenario applications that allow private individuals to autonomously issue digital IDs so everyone can backup themselves, while also enabling technology to backup Taiwan—preventing the entire populace from losing verifiable identities in the event of geopolitical risks or disruptions to public services.

This project uses Speculative Design methods, employing “experimental prototype design” to quickly present key processes such as registration, possession, and verification, and uses “use-case simulation” to place the project in real-life scenarios (e.g., access control, receiving supplies, online applications) to test usability and potential risks. Speculative Design combines narrative and operability, enabling abstract cryptography and governance designs to be translated into everyday story prototypes that improve public understanding and participation, while also collecting feedback during testing to continuously iterate language, interfaces, and processes. The ultimate goal is to maximize “public awareness” and “willingness to act,” so more people can see the resilience value of this project.

In its design, “Bond for the Future” advocates Privacy by Design and Self-Sovereign by Design, emphasizing scalability in technical, process, and data governance aspects, and ensuring interoperability with existing government services (such as the digital credential wallet TW-DIW and MyData). Without introducing new centralized risks, the project enables community prototypes to connect with existing services, gradually accumulating usability and trust. The ultimate aim is to demonstrate a community-led digital identity solution that is “self-sovereign and privacy-enhancing,” showing the public, government, and international community a possible path for an identity system that aligns with digital human rights.

At this stage, “Backup Taiwan” will complete:

1. Illustrated website: including an interactive illustrated page to raise public awareness, and a demonstration page for verification of Verifiable Credentials (VC) using Zero‑Knowledge Proof (ZKP).

2. Mobile application: a prototype app integrating government services, international standards, and open-source toolkits, demonstrating registration, holding, and offline verification processes;

3. Policy research: this document, conducting policy analysis, technical research, and international case comparisons, and proposing actionable governance recommendations;

4. Community building: managing online and offline communities, hosting workshops and small-scale application scenario training activities, and establishing a foundation for sustained participation and co-creation.

Chapter 2 | Project Overview and Core Proposition (Introduction & Research Problem)

2.1 What is digital identity? What constitutes an ideal digital identity system?

From centralized digital identity services to decentralized identity

Most public and private services in Taiwan can be operated online, so digital identity has become an indispensable part of Digital Public Infrastructure (DPI): it is the “digital representation” by which people (natural persons), organizations (legal persons), and even devices, Non‑Person Entities (NPEs), and AI agents can be uniquely identified, authenticated, and authorized to use services on the network.

The U.S. National Institute of Standards and Technology (NIST) states that digital identity is the unique representation of an entity participating in online transactions or digital services; it must be unique within a given service context, but it does not necessarily reveal the entity’s real-world identity across all contexts. In other words, having access to a digital service does not mean that the service necessarily knows the user’s real identity ⁴ . The World Bank Group’s Identification for Development (ID4D) also lists inclusivity, trustworthiness, and accountability as guiding principles for identity system development ⁵ . Related trust services include electronic signatures, digital signatures, and electronic seals (eSeal); legal definitions and cross-border applicability frameworks can be found in the EU eIDAS regulation ⁶ .

In practice, whenever a service is not completely open to everyone, it almost always relies on digital identity for access control: services need to distinguish “who can enter, and who can do what.” For example, online banking must confirm that the person logging in is the account holder; campus systems are limited to students and faculty; gaming platforms need to verify age; social platforms require a registered account before posting or commenting. These everyday situations show that digital identity is a basic prerequisite for online services to operate. The proliferation of digital identity not only enables effective verification of online processes and reduces transaction costs in the physical world, but more importantly, the “trust architecture” it constructs reciprocally shapes our social imagination and the rule boundaries of “who can do what.”

The design goal of traditional centralized digital identity is often “one credential for all”: using a single identity (such as a government‑issued legal identifier or a Google account) across many scenarios. However, practical experience and many recent controversies show that a single identity service cannot satisfy all needs. We would not use a Google account to participate in a referendum, nor would we use a national ID card to log into an anonymous forum; in many jurisdictions a national ID card does not even exist. Binding all uses to the same identity and the same database only turns it into a “honeypot” for malicious actors and creates and amplifies single‑point risks of political abuse and systemic failure.

Decentralized Self‑Sovereign Identity (SSI) offers an alternative path: using Verifiable Credentials (VC) to carry contextual attributes (for example, “over 18,” “resident of a certain county,” “holds a certain qualification”), establishing many‑to‑many relationships via Decentralized Identifiers (DID), and completing verification through selective disclosure and Zero‑Knowledge Proofs (ZKP) without exposing unrelated personal data. The ideal digital identity is not a one‑size‑fits‑all card, but a set of composable credentials and protocols that enable people to prove they “meet the criteria” and access services with the minimal disclosure of data (data minimisation).

Principles of an ideal digital identity

The essence of the identity concept is “who is allowed to do what in which context.” It is not merely the static “name and identification number,” but a dynamic authorization woven from multiple relationships and value judgments. An ideal identity system should recognize “plural, multi‑contextual, and revocable” identity representations: the same person can simultaneously be a voter, a student, a healthcare worker, a volunteer, or a member of a Decentralized Autonomous Organization (DAO), and be able to present different credentials and privileges in different scenarios. Trust should not be treated as a one‑time grant under a single central key (root credential); rather, it should be the measurable, transferable, and replaceable result of multiple endorsements. Trust from government, industry, and community can reinforce one another instead of being mutually exclusive. This view aligns with contemporary notions of digital trust.

According to the white paper “Human‑Centric Digital Identity: for Government Officials,” jointly authored by 12 international nonprofit organizations in the digital identity domain including the OpenID Foundation ^{7 8} , an ideal digital identity should consider four fundamental principles (Pillars):

1. Human‑Centricity: include affected populations and diverse stakeholders in decision‑making and iterative processes, clarify the impacts of digital technologies on people’s rights, and use Human‑Centered design to weigh decisions;

2. Strategic Design and Governance: update legal interpretations and institutional reviews for the digital age in line with instruments such as the United Nations human rights conventions, treat digital identity as critical infrastructure, and establish cross‑level strategies to build a digital identity trust framework;

3. Security and Privacy-Protecting: align with and adopt international privacy principles, establish measurable and mandatory certification mechanisms, and incorporate cybersecurity into corporate social responsibility and government procurement standards; and

4. Delivering International Interoperability: align with international policy frameworks and technical standards, proactively participate in open standards communities, and encourage public–private collaboration.

Its ultimate goal is to help the government establish a secure, interoperable, privacy-protecting digital identity ecosystem that can be adopted by diverse groups, enabling individuals to assert their identity freely in environments of their choosing and to benefit from high-quality digital identity services and applications. Reflecting on the ideals of digital identity and lessons from blockchain experience, we propose the following five extended core digital identity design principles to ensure smooth system operation, strengthen individual users’ rights, and enable operation under extreme conditions.

Privacy by Design

“Privacy-first” is the primary consideration in an ideal digital identity system. Architecturally, it should minimize centralized access to and exposure of personal data. For example, introducing advanced privacy-enhancing technologies such as Zero‑Knowledge Proofs (ZKP) enables credential holders to verify identity without disclosing unrelated information, achieving “selective disclosure” by proving only the facts required. Compared with traditional centralized systems that aggregate excessive personal data like information honeypots, the characteristic of ZKP and minimal disclosure is to break data into only the necessary attributes, allowing citizens to prove “you are you” without leaking extra information. This way, even under high digital surveillance pressure (such as during wartime or under authoritarian rule), citizens can use identity verification with peace of mind and no lingering concerns.

Interoperability and Unlinkability

“Interoperability” means different systems should be able to exchange data, invoke each other, and collaborate to complete tasks without requiring custom modifications. Open standards (such as DID/VC, OpenID for Verifiable Credentials, etc.) should define formats, flows, and interfaces, while design simultaneously considers authentication, authorization, encryption, revocation/auditing, and other mechanisms. At the same time, systems must ensure “unlinkability”: even if the same open protocols support cross-context interoperability, this does not mean anyone can stitch together a user’s footprints across different contexts. Identity presentations and interactions in different situations should be designed to prevent correlation (including identifiers, device fingerprints, and network usage patterns). An identity system should simultaneously satisfy “interoperable,” “unlinkable,” and “no phone home”: it can interoperate via standard means when needed (Interoperability), but default protocol behavior should prevent linking across contexts (unlinkability) and should not autonomously return data or initiate connections (No Phone Home).

Decentralized trust

Minimizing reliance on a single authority and building a distributed trust architecture is key to improving the resilience of identity systems. Therefore, an ideal digital identity system design should be able to incorporate technologies such as Decentralized Identifier (DID) and explore diverse trust models like the Web of Trust, allowing multiple issuers to issue credentials and community members to vouch for one another, forming an interwoven trust network so identity verification no longer depends solely on a single central database or certificate authority. For example, the system can normally use the government’s public key infrastructure as a trust anchor but be predesigned to switch to a community-maintained trust list mechanism when necessary. A convertible trust model ensures citizens’ digital identities can be trusted under any circumstance and will not be paralyzed by a single point of failure. This decentralized trust design also materially enhances the survivability of digital identity services and is a necessary complement to traditional centralized trust architectures. We do not deny the authority of government agencies to issue identities, but we also recommend that commercial identities and non-profit identities be considered as part of the national digital identity policy, since government services cannot cover all of citizens’ everyday digital activities.

Self-issuance and user control (User-control)

Citizens should have the sovereignty to issue and manage their own identity credentials, embodying the concept of Self-Sovereign Identity (SSI). In traditional models, identity credentials are often issued only by governments or licensed institutions, leaving individuals in a passive position. Conversely, in an ideal digital identity system, citizens should be able to transform their government-verified information into verifiable credentials (Verifiable Credential, VC) under their control in a trustworthy and verifiable manner, ensuring the authenticity and reliability of the data source (since the underlying basis still relies on government authoritative data), and grant individuals leadership over their digital identities. This encourages the private sector to establish independently operable credential issuance and verification mechanisms, breaking the long-standing monopoly of a few issuing authorities (and their service providers) over digital identity, and enhancing the flexibility and creativity of digital civic infrastructure.

Currently in Taiwan’s electronic signature market only two vendors are government-authorized, resulting in a lack of competition and innovation in digital signing services. By enabling open, autonomous certificate issuance and signing, more diverse identity providers can be encouraged to emerge from the bottom up, so citizens no longer have to rely entirely on a single official channel. In extraordinary times, citizens could even help one another confirm identities and maintain chains of trust, making the digital identity ecosystem more democratic and flexible and reducing absolute dependence on central systems.

No Phone Home

Finally, the system must ensure there are no backdoors in operation — that is, a user’s digital identity credentials should be independently stored and verifiable on their own device without having to query a central server for every check, and verification should not require notifying or relying on any central authority. This principle is especially important in scenarios of network outages or government system failures: even completely offline, citizens’ phones should be able to perform point-to-point (P2P) identity verification so civic identification networks can continue to operate and be difficult to disrupt.

A design without backdoors both improves the system’s disaster response capabilities and prevents the government from monitoring citizens through system backdoors. Government agencies and other authenticators will not receive reports of each user authentication, making it impossible to build behavioral profiles. Citizens’ digital identity credentials remain usable autonomously and privately even under the risk of authoritarian surveillance, and will not become tools for tracking. Adhering to the “no backdoors” principle can truly make a digital identity system independent, self-determining, and resilient against extreme scenarios.

2.2 Why Taiwan needs a private-sector version of digital identity

As the core of digital governance and services, digital identity reliability is closely tied to national security and social stability. With increasing international tensions, rampant cyberattacks, geopolitical risks, and threats from electronic warfare, centralized identity trust models are being tested. The resilience and security of Taiwan’s digital infrastructure have become more important than ever. Any highly centralized identity database is a “high-value honeypot”; if leaked or abused for audits, the costs will be borne by society as a whole. Establishing a private-sector version of digital identity as a complement and backup to government solutions helps ensure digital sovereignty is not jeopardized by a single point of failure, maintains governance capacity, and embodies a democratic society’s ability for self-defense and continuity of governance.

In Taiwan’s current environment, full of uncertainty and threats, a “private-sector digital identity” is a necessary piece of institutional redundancy and social resilience. We hope the “Bond for the Future” project will make principles such as interoperability without linkability and offline verifiability the default, so that the backup is not just another system but enables identity services to continue providing basic functions and protecting human rights in the worst scenarios. The core motivation of this project can be explained by three “whys”:

• Why the private sector?
• Why choose a backup?
• Why connect?

Why the private sector?

On the issue of digital identity (even when the government does not explicitly label it as such), Taiwan’s central government has previously tried many approaches through different ministries, including the New eID, the MyData “Personal Data Autonomous Use Platform” designed to facilitate data access, the mobile Citizen Digital Certificate app (i.e., TW FIDO), and the current credential wallet, among others. These staged efforts have value, but there have also been incidents where public agencies illegally misused personal data for political manipulation, and the “New eID” was met with strong opposition from civil society and academia—due to information security concerns, mandatory reissuance controversy, and insufficient legal basis—and was ultimately forced to be shelved indefinitely.

Given prior experience and the current domestic and international situation, the government will find it difficult in the short term to single-handedly satisfy privacy, interoperability, portability, and wartime resilience simultaneously. Considering that Taiwan cannot join the United Nations, it cannot fully resolve structural issues around single points of trust and cross-border interoperability. These problems make it more urgent to advance a new system now: geopolitical risk, digital fragility, and a crisis of trust are simultaneously stress-testing Taiwan’s identity ecosystem, and we must “arrive prepared.”

The “Arrive Prepared” project team comes from the open-source civic tech community, is familiar with rapid iteration workflows, and has practical implementation experience focused on privacy and interoperability. A civil-society role can also avoid the route monopolies that might result from a single large ministry dictating the approach. We believe the civil society mission is not to replicate or replace the government model, but to fill critical gaps using open standards (DID/VC/OpenID4VC) and technologies such as ZKP, and to predefine a dual-track trust architecture: in peacetime anchored to the official PKI, and in crisis able to seamlessly switch to a community-maintained trust list and cross-signing paths—ensuring continuous verification, least privilege, and no footprint backflow.

Why choose a backup?

In July 2025, the BBC reported that UK officials accidentally leaked an identity dataset containing the names and contact information of thousands of Afghans who were trying to flee Taliban reprisals, putting many citizens at risk of death or unable to return to Afghanistan; China’s centralized digital surveillance and social credit system further highlights how authoritarian governments can abuse data to oppress people. These international cases warn that if data are misused or a state system suddenly changes, citizen information held by governments can become a weapon that endangers lives. In times of war, natural disaster, internet shutdowns, or political shifts, centralized identity systems are even more prone to single‑point failures. To guard against the worst, Taiwan urgently needs a mechanism that can protect citizens’ identities even under the direst circumstances.

This project focuses on four scenarios, ordered from largest to smallest, that can immediately generate public and market value:

First, Anti‑Sybil: using VCs and selective disclosure or ZKPs to implement “one person, one vote / one share,” balancing anonymity and verifiability. This allows public deliberation, online voting, and open funding scenarios to have equal-weight votes without exposing real identities and with reduced vote-buying risk, preventing manipulation of democracy and paving the way for future digital democracy policies;

Second, Access Control: conveying “meets criteria” with attribute credentials rather than full identities, following the principle of least privilege and reducing service providers’ personal data risks. Attributes like “is of legal age,” “resides in X county/city,” or “holds a certain professional qualification” are delivered as minimally disclosing, verifiable credentials so platforms only know “you meet the criteria,” not your full identity, strengthening privacy and lowering data custody liability.

Third, Intent & Consent: users record consents, delegations and revocations with verifiable signed records; this supports democratic participation and commercial service authorizations, documenting an individual’s consent and delegation regarding a public matter or community rule — this is likewise a foundation of digital democracy;

Fourth, Association: use VCs to represent membership, roles and voting weights, enabling cross‑platform portability and empowering autonomous governance. Communities, labor unions, and local organizations can use VCs to establish “membership,” “roles,” and “voting weights” that are portable between platforms, reducing the risk of being locked into a single platform and realizing the social benefits of Self‑Sovereign Identity (SSI). In addition, the civil society version and the government version are compatible and complementary on shared standards, operating in parallel during peacetime and relaying during wartime, providing insurance for Taiwan’s digital sovereignty and the continuity of democracy.

Why connect them? Why must public and private sectors truly cooperate?

Finally, this project aims to weave together government identity attestations, enterprise operational needs, and civil society human rights principles into a trust network, forming a human‑centric “Taiwan personhood certification.” This civil society backstop allows the tensions between state and society, platforms and the public, and commercial and public services to be transformed into complementarity and collaboration.

Civil society has multi-stakeholder governance and international connectivity capabilities, enabling better achievement of:

1. Multi-source issuance, multi-party verification: Certificates that can be verified are issued and signed by diverse entities such as financial institutions, academic researchers, the commercial sector, medical providers, and local organizations, reducing reliance on a single authority;

2. Open source transparency and third-party audits: Specifications, code, and risk models are presented openly and transparently for public scrutiny;

3. Trust Registry governance: Establish publicly auditable processes so that trusted issuers, revocation, and incident reporting all follow fixed procedures. This governance mechanism is still under deliberation, so a demonstrative project is needed to fill the gap in civil society and non-profit initiatives;

4. International Alignment: Given the reality that Taiwan faces difficulties formally joining some multinational frameworks, civil society and market mechanisms may find it easier than official channels to participate in open standards communities and industry alliances, allowing Taiwan’s credentials and wallets to engage in global interoperability.

Establishing a civil society version of digital identity for Taiwan is a strategic reinforcement measure proposed out of risk awareness and future vision. It aims to add leverage in digital sovereignty, prevent Taiwan’s digital identity system from being vulnerable to single points of failure or international isolation, and emphasizes enhancing social resilience so that a democratic society retains self-supporting digital authentication capabilities when facing extreme challenges. This civil-society digital identity will follow international open standards, combining governmental credibility with private-sector innovation to construct a decentralized, trust-assured, and secure identity verification network. It will coordinate with existing government initiatives and provide double insurance for digital identity: improving service convenience and international interoperability in peacetime, and serving as a solid backbone for the identity system in wartime. Only in this way can Taiwan robustly defend civil rights in the fast-changing digital era, ensure the continuity and security of national digital governance, and truly realize “redundant democracy” in the digital age.

2.3 Analysis of International Governance Trends for Digital Identity and Privacy-Enhancing Technologies

As society becomes increasingly digitized, issues of digital identity recognition and privacy-enhancing technologies have grown more important. In recent years, innovative technologies such as Decentralized Identifier (DID), Verifiable Credential (VC), and Zero-Knowledge Proof (ZKP) have emerged internationally, attempting to balance convenience and privacy protection in identity authentication. These technologies enable individuals to manage their identity information more autonomously, reduce reliance on centralized databases, and lower the risk of service providers obtaining unnecessary personal data.

However, technological development drives policy regulation and international governance; governments and international organizations are actively formulating related policy frameworks to ensure innovation does not infringe on civil rights and to achieve cross-border interoperability. This subsection will analyze, from policy and governance perspectives, the development trends of digital identity and privacy-enhancing technologies, the policy progress in major regions, and discuss the tensions among policy dilemmas, technology maturity, and governance interoperability.

Policy developments and discussion focal points in major international regions

1. EU: A pioneer in the digital identity space

The electronic Identification, Authentication and Trust Services Regulation (eIDAS) was established as early as 2014, laying the foundation for cross-border identity verification and electronic signatures. eIDAS 2.0, which came into effect in 2024, further introduced the concept of EU Digital Identity Wallets, requiring member states to provide citizens with an official digital identity wallet within the coming years to store proofs of personal attributes and present them across various online services. This regulation expects member states to provide such digital identity wallets by 2026, giving EU citizens a secure, unified digital identity tool.

One of the focal points of EU policy discussion is data minimization and privacy protection. To comply with GDPR data protection principles, the EU is exploring the application of privacy-enhancing technologies in identity verification. For example, Recital 14 of eIDAS 2.0 mentions zero-knowledge proofs (ZKP) as a method to strengthen privacy, although adoption is not currently mandatory. Scholars note that to truly implement the principle of data minimization, digital identity systems should have privacy technologies such as ZKP built in to avoid disclosing unnecessary personal data during identity verification. The EU has also established an Architecture and Reference Framework (ARF) working group to develop a Toolbox, with member state experts and industry collaborating to ensure digital identity systems are technically interoperable across countries and citizen-centric Toolbox .

Another focus is cross-border recognition and trusted frameworks. The EU has developed projects such as the European Blockchain Services Infrastructure (EBSI) and the European Self-Sovereign Identity Framework Lab (eSSIF-Lab) to promote governments and businesses adopting Self-Sovereign Identity (SSI) models. New regulations also suggest that member states identify activities for sharing attributes and/or credentials across jurisdictions from system contexts and user experience perspectives, and prioritize cross-border interoperability of digital identities accordingly. However, achieving recognition across jurisdictions is not easy; an OECD report also points out that realizing cross-border portability of digital identities and building trust between different jurisdictions involves high technical and governance complexity OECD report . Overall, EU policy emphasizes a user-centered, privacy-friendly, and transnationally interoperable digital identity framework, attempting to strike a balance between digital innovation and regulatory protection.

2. East Asia: Exploring Innovative Practices in Decentralized Identity

In East Asia, governments have in recent years begun to pay attention to digital identity governance and the application of decentralized technologies. Bhutan and South Korea have been particularly proactive.

Bhutan provides a state-led example that directly adopts a public blockchain as the digital identity infrastructure. Since 2024 Bhutan has promoted the National Digital Identity (NDI) project, initially built on Hyperledger Indy, later migrated to Polygon, and in 2025 completed integration with the Ethereum mainnet, becoming the first country to anchor a national-level digital identity system to Ethereum . The system is led by the Bhutan GovTech Agency and is expected to serve about 800,000 residents, enabling access to online government services and certain private services via self-managed wallets and credentials. This model combines an open public chain with a national legal identity, emphasizing verifiable credentials, self-sovereignty, and long-term security, while also highlighting how a small country can reduce the cost and risk of building closed systems by leveraging open infrastructure.

In March 2025, South Korea officially rolled out a blockchain-based mobile digital ID nationwide, enabling citizens to hold their digital identity via a smartphone app . The South Korean government estimates that about 45 million people will adopt the technology within two years of deployment for use in finance, healthcare, taxation, transportation, and other sectors. As early as 2020, over one million people in South Korea obtained blockchain-based driver’s licenses through the PASS mobile application, and the Korea Internet & Security Agency (KISA) subsequently conducted related pilots . South Korea’s experience shows that blockchain and DID solutions are maturing technically, and the government intends to advance digital governance through the principle of self-sovereign identity. However, even the most robust decentralized ID system remains difficult to use for the majority of public services unless it receives formal recognition from government agencies or businesses, which is currently one of the major limitations.

China’s approach to digital identity is guided by real-name registration and data security, while also focusing on blockchain applications for trusted identity. At the end of 2023, China’s Ministry of Public Security, together with the Blockchain Service Network (BSN), launched “RealDID” for online identity verification and personal data encryption protection, and piloted it in Hong Kong. In addition, WeBank initiated the WeIdentity project, adopting W3C DID and VC specifications to build a decentralized identity ecosystem. These Chinese solutions emphasize cryptographic protection and authentication services but are still led by official or large institutions and primarily serve real-name authentication scenarios. By comparison, Hong Kong also has innovations using blockchain and DID—for example, the ARTRACX art platform uses DID to establish identities for artworksto protect copyright .

In recent years Taiwan has actively participated in international standards, seeking local innovation in digital identity. Taiwan’s Ministry of Digital Affairs (moda) has launched a four-year project (2024–2027) aimed at building a permissionless infrastructure that ensures the security of digital identities. The Digital Wallet project will be based on W3C Decentralized Identifiers (DID) and Verifiable Credentials (VC) standards to construct digital civic infrastructure for issuers, wallet providers, and verifiers . This reflects Taiwan’s attention to diverse identities and privacy-by-design in digital citizenship, and its desire to create a citizen identity credential system that can be applied cross-border. For more review and analysis of Taiwan’s experience, see the next chapter.

3. Global multilateral organizations: governance frameworks and standards setters

The United Nations and related international organizations are also concerned with the impact of digital identity on human rights and development. Target 16.9 of the UN Sustainable Development Goals (SDGs) sets the aim of “providing legal identity for all, including birth registration” by 2030, highlighting the importance of legal identity — proving “who I am” is the basis for exercising rights and accessing services.

However, many countries’ large-scale national digital ID programs have also raised privacy and human rights concerns. If poorly designed, a single, centralized national digital identity system can become a tool of surveillance or lead to the exclusion of vulnerable groups. Consequently, initiatives such as the World Bank’s ID4D (Identification for Development) program and the ID2020 Alliance promote ethical, privacy-preserving digital identification approaches to support equitable social, political, and economic empowerment . The focus of these international development organizations is: how to provide universal legal identity while avoiding the creation of new surveillance architectures, ensuring no one is left behind.

In terms of technical standards, W3C plays a key role. W3C has published standards such as the DID 1.0 specification and the VC Data Model 2.0, providing the technical foundation for decentralized identity. The February 2025 W3C report “Identity & the Web” further notes: “People, standards organizations, and governments are key participants who need to collaborate to ensure that digital credential/identity solutions solve more problems than they create, because identity is not only about technology, but also governance,” reflecting that the international community recognizes that technical standards must advance alongside legal governance to balance technological development and privacy protection. Led by organizations like W3C, cross-border technical standards (such as DID and VC formats) are gradually taking shape, laying the groundwork for global interoperability and trust.

Tensions between policy dilemmas, technological maturity, and governance interoperability

In advancing digital identity and privacy-enhancing technologies, countries more or less face a policy dilemma balancing trade-offs among policy objectives, technical maturity, and governance interoperability

1. Policy dilemma: public safety and privacy

Digital identity involves two major issues: citizen privacy and national security. Policymakers on one hand hope to use new technologies to enhance privacy protections and respond to citizens’ concerns about surveillance; on the other hand they worry that excessive anonymization could hinder law enforcement and national security. As noted above, large centralized identity systems can bring risks of privacy invasion and discrimination, causing exclusion rather than inclusion . The policy dilemma requires new legal frameworks to strike a balance; for example, emphasizing privacy and data autonomy in the design of a digital identity wallet while also considering exceptions that require greater scrutiny in certain high-risk areas (such as opening a bank account). Preventing digital identity systems from becoming “digital authoritarianism” or a breeding ground for crime will require the global policy community to work together to find innovative solutions.

2. Technical maturity: reality and ideals

From a technical vision perspective, DID, VC, and ZKP construct an ideal where individuals have comprehensive control over their digital identities. In reality, because these technologies are still maturing, user experience, infrastructure, and security may need improvement. Decision-makers may hesitate to adopt technologies perceived as immature, causing policy to lag behind technological development; conversely, rushing to adopt immature technology can lead to security incidents or poor uptake. Many legal and advisory organizations currently have limited understanding of emerging identity technologies and cannot keep pace with technical evolution, leaving policy-making in an information-asymmetric state. The solution is to strengthen cross-disciplinary collaboration so the technical community can provide evidence and risk assessments for policy-making, while policy directs resources into technology testing and standards development to close the knowledge gap. The W3C report recommends using threat modeling to analyze the impacts of identity technologies on security, privacy, and human rights, and advocates reducing risk through standards and coordination. In other words, technology and policy must develop in parallel to prevent one from holding back the other.

3. Governance interoperability: local and global

Identity is inherently sovereign, and systems vary widely between countries, so reaching global consensus is extremely challenging. Even with technical standards like W3C, nations differ in legal definitions of identity, recognition of trusted authorities, and privacy thresholds. The OECD recommends aligning legal frameworks and strengthening international cooperation to build cross-border trust; however, aside from within the EU, there is not yet a global mutual recognition agreement for digital identity. Regional digital identity initiatives are incubating, but concrete results remain distant. Local needs often drive unique identity solutions (such as national ID cards), yet globalization demands that they interoperate. Coordinating this tension requires greater roles for international organizations. In the future, an international standard or treaty similar to the passport may be necessary to regulate cross-border use and recognition of digital identities. Interoperability must also encompass coordination between public and private sectors, and between biometric and cryptographic approaches; otherwise citizens will face a fragmented landscape that reduces the value of digital identity.

Some key institutional demonstrations and international consensus are still lacking. For example, no country has yet successfully fully deployed a national digital identity based on DID and VC that has achieved broad cross-border recognition; there is no widely accepted global trust root to verify the authenticity of credentials issued by different countries; and the international legal status and attribution of liability for self-sovereign identity remain unsettled—if identity fraud occurs, is responsibility on the user, the issuer, or the technology provider? There is currently a shortage of concrete cases to provide experience addressing these questions.

Digital identity and privacy-enhancing technologies are leading us into a new era of digital identity governance. Driven by pioneers such as the European Union, decentralized identifiers, verifiable credentials, and zero-knowledge proofs are gradually moving from concept to practice, bringing identity systems that are more user-centered and privacy-respecting. At the same time, East Asian countries like South Korea and Taiwan are experimenting, and international organizations and standards bodies are building collaborative frameworks with the hope of establishing mutual trust globally. But we also see a gap between ideals and reality: policy must balance citizens’ rights with state functions, technologies need time to mature, and cross-border interoperability depends on diplomatic negotiation.

The coming years will be a critical period: governments, technical communities, and international organizations must work together to jointly develop standards, share pilot experiences, and bridge the gap between policy and technology. As the W3C has stated, the power of standards lies in guiding innovation toward directions that benefit society. Only in this way can digital identity truly become a tool for promoting inclusion and safeguarding human rights, rather than a new system of surveillance and exclusion. Amid the tug-of-war between policy, technology, and governance, only by steadfastly adhering to a human-centered intent can the tensions be resolved, allowing digital identity and privacy-enhancing technologies to bring tangible welfare and freedom to global citizens.

Chapter 3 | Taiwan Experience Review and Problem Definition (Taiwan Experience & Problem Definition)

3.1 The Evolution of Taiwan’s Digital Identity System and Its Democratic Implications

In the course of development over the years, Taiwan’s identity recognition system has undergone many changes and experiments. Early population household registration identity systems reflected the centralized household registration systems common in East Asian societies, with the state exercising comprehensive control over citizens’ data, which gradually revealed concerns about privacy and surveillance; on the other hand, the COVID-19 pandemic accelerated applications of centralized data, further highlighting the risks of traditional centralized regulation of digital identity under a digitalized government. With the government’s digital transformation and the Ministry of Digital Affairs promoting decentralized digital identity policies, Taiwan’s identity recognition system is facing a major turning point.

As lawyer Lin Yuteng said in an interview with The Reporter, “A digital ID can be the foundation of a smart government, but it can also be the infrastructure of an authoritarian government. The difference between good and bad lies in the importance of accountability systems. ” At this moment, it is urgent to review the evolution of digital identity; we need to discuss in depth the history of Taiwan’s digital identity development and its democratic implications, to ensure technological evolution aligns with democratic values and human-rights standards, and to consider how subsequent accountability mechanisms might be established, especially under the joint evolution of social consensus.

Regulatory digital identity that continues the household registration system

Taiwan’s current digital identity system carries strong elements of traditional household registration control, tracing back to the historical concept of “registering households and their people” (編戶齊民). The people in such registers served as the fundamental units of centralized governance. In Han dynasty literature, “name registers” (名籍) referred to the identity data of an individual, while “household registers” (戶籍) were combined household identity records that could include private names of family members, kinship terms (indicating family relationships with the household head), categories of corvée or service, ages, and so on. The state’s principal purpose in establishing household registers was to effectively manage human resources, and based on household and land registers, city-states and nations were able to expand conscription and increase taxation. The mindset of centralized management of the population has continued into the modern household registration system and the national ID card system, forming the foundation of a regulatory-style digital identity in the era of e-government. The government links various databases through each citizen’s national ID number, shaping a highly centralized national database system.

However, in the absence of supporting legal limits and oversight, centralized identity models are prone to risks of digital footprint abuse and privacy violations. For example, in 2020 the Ministry of the Interior promoted the New eID policy to chip-embed the existing paper ID, attempting to integrate the Citizen Digital Certificate into the chip as a major digital governance infrastructure. This move aimed to extend the household registration centralized management logic, unifying citizens’ online and offline identities under a single credential. However, the New eID project was ultimately strongly opposed by civil society and forced to be suspended due to controversies over cybersecurity concerns, mandatory reissuance, and insufficient legal basis. This episode highlighted the challenges Taiwan’s traditional household registration mindset faces in the digital age: emphasizing centralized control while neglecting effective accountability mechanisms — for example, processes to safeguard citizen privacy and democratic oversight — which, if handled carelessly, could allow digital identity to slide into an extension of state surveillance.

Acceleration in the pandemic era and centralized databases

During the COVID-19 pandemic, the public health crisis prompted governments to mobilize existing centralized databases and digital identity systems at scale, accelerating the adoption of regulatory digital identities. Taiwan’s National Health Insurance system served as the central hub for digital identification and data exchange. Because almost everyone holds an NHI card and it is directly linked to identity, it was widely used to verify personal identity and connect medical and epidemic-prevention information services. In addition, the numbers printed on the NHI card have been treated by government agencies as a method of identity recognition. For example, the real-name mask rationing required people to present their NHI card at pharmacies to purchase masks, using the NHI card’s chip and backend databases to verify purchase quotas in real time; vaccine appointment booking and record inquiries also relied on the NHI information system for identity verification and data entry.

“HiHealth｜My Health Bank APP” is a mobile application developed by the Central Health Insurance Agency that allows users to view personal health data, including medical records, surgeries, medications, lab and exam information, physiological measurements, appointment reminders, allergies, organ donation and palliative care wishes. It also digitizes the physical NHI card—people can apply for a virtual NHI card, check facilities that accept the virtual NHI card, and use the virtual NHI card for medical visits .

These services and measures, while effectively improving epidemic prevention and NHI efficiency, also mean the state is consolidating citizens’ medical and mobility data more deeply into government databases. The NHI card, originally intended only as proof for medical benefits, was extended during the pandemic into a de facto “second ID,” serving various temporary identity authentication purposes.

Regulations for the National ID card can be found in the Household Registration Act: “The National Identification Card is used to identify an individual’s identity; its effect applies nationwide,” and “Nationals with household registration who are 14 years old or older shall apply for an initial issuance of the National Identification Card; those under 14 may apply for issuance,” among other provisions. Regulations for the NHI card are written in the National Health Insurance Act: “The insurer may issue a National Health Insurance certificate with electronic data processing functions (hereinafter referred to as the NHI card) to access and transmit insured persons’ data. However, it shall not store content that is not for medical-use purposes or unrelated to the insured person’s receipt of services under this insurance.” Treating the NHI card as a general identification document is actually a policy misuse and extension. Once this becomes habitual, the NHI database effectively becomes a second household registry, tightly binding citizens’ medical information, movement traces, and identity identification, posing huge privacy and surveillance risks.

Even more severe, the massive data movements during the pandemic exposed information security vulnerabilities and internal-control risks of centralized databases. Although the NHI system’s digital signatures and data exchange architecture claim to be rigorous, serious data leaks still occurred in practice. According to investigative reporting by Mirror Weekly, former NHI deputy secretary Ye Feng-ming abused his power from 2009 onward, instructing subordinates to use NHI system query privileges to steal personal data of about 23 million people across Taiwan year after year and secretly sell it to China for 13 years. The stolen data included insured units, insured amounts, insured persons’ incomes and addresses, and the medical management system database even contained detailed medical records such as blood draws, surgeries, CT scans, MRIs, and NHI reimbursement amounts.

Because the NHI database is enormous and contains nearly the entire population, this leak effectively exposed Taiwanese citizens’ privacy in full. This case highlights that when critical identity data are concentrated in a single national system, the risks are not only external hacker intrusions but also abuse by insiders, which is far harder to guard against. Once oversight fails, the result is systemic, large-scale personal data leakage. This is an important warning the pandemic experience has given us. Centralized digital identity systems may demonstrate value during emergencies, but their fragility and hidden dangers have been magnified like never before. We urgently need to reflect on how to strike a balance between strengthening public services and protecting individual privacy, and avoid sliding into a path where convenience is used as a pretext for surveillance.

Solution: Decentralized digital identity as an alternative

Facing the limitations and risks of traditional digital identity models, the Ministry of Digital Development has actively promoted decentralized digital policies since its establishment, providing a new solution for Taiwan’s digital identity development. Centered on the Self-Sovereign Identity (SSI) concept, it introduces internationally standardized technologies such as Decentralized Identifiers (DID) and Verifiable Credentials (VC), attempting to overturn the previous practice of centrally managing citizen identities. Beginning in 2024, the Ministry also launched the “Digital Innovation Key Infrastructure Project,” promoting initiatives such as the Taiwan Digital Identity Wallet (TW-DIW), aiming to align with international open government practices, realize digital social innovation, and build citizen-centered digital innovation key infrastructure, with an expected implementation timeline from 2024 to 2027.

Unlike the past New eID approach where the government unilaterally reissued chip ID cards as a centralized top-down design, the two core functions of digital wallets are Authentication (AuthN) and Authorization (AuthZ). They do not directly issue a new centralized digital identity; instead, various parties (businesses, agencies, organizations, and individuals) each issue electronic credentials based on W3C’s DID/VC standards, which citizens can choose to store in their personal digital wallets. The government no longer unilaterally prescribes the carriers of identity information but provides an open framework to accommodate the digitalization of multiple credential types.

In other words, digital wallets emphasize constructing a de facto identity: various credentials citizens need in daily life (for example, ID card data, driver’s licenses, student IDs, health insurance cards, and membership cards) can be transformed into verifiable digital credentials, rather than issuing a government universal ID chip card that tracks all digital footprints. They emphasize a decentralized trust architecture, uniformly controlled and managed by individuals, achieving the goals of personal identity autonomy and data-authorized self-determination.

Digital wallets adopt a new, human-centered identity governance model that follows the principle of minimal necessary disclosure. This privacy-by-design mechanism not only reduces the risk of excessive personal data exposure and respects citizens’ right to choose, but also removes the practice of imposing a nationwide digital identity by administrative decree. It helps protect individual privacy in a democratic society. This is not merely a technological innovation but an institutional innovation responding to digital human rights demands, laying a more resilient identity foundation for Taiwan’s digital democratic society.

Summary

The evolution of Taiwan’s digital identity system reflects the tug-of-war between technological development and democratic values. From centralized household registration management that continued the “registering households and people” mindset to the peak use of centralized databases during the pandemic, we have seen both the efficiencies and risks brought by traditional regulatory-style digital identities. At the same time, prompted by civic oversight and inspired by international experience, a new generation of decentralized digital identity solutions has begun to emerge, emphasizing personal autonomy and privacy protection. This shift has profound democratic implications: it concerns rebuilding trust between government and citizens and how to uphold the core values of liberal democracy in the digital age. In the future, as innovative policies such as digital wallets are implemented, we hope Taiwan can strike a balance between protecting civil rights and providing convenient services, break free from the shadow of “regulatory identity,” and build a digital identity system that respects both security and human rights, ensuring that the development of digital identity aligns with the intentions of democratic rule of law and that technology truly serves the people.

3.2 Taiwan’s Digital Identity Crisis: Negative Cases Highlight the Need for Resilient Backup Solutions

Taiwan is facing both external and internal digital identity threats as well as natural and man-made disasters. Externally, geopolitical tensions and the vulnerability of critical infrastructure increase the risk of major impact; internally, there are silo effects from government agencies operating independently, external data leaks, and other factors. These intertwined issues have resulted in Taiwan’s current lack of a resilient digital backup solution, leaving Taiwan continuously exposed to high risk.

External threats and natural disasters—China’s threat and typhoons and earthquakes

Taiwan has long borne the threat of cyberattacks from neighboring countries. The National Security Bureau’s “Analysis of CCP Cyberattack Methods in 2024,” released in early 2025, noted that government internet services in Taiwan suffered an average of 2.4 million intrusions per day in 2024—more than double the previous year—and that most were carried out by CCP cyber forces .

According to statistics from the National Security Bureau, over the past three years the submarine cables around our country have suffered an average of 7 to 8 cuts per year . In early 2023 the submarine fiber cables in the Matsu area were severed one after another within a week, causing local networks to be nearly paralyzed for up to 50 days; residents were forced to survive on slow microwave signals, and production and service industries were severely impacted . This year there have also been multiple cable-break incidents, and when a cable breaks Taiwan has to rely on a small number of international cable ships to carry out repairs . If one day an authoritarian power deliberately severs Taiwan’s external communications cables, how would Taiwan respond to maintain critical connections?

Similarly, natural disasters can also devastate digital infrastructure. Typhoon Danas and the subsequent heavy rains that struck Tainan this July not only tore off more than 26,000 roofs and over 2,400 utility poles, but also caused communications outages in some areas for several days; weeks after the disaster, cable TV and internet signals in parts of the region had still not fully recovered .

Whether due to geopolitical conflict or natural disaster, once a centralized identity system is targeted, major identity databases and authentication systems can become targets. Centralized digital identity verification systems may fail during network outages, causing government services to halt, obstructing financial transactions and essential services, and undermining the social basis of trust. Current identity verification relies on real-time checks of central databases; if local networks are damaged, citizens will struggle to prove their identities and conduct affairs, severely affecting social operations. For example, in June this year (2025) security and trust issues arose with the government-issued Citizen Digital Certificate, and multiple fraud cases involving impersonation of natural persons appeared, leading several domestic public and private banks to collectively announce they would stop accepting the Citizen Digital Certificate as the basis for online account opening identity verification. When digital identity depends on endorsement by a single institution, a vulnerability in that mechanism can have catastrophic effects on societal digital trust—especially when citizens do not clearly understand what their digital credentials actually signify.

Therefore, in the context of potential conflicts across the Taiwan Strait and frequent cyberattacks, digital identity solutions must emphasize network resilience and decentralization, providing fallback pathways under extreme conditions to ensure citizens can still prove their digital identities when disconnected. We must assume that central identity systems can be compromised and pre-deploy backup schemes to prevent malicious actors in wartime from erasing or distorting our citizens’ identity data. The government has already begun planning cross-border backups and cryptographic distribution techniques for critical digital systems , and we also need to introduce decentralized and diverse trust architectures into the digital identity ecosystem to enhance overall civic resilience.

Internal threats and human-caused disasters — insiders hard to guard against and data leaks

As noted in the previous subsection’s case, the recently revealed National Health Insurance data leak shows that a single internal user with high privileges can, without the user’s awareness, use centralized query permissions to collect and resell large amounts of personal data. Once such internal breach of trust occurs, traditional centralized identity systems will find it difficult to prevent it in time. Therefore, future digital identity architectures must strengthen “informed user consent” mechanisms so that each access to personal data occurs under the subject’s monitoring or consent; at the same time, unnecessary centralized query permissions should be strictly reduced to prevent anyone from having unrestricted access to large datasets. Furthermore, consideration should be given to introducing privacy-preserving technologies such as zero-knowledge proofs (ZKP), which prove only the necessary facts during identity verification without directly revealing the underlying data, thereby fundamentally reducing the risk of internal misuse.

In Taiwan’s political context, the term “checking the water meter” is often used to refer to abuses of public power for political surveillance, especially during election periods. In early 2025, during a legislative recall vote in Hualien, reports emerged that residents who had submitted recall petitions were soon visited in person by household registration officials who used personal data to “verify” identities, causing public outcry. Because this action allegedly involved unauthorized use of government personal data to track the movements of specific citizens and exceeded normal administrative verification scope, prosecutors subsequently launched an investigation into the relevant officials on suspicions of violating the Civil Servants Election and Recall Act and the Personal Data Protection Act.

In addition to insider risks, Taiwan also faces severe issues of external hacker intrusions and database vulnerabilities leading to personal data leaks. In fact, at the end of 2022 there was a case in which more than 23 million records of Taiwanese personal data from household registration were publicly sold, covering national ID numbers, household registration, indigenous status, move-in times, family members, military service classification and other personal data governed by the Ministry of the Interior . The large-scale flow of personal data into the black market has also fueled rampant fraud and crime; the centralized personal-data storage system is facing a collapse of trust, exacting a heavy price from society.

When government systems hold vast amounts of citizens’ personal data without proper checks and balances, that data can be used as a political tool and erode democratic trust. To prevent this, digital identity mechanisms must build in strict usage oversight and access control to ensure any access to a citizen’s identity information is traceable and legally constrained, eliminating the practice of “using the name of law to carry out surveillance and suppression in fact.”

3.3 Core Problems of the Current System, Limits of the Government Role, and Opportunities for Civil Society

Taiwan’s current digital identity system has many core problems. The government faces role limitations in driving reforms, while the private sector simultaneously harbors opportunities for innovative breakthroughs. The following will explain the evolution of Taiwan’s digital identity policy, the problems inherent in the system, constraints on the government’s role, and opportunities where the private sector can contribute, and on that basis propose policy directions.

The following factors limit the government’s ability to pursue digital identity reform on its own:

1. Insufficient digital identity legislation: There is no clear, dedicated law to bind government agencies and vendors to a unified digital identity standard. The chaotic standards not only cause serious technical debt and compatibility issues, but also increase the difficulty of system maintenance and integration. A key digital identity statute has yet to be passed into law, which further causes policy advancement to frequently encounter obstacles.

2. Silo effect within the government: Internal resistance to digital transformation is strong; technical bureaucrats tend to be conservative, obstructing cross-department system integration and data sharing, resulting in departments largely operating independently.

3. Current procurement system is not friendly to small and medium-sized innovative vendors: The market has long been dominated by a few large firms, and past privatization measures have not brought genuine market liberalization.

4. Channels for public participation in policymaking are obstructed: members of the public can mostly only express opinions through customer-service–style feedback mechanisms, and thus have little substantive influence on policy direction.

5. The ecosystem lacks openness: services are difficult to extend externally, there are few third-party applications involved, and no open-source technology stack has been established to support continuous improvement and external collaboration.

Taiwan digital identity policy developments

According to the OpenID Foundation’s 2023 research report “Human-Centric Digital Identity: for Government Officials” ⁹ , when authoritative bodies issue digital credentials, they can broadly be distinguished along a spectrum based on identity providers and relying parties. This spectrum corresponds to the comparative dimensions addressed in this section—centralized vs. decentralized, server-side vs. verifier-side, and central trust vs. distributed trust—and serves as a reference coordinate for examining the limits of government roles and opportunities for private-sector innovation later in the text. The horizontal spectrum presents the main models and loci of governance for digital identity: from left to right, centralized e-identity paired with a central biometric repository; device-based biometric verification for e-identity; decentralized/federated identity; proxy/federated services centered on intermediary hubs; architectures led by Credential Service Providers (CSPs); and at the far right, identity shapes where individuals present and manage identities via digital wallets.

Reviewing the history of digital identity development in Taiwan, it began with the National Development Council (now succeeded by the Digital Development Department)

establishing the Government Public Key Infrastructure (GPKI) for government agencies as the trust foundation for e-government, to support identity authentication and electronic signature mechanisms for various online services. The Citizen Digital Certificate (Natural Person Certificate) has been issued by the Certification Authority of the Ministry of the Interior since 2003 under a Public Key Infrastructure (PKI) framework, using an asymmetric cryptographic key pair (public key and private key) to provide citizens with sufficiently strong identity authentication and digital signing capabilities in online environments. The Citizen Digital Certificate can be used for electronic services such as tax filing and to sign electronic documents, ensuring document integrity and non-repudiation. Signed documents use hash algorithms to convert input messages into fixed-length message digests with uniqueness and security properties; after a document is sent, the recipient can use the signer’s public key to verify the validity of the signature .

However, this system has not been adopted in practice as widely as expected. First, the Natural Person Certificate lacks convenient identity authentication functions: it is mainly used to sign documents or log in to government systems, and cannot directly serve as everyday identity proof, while private-sector integration is also inadequate. Furthermore, due to high usage barriers and the limited prevalence of card readers, public application and usage rates have remained low for years since issuance, preventing the formation of an active ecosystem; society has not widely trusted or adopted it as a basis for identity verification. These shortcomings mean that the traditional centralized digital identity system cannot fully meet the needs of the digital age, and they have laid the groundwork for subsequent reforms of the Natural Person Certificate itself, such as the mobile Natural Person Certificate (TW FidO).

The Ministry of the Interior’s mobile Natural Person Certificate app (TW FidO) inherits the X.509 public-key architecture of the chip-based Natural Person Certificate and claims the high security of identity assurance level IAL3 for real-name login to government systems; it also supports FIDO2 for convenient login . However, TW FidO fundamentally continues the centralized PKI trust model: it is a “signing and strong authentication tool,” not a “Verifiable Credential” in VC format for cross-domain transmission. It only provides auxiliary login for identity recognition and electronic signatures, and does not directly serve as an identity document. Its integration flows with third-party services are not sufficiently simple, resulting in limited application scenarios to date and a lack of natural growth of an open ecosystem. Although its legal effect falls under the Electronic Signatures Act framework as a high-strength signature that can be presumed to be the signer’s own, its adoption rate has remained low. According to the Audit Office’s Central Government Final Account Audit Report, as of May 2025, the cumulative issuance of physical Natural Person Certificates was over 10.26 million cards (about 3.37 million valid), and the cumulative issuance of mobile Natural Person Certificates was over 1.15 million cards (about 520,000 valid). Citizens find it difficult to use them in daily life to prove the basic fact “I am someone,” and digital identity verification remains fragmented and siloed.

Taiwan does not yet have an official digital identity card; the traditional ID card remains in paper form. The government attempted in 2020 to introduce a new chip ID (New eID) integrating the ID card and the Citizen Digital Certificate, but the effort ended amid controversies over privacy and cybersecurity concerns, coercion, and insufficient legal basis. Taiwanese citizens still cannot obtain a formally recognized digital identity credential. This gap in digital identity means that, in an era of increasingly common remote work and online services, many people must rely on incomplete digital verification processes (such as providing National Health Insurance numbers or household registration numbers), traditional physical documents, or siloed account systems run by individual agencies, lacking a consistent and secure digital identification method.

Currently, citizens who hold a Citizen Digital Certificate, a registered National Health Insurance card, or Taiwan Mobile Identity (TW FidO) can download various personal data stored within government agencies via the Ministry of Digital Affairs’ “Personal Data Autonomous Use Platform (MyData).” The MyData platform emphasizes “single sign-on identity verification and online self-consent” (note: first-time use requires a second identity verification), allowing cross-agency access to personal data for online or in-person services. However, MyData itself does not issue an independent identity credential, nor does it “endorse” the different documents obtained across agencies; the legal effect of documents is determined by each agency’s own rules. For example, the Ministry of Finance states that various electronic tax documents obtained through the platform have the same legal effect as agency-issued paper documents. Most “documents downloaded to personal devices” are categorized as “personal reference” information rather than signed, verifiable credentials, making them difficult to use directly as legally potent digital evidence in cross-domain automated processes. MyData solves the problem of data invocation but does not address the single-source problem of identity verification; its value lies in “convenience of transmission and access,” not as “verifiable digital credentials.”

The Digital Development Department plans to launch a Taiwan Digital Identity Wallet (TW-DIW) in 2025, adopting international standards such as W3C Decentralized Identifier (DID) and Verifiable Credentials (VCDM 1.1). However, the current plan does not include introducing technologies like zero-knowledge proofs (ZKP) to enhance privacy, nor does it design a trust model compatible with decentralization—for example, recognizing cross-border issuances, commercial issuances, international acknowledgments, or credentials autonomously issued by non-governmental entities. In addition, the Ministry of the Interior currently has no intention of including the existing national ID card in the official digital wallet; even if the wallet goes live, the simplest and most understandable “statutory identity data” for citizens—i.e., the national ID—remains excluded. As a result, the government-issued digital wallet may not be able to serve as a true digital identity, and officials cannot credibly claim it has that capability; its function will be limited to storing secondary credentials like driver’s licenses and will not solve the underlying problem. These limitations indicate that relying solely on the government’s current approach makes it difficult in the short term to build a digital identity system that simultaneously provides privacy, security, and resilience.

Private-sector Opportunity

Despite systemic difficulties, the private sector still has opportunities to open breakthroughs. Faced with problems in the current system, the private sector can explore alternative paths through small-scale pilots—for example, leveraging new technologies such as zero-knowledge proofs (ZKP), decentralized identifiers (DID), and verifiable credentials (VC) to first develop flexible backup digital identity mechanisms. In addition, Taiwan’s unique geopolitical situation and social consensus shape the pressure for reform. As a frontier democratic polity, within Taiwan’s constitutional order, the secrecy of citizens’ communications (Constitution, Article 12) as well as general privacy and information privacy rights (derived from Constitution, Article 22 by Interpretations No. 585 and No. 603) are fundamental rights protected by the Constitution. This framework effectively incorporates personal data and communications privacy into the core considerations of democratic security and national security. This background provides fertile ground for “cypherpunk” development of private-sector-driven digital identity innovation; the modular solution experience accumulated by the private sector can not only be exported abroad and verified internationally but also brought back domestically, creating a virtuous cycle. Through these channels, the private sector is expected to fill gaps and promote diverse development of the digital identity ecosystem while institutions remain imperfect.

Moreover, having enterprises, civil organizations, and even individuals issue and manage verifiable digital credentials can better help Taiwan overcome diplomatic constraints to pursue digital sovereignty. Given the current international trust architectures that disadvantage our country, strengthening private-sector participation in digital identity systems is not only a domestic necessity but also a necessary strategy for Taiwan to continue connecting to the global digital economy and governance systems.

In the ideal model, government public sectors and private entities can each play different roles: the government provides legal status endorsement, infrastructure (such as a national trust framework, PKI framework, regulatory sandbox, etc.), and integration of public services; the private sector supplies innovation and flexibility, proximity to markets and users, widely issues various types of verifiable digital credentials, and jointly operates and maintains a decentralized identity verification network. Mutual trust bridges should be established between the two—for example, the government can recognize certified private credentials, making them compatible with the Electronic Signatures Act for handling government affairs (such as online application of certification documents, real-name health insurance medical visits, etc.); conversely, private services (such as finance, e-commerce, education) can also accept digital identity credentials issued by the government or other institutions, creating a dual-track, complementary-advantages arrangement.

Summary

Governments have gone through many attempts—from eID and Citizen Digital Certificates (自然人憑證) to MyData and TW-DIW—and have encountered numerous problems, often constrained to varying degrees by the bottlenecks of centralized trust models. Whether it is a single chip card, a single central credential set, or limited data sources and application scenarios, there are persistent risks of single points of failure and insufficient coverage. The structural flaws of digital identity systems and the limitations of government roles are intertwined, causing significant challenges to policy implementation.

However, opportunities are also born from these difficulties: private-sector innovation, experimentation, demonstration, and even collaboration have created possibilities for breaking the impasse. Only by acknowledging and addressing the issues above while promoting cooperative efforts between government and civil society can a digital identity ecosystem that balances democratic resilience and privacy security be gradually built, steering digital identity systems toward healthier development.

Chapter 4 | Global Cases & Tech Trends

After summarizing the development history and issues of Taiwan’s digital identity, this study further expands its perspective to international experiences. As a critical infrastructure for contemporary governance, public services, and the digital economy, digital identity is not only a technical issue but also involves privacy, human rights, and sovereignty. Countries present diverse paths in institutional design: some choose state-led, highly centralized control models; others prioritize market considerations, forming quasi-public standards through commercial platforms and technology alliances; still others attempt to place “people-centered” principles at the core, exploring emerging technologies such as decentralized architectures, verifiable credentials, and zero-knowledge proofs to grant citizens greater autonomy. Different political systems, guided by differing national interests, adopt different practical approaches in the field of digital identity.

The reason international cases deserve attention is that they not only demonstrate potential outcomes and risks under different governance models, but also reveal the inherent tensions that digital identity development must face, such as security versus privacy, efficiency versus democracy, and robustness versus resilience. Building on physical card-based credentials, with the proliferation of mobile devices and the expansion of networked services, digital identities have gradually shifted toward mobile and cloud platforms. However, this transformation also brings new challenges, such as identity linkability, the potential for government surveillance, and the risk that infrastructure failure could lead to comprehensive service outages.

Therefore, this chapter will, by comparing different international digital identity policies and practical cases, map out a spectrum from centralization to decentralization, and from state control to citizen autonomy. By contrasting these cases and technological evolutions, we can not only better understand Taiwan’s position, but also assess the significance and potential value of the “Bond for the Future” project in a global context.

4.1 International Case Comparison

Before comparing national digital identity systems, this study must first establish an analytical framework. The development of digital identity often involves technical choices, institutional design, and social values simultaneously; labeling cases simply as “success” or “failure” would fail to capture this complexity. To avoid such simplification, we adopt a “spectrum-based comparison” approach, placing different cases between the poles of “centralized authoritarian control” and “human-centered autonomy,” and using this spectrum to observe their governance logic, technical paths, and risk responses.

This analytical approach draws on the design principles proposed by the OpenID Foundation in its “Human-Centric Digital Identity” report on the one hand, and on the historical-context observations in the author’s prior article “From Household Registration to Avoiding Qin — The Development of Identity Autonomy in Asia in the Digital Age” on the other. The former provides value criteria in international digital identity discussions, emphasizing user-centered and privacy-first design thinking; the latter reminds us that digital identity practices in Asian countries are deeply influenced by traditions of centralized governance, often prioritizing administrative efficiency while neglecting institutional fragility in the face of regime change or disaster.

In East Asian societies, especially regions influenced by Sinospheric culture, “household registration” symbolizes the state’s use of a highly centralized digital identity system to incorporate people into a unified administrative framework to improve governance efficiency and precision in resource allocation; “avoiding Qin” emphasizes the importance of withdrawing and hiding in the digital age to protect oneself, preventing civil identity from becoming a tool of surveillance or persecution. When efficiency is treated as the sole priority, civic rights are often marginalized, and in the event of regime change or infrastructure failure, the consequences can be even more severe. This analytical perspective highlights the importance of considering identity autonomy in the Asian context.

Synthesizing insights from both texts, the comparative spectrum developed in this study can be roughly divided into three types:

• Centralized-authority model: State-led, emphasizes administrative efficiency, but concentrates risk.
• Platform-driven model: Market or financial institution-led, increases convenience and adoption, but lacks public oversight and can easily lead to monopolies.
• Human-centric autonomous model: Emphasizes citizen control and privacy protection, technically relies on Verifiable Credentials (VC), Decentralized Identifiers (DID), and Zero-Knowledge Proofs (ZKP), but faces greater implementation challenges.

To make this spectrum more concrete, this study first cites several international cases here and elaborates on them in subsequent subsections. India’s Aadhaar is a typical centralized model, linking biometrics to social welfare and financial services, but it has sparked intense controversy due to data breaches and surveillance abuses. Estonia’s e-ID demonstrates the high efficiency of PKI card-based credentials, connecting healthcare, tax filing, and voting through the X-Road platform, yet it also faces technical risks from chip vulnerabilities. Japan’s MyNumber Card represents an Asian hybrid path that is government-centered but is gradually moving toward mobile adoption and cross-service integration. Singapore’s SingPass and Sweden’s BankID respectively present transitional models of government-centralized and market-driven approaches—highly convenient but limited in user autonomy. The EU’s eIDAS 2.0 attempts to build an interoperable digital wallet across borders based on human-centered principles, promoting interoperability and privacy protection. Finally, the United States’ mobile driver’s license (mDL) demonstrates an emerging effort relying on international standards (ISO 18013-5), but it is simultaneously constrained by the ecosystem rules of tech giants like Apple and Google.

These cases lie at different points along the spectrum, revealing each country’s trade-offs among security, privacy, efficiency, and autonomy. They are not merely technical experiments but practices of governance philosophy. For Taiwan, such a comparative framework can help us understand our position in international development and provide an evaluation benchmark for the “Bond for the Future” project: how to avoid the traps of centralization while ensuring the system’s practicality and resilience.

4.1.1 Physical Card and PKI-Centric Model

In the early stages of digital identity development, most countries chose to base their systems on PKI (Public Key Infrastructure) paired with physical smart cards as the primary identity verification carrier. The design idea of this model is to use state- or authorized-entity-issued smart cards combined with cryptographic signatures to express intent, ensuring the uniqueness and anti-forgery properties of identity authentication. This “physical card—PKI” model became an important foundation for digital government over the past two decades and laid the groundwork for many subsequent institutional developments.

The most frequently cited success case is Estonia’s e-ID. Since 2002, Estonia has fully implemented a digital identity system centered on the national ID card (ID-kaart). With the card plus a PIN and a card reader, citizens can access healthcare, file taxes, conduct bank transactions, and even vote online. Behind it, the X-Road platform serves as the trust backbone for data exchange, allowing different government and private systems to interoperate in a standardized way and demonstrating high administrative efficiency. However, the Estonian model also reveals the fragility of a PKI-centric approach: in 2017 chip manufacturer Infineon was found to have a vulnerability, forcing 750,000 cards to be urgently replaced, highlighting the risk of a single point of failure.

Another globally widely adopted PKI form of identity is the electronic passport (e-Passport). Following the International Civil Aviation Organization (ICAO) Doc 9303 “Machine Readable Travel Documents” standard, passports embed an NFC chip that stores personal data and digital signatures for cross-border inspection and automated border control. Countries share their signing public keys through ICAO’s Public Key Directory (PKD), enabling customs authorities to instantly verify passport authenticity. This design makes the e-Passport a cornerstone of cross-border trust in digital identity and has been regarded by some emerging applications (such as zkPassport) as an “origin of trust,” attempting to use it for online services. However, this also raises new concerns: if passport chips are abused, could they enable cross-border surveillance or privacy breaches? These questions signal the limitations of the PKI model when extended to broader applications.

In the Asian context, Japan’s My Number Card is also a PKI-centric physical card system. It integrates social insurance, healthcare, and tax information on a single card and has lately moved to virtualize IC card functions as a mobile identity credential through integration with Apple Wallet. While this shift improves convenience, it also exposes a “path dependence” problem: extending an inherently centralized system to mobile endpoints cannot fully avoid linkability and risks of government surveillance. Not to mention the 2025 backdoor controversy over Apple Wallet’s adoption of the ISO electronic driver’s license standard, where issuers could open a backdoor without users’ consent, sparking an international “No Phone Home” movement .

Taiwan’s experience also highlights the limitations of PKI. The Citizen Digital Certificate was promoted since the early 2000s with the intent of using PKI to verify citizens’ identities for tax filing, electronic signatures, and some government services. However, this system never achieved high adoption among the public, due to inconveniences like the need for a card reader, poor user experience, and the gap compared with other modern authentication technologies (such as OAuth, FIDO2, and multi-factor authentication). In public sector discussions about digital identity, PKI is often treated as the only best solution, which means that when interacting with the engineering community, discussions frequently have to be grounded in the Citizen Digital Certificate. In practice, however, modern web services have long accepted more flexible authentication methods, such as username/password combined with SMS OTP, Authenticator apps, or OAuth/OpenID Connect. This shows that PKI should not be considered the sole answer for digital identity, but rather one of many available tools.

Within the Taiwanese government, attempts at digital identity have also long fallen into the “many cards” mindset. From EasyCards, Senior Citizen Cards, Compassion Cards, bus cards to locally issued municipal cards, the forms are varied but the underlying authentication mechanisms differ: some use PKI chip cards, some only have RFID functionality, and the most rudimentary are merely paper with a stamped seal. This fragmented ecosystem reflects the challenges of promoting PKI and forces citizens to carry multiple cards, making it difficult to achieve true “one credential for all,” especially now that smartphones are ubiquitous. Even recent experiments with QR codes and server-side real-time verification indicate that authorities are gradually realizing that “real-time online verification” is more effective than simple card anti-counterfeiting, and are beginning to explore identity verification approaches more flexible than PKI—yet these approaches can also more easily lead to digital surveillance.

Physical cards may still have transitional value, but the real point is the digital credentials and verification mechanisms behind them, not the card itself. In extreme scenarios, the PKI model can even amplify security and human-rights risks. India’s Aadhaar system used biometrics (fingerprint and iris scans) and a central database to build the world’s largest identity infrastructure. While Aadhaar has played a significant role in administrative efficiency, subsidy distribution, and financial inclusion, it has also been repeatedly criticized for security breaches. In 2018, Indian media reported that hundreds of millions of personal records, fingerprints, and bank details could be bought on the black market, leading to widespread identity theft and fraud. This case highlights the risks of over-reliance on centralized databases and PKI credentials: when core nodes are compromised, a nation’s digital identity system faces systemic threats.

Overall, the advantages of physical cards and PKI-based models lie in technical maturity and demonstrated effectiveness, which made them the first choice for many countries during early government digitalization. But their limitations are also clear: concentrated risk—if a single chip or central database fails, it can cause a national crisis; linkability—when the same identity is used across many contexts, the risks of surveillance and privacy invasion increase; and transition difficulty—when systems extend to mobile or cloud platforms, existing designs create path dependence that makes it hard to introduce stronger decentralization and privacy-preserving mechanisms.

Therefore, while the PKI-Centric model laid the foundation for digital identity, its shortcomings also provide a starting point for reflection in subsequent decentralization and human-centered design. On the comparative spectrum in this study, this model generally leans toward the “centralized” end, representing the typical path of a digital identity system that prioritizes “efficiency.”

4.1.2 Mobile Digital Identity and Mobile Device Adoption

As physical cards and PKI-centered systems gradually exposed their limitations, the development of digital identity shifted toward a mobile device model that uses smartphones as the primary carrier. This shift no longer depends on card readers and physical chip cards; instead, the phone itself becomes the authentication tool, completing identity verification through multi-factor methods such as SMS OTP, authenticator apps, fingerprint, or facial recognition. From a technical pathway perspective, it moves identity verification from “hardware-driven” to “software-driven,” bringing the advantages of a low barrier to entry and high ubiquity. For users, this means “your device is your identity,” using a mobile device as the main interface to achieve seamless integration across domains and applications. Its advantage lies in significantly lowering the threshold—no additional hardware is needed—allowing a single phone to integrate healthcare, finance, transportation, and even government services, demonstrating strong potential for widespread adoption.

The most representative examples are the cloud account systems of multinational platforms like Google, Facebook, Apple, and Microsoft. Take Google and Facebook Login as examples: through OAuth 2.0 and OpenID Connect, accounts become “single sign-on” credentials across websites and apps, allowing users to register once and circulate across hundreds of applications. This convenience greatly lowers the user entry barrier and rapidly turns platform accounts into the de facto digital identity standard. However, the price of convenience is platform dependency and data centralization: account equals identity, identity equals data, so platforms gain control over users’ digital personhood and incorporate it into advertising and business models.

Apple emphasizes differentiation within this landscape. Its “Sign in with Apple” design lets users register with third-party services using relay email addresses that hide their real email, attempting to alleviate privacy concerns. This “privacy-first” strategy makes Apple ID a relatively trustworthy cloud identity solution. But its essence remains “platform-centered”: once an account is suspended or hacked, a user’s digital presence can be instantly revoked, exposing the unavoidable “platform dependency” issue. Microsoft promotes enterprise single sign-on through Azure Active Directory, deeply binding digital identity to the workplace and highlighting how cloud accounts permeate both public and private sectors.

Not just tech giants — this trend has attracted many national-level digital identity projects. California’s Mobile Driver’s License (mDL) attempts to digitize the driver’s license and store it on smartphones, following the ISO/IEC 18013-5 standard to ensure verifiability in both government and commercial contexts. mDL allows users to selectively disclose information, for example showing only “over 21” instead of a full birth date, demonstrating the potential of privacy-enhancing design. However, mDL essentially follows the traditional driver’s license logic, making it hard to escape the problem of a single identity being widely reused. We must also ask whether a government-issued identity document alone is sufficient for citizens to meet most needs, without requiring multiple documents that increase citizens’ burdens.

In the Nordics, Sweden’s BankID presents another model of mobile identity. BankID, promoted jointly by major banks, is widely used for online banking transactions, contract signing, and government services, and has become a de facto “national identity system.” Its success lies in public–private cooperation that drove adoption to over 90% of the population, showing the efficiency of institutional integration. However, the structure of equating financial accounts with national identity also means personal data is concentrated within the banking system, posing structural privacy risks.

By contrast, Singapore’s SingPass is characterized by “government-led” design. Initially a single sign-on platform, SingPass has evolved into a super-app integrating hundreds of public and private services. Through SingPass Mobile, citizens can use QR Codes and biometrics to sign into services, and even handle medical and tax affairs. This demonstrates a high degree of efficiency of mobileization in state governance, but it also reinforces government centralized management of citizen data, making issues of surveillance and linkability more salient; even though Singapore has attempted to introduce data minimization principles through the “MyInfo” scheme, concerns remain difficult to fully dispel.

In the Taiwanese context, exploration of mobile digital identity still shows a decentralized and transitional state. The Citizen Digital Certificate and the NHI card both have PKI architectures, but their poor user experience and hardware dependence have limited adoption, and many schools and public institutions have instead turned to cross-border platforms like Google Workspace, causing education data and public services to gradually migrate outward. On the other hand, local governments have experimented with digitizing volunteer honor cards, introducing QR codes and server-side real-time verification that partially replace traditional embossed seals for anti-counterfeiting, indicating that policymakers are increasingly aware that “real-time verification” is more flexible than mere chips and have begun exploring non-PKI digital identity solutions.

Overall, mobile digital identity and device-based approaches represent a path of “convenience and ubiquity,” successfully lowering user entry barriers and driving rapid digitalization of public and private services. However, they also bear three major constraints: first, institutional designs often continue existing logics, producing path dependency and making it difficult to introduce truly decentralized privacy protection mechanisms; second, identities are repeatedly used across domains, making linkability and surveillance risks hard to avoid; third, the rise of platform accounts and government Super Apps has simultaneously reinforced “platform dependency” and “state dependency,” posing new challenges to digital sovereignty and individual autonomy. Therefore, on the comparative spectrum of this study, the device-based model sits between “platform centralization” and “state centralization,” exemplifying an efficiency-first, convenience-oriented trajectory, but also leaving issues that people-centered digital identity design must confront.

4.1.3 Crisis Scenario Cases

When discussing the development of digital identity systems, one cannot use technical standards maturity or administrative efficiency as the sole criteria. This is because digital public infrastructure, like physical public infrastructure, will face extreme scenarios—like flood control systems facing typhoons or power plants facing earthquakes. Simulations and experiences under crisis conditions often better reveal the vulnerabilities of institutional design and their long-term impacts on civil liberties and social stability, especially when Taiwan must prepare for both foreseeable and unforeseeable events.

Myanmar clearly illustrates a case of “how identity systems can be transformed into infrastructure for exclusion and surveillance in fragile polities.” Since the 1982 Citizenship Law, the state has systematically weakened the citizenship and freedom of movement of minorities such as the Rohingya through multi-tiered identity card systems and measures like the National Verification Card (NVC). Even when holding physical documents, they were labeled as “foreigners,” making it difficult to obtain full citizenship and public services—widely studied as a typical practice of “racialized governance and bureaucratic violence implemented through identity documents.” In the mid-to-late 2010s, the Myanmar government began planning a digital identity and electronic ID (e-ID) system centered on biometrics and a centralized database, combined with mandatory SIM registration and retention of communications data. Advancing this without independent data protection laws, oversight mechanisms, or redress channels was preemptively warned by multiple human rights organizations as likely to strengthen the state’s ability to identify and surveil minorities and dissidents rather than promote inclusive governance. After the 2021 military coup, these risks materialized rapidly. The junta took control of telecommunications and data infrastructure, combining identity databases, SIM registration, social media monitoring, and internet shutdowns to track, locate, and arrest dissidents and citizen journalists. International reports repeatedly described the situation as a “digital iron curtain” or “digital dictatorship,” noting that identity and communications data had become core nodes of repression. At the same time, under extremely opaque structures the military government continued to push the e-ID project, demanding the collection of large-scale biometrics and personal data, further amplifying risks of data misuse and selective exclusion. In this context, natural disasters and armed conflict compounded the effects, making the impact of identity systems on the right to survive even more acute. Internally displaced persons and Rohingya communities in Myanmar have long been obstructed from obtaining legal identity documents, being included in official registries, and receiving travel permits, resulting in situations where some of the most severely affected groups—after floods, earthquakes, and other disasters—could not access basic aid such as food, medical care, and shelter because they lacked identities and freedom of movement recognized by the regime.

Ukraine’s digital governance experience presents another possible path for “digital identity as resilient backup infrastructure.” Since 2020, Ukraine has used Diia as the core gateway of the “state in your phone,” integrating digital passports, driver’s licenses, tax filings, business registrations, and various social services into a single app and online platform, and linking multiple distributed registries through data exchange systems like Trembita to form highly interoperable digital public infrastructure. Assessments indicate that before the war Diia had amassed over 20 million users and more than a hundred online services; after Russia’s full-scale invasion, the government was able to rapidly expand wartime functionality: including registering internally displaced persons, applying for “eRecovery” war damage compensation, distributing emergency and salary subsidies, purchasing war bonds, and, via Diia attestations directing to channels like “eVorog,” assisting the military in intelligence collection, as well as providing online broadcasts and information updates when power and infrastructure were damaged. These designs have enabled large numbers of citizens who lost paper documents or were displaced by the war to maintain their legal relationship and welfare linkages with the state by relying on digital documents and accounts on their phones, often cited as a typical case of how digital identity can strengthen state resilience in high-risk contexts. However, this model also concentrates credentials, communications, and sensitive transactions within a single ecosystem, raising a range of risks and regulatory issues: if critical servers or communications infrastructure are hit by cyberattacks or physically destroyed, identity authentication and benefit distribution could be paralyzed simultaneously; without stringent technical and legal boundaries, the large-scale behavioral and location data collected during wartime could be transformed into tools of surveillance and repression in cases of regime change or backsliding of the rule of law. From Ukraine’s case we can extend the discussion that dispersing authority in system design, strengthening independent oversight, and providing offline backups may help prevent resilience tools from sliding into centralized-risk and potentially authoritarian digital governance models.

The situation in Afghanistan was even more severe. In the 2010s, the U.S.- and allied-funded Afghan government actively promoted biometric-based digital identity systems for military and police recruitment, elections, and social assistance. However, after the Taliban took power in 2021, those databases quickly became tools for tracking down opponents, exposing tens of thousands of citizens who had cooperated with U.S. forces or the former government to danger. This case highlights the risk of data being misused after a regime change. While tools are neutral and their impact depends on whether their users intend good or ill, poorly designed digital services can turn a convenience system into an instrument of repression after institutional shifts, directly threatening citizens’ lives and safety.

Finally, China’s model represents the extreme at the other end. Through real-name registration, electronic ID cards, and a social credit system, the Chinese government has constructed a highly centralized digital surveillance architecture—or more precisely, a regionally totalitarian control system based on central directives. Citizens’ consumption, travel, and social behaviors can be included in databases and further linked to credit scores, administrative sanctions, and even exit controls. This design does improve government efficiency in public security and administrative management, but its “panoptic surveillance” characteristic makes avoidance nearly impossible for citizens, and privacy and freedom are therefore severely constrained. China’s case demonstrates that when digital identity is tightly bound to social governance, surveillance becomes an embedded feature of the system.

Overall, crisis scenarios reveal another side of digital identity systems: they are not only symbols of convenience and efficiency but can also be sources of oppression, exclusion, and risk. These experiences remind us that the design of digital identity must seek a balance among technology, governance, and human rights; otherwise, when crises occur, the costs will be borne by the most vulnerable groups.

4.1.4 SSI and Decentralized Digital Identity

Beyond crisis cases and transitional platforms, another widely anticipated development path is Self-Sovereign Identity (SSI). Its core idea is that “identity belongs to the individual, not the government or a platform.” Through decentralized technologies and cryptographic standards, users can selectively disclose information and autonomously control the storage and sharing of credentials.

At the regulatory level, Utah passed SB260, the “Digital Identity” law, in 2024, which is seen as a new frontier for user-controlled digital identity. The law allows residents to carry government-issued credentials in a digital wallet and regulates the privacy, interoperability, and selective disclosure mechanisms of those credentials, preventing governments or companies from excessively concentrating control over personal data. On the other hand, the EU’s eIDAS 2.0 and the “EU Digital Wallet” seek to establish a cross-border, trust-based decentralized identity framework, requiring member states to jointly promote verifiable credentials within the EU framework and granting citizens wallet-centric identity management authority. These developments show that SSI is no longer just an ideal of technical communities but is gradually entering legal practice.

At the technical level, the Self-Sovereign Identity (SSI) ecosystem is progressively moving from concept to verifiable infrastructure, built on the W3C standards for Decentralized Identifiers (DID) and Verifiable Credentials (VC). DID Core v1.0 has become a W3C Recommendation, providing a framework for decentralized identifiers and resolution of corresponding documents; the VC Data Model evolved from 1.1 to 2.0, approved in 2025, and together with specifications like VC Data Integrity, it establishes a technical path for multi-party issuance, wallet holding, and offline verification. This allows credentials to be validated without returning to a central database, reducing single points of failure and the risk of digital footprints being collected through “phone home” behavior. However, jurisdictions have not converged on a single “pure SSI” model in implementation; instead, they have followed several representative evolutionary paths shaped by existing administrative traditions, regulatory structures, and risk preferences—ranging from nationally signed mobile licenses to open-source, privacy-first government wallets to nation-scale identity infrastructures built on public blockchains—illustrating diverse approaches with similar value claims but different execution routes.

California’s mobile Driver License (mDL) pilot represents an “incremental digitization” route centered on ISO 18013-5/-7 and strong national/state issuance. The California DMV launched the CA DMV Wallet as the official container, designed as a voluntary pilot capped at about 1.5 million users; credentials must be periodically refreshed and can be loaded into the DMV Wallet, Apple Wallet, or Google Wallet for use. The Transportation Security Administration (TSA) is gradually deploying CAT-2 devices and digital identity workflows nationwide, allowing compliant mobile identity proofs to be accepted at 250+ airport security checkpoints. This path still involves state-level centralized issuance and management of foundational data, but adopts standardized mDL/mDoc protocols and a “minimum necessary disclosure” interaction design at the protocol layer, claiming that verifiers only read required fields and do not return inspection logs, thereby introducing privacy and device-side control principles emphasized by the SSI community while maintaining strong real-name and border security requirements ¹⁰ . The institutional implication is that the state has not loosened its monopoly on “legal identity” but has used cryptography and standardized interfaces to reduce over-disclosure and duplicate data collection.

British Columbia’s BC Wallet in Canada is closer to the SSI narrative. The BC government built credential issuance and verification infrastructure using open-source stacks such as Hyperledger Aries and AnonCreds, and explicitly adopted the principle that the government does not know when you present a credential, storing digital credentials only on user devices and not centrally retaining presentation records. The 2023 “Code With Us” project further promoted interoperability between AnonCreds and the W3C VC data format, enabling BC Wallet to integrate into the broader VC ecosystem while maintaining zero-knowledge properties and selective disclosure. This model positions the government as a funder and user of open protocols and open-source projects rather than as a data monopolist, and in terms of value proposition serves as a national case more closely aligned with SSI principles in practice.

Bhutan’s National Digital Identity (NDI) demonstrates a small-country path of deeply integrating sovereignty narratives with decentralized technologies. Since 2023 NDI has centered on DIDs and VCs, emphasizing that “people own their digital identity,” using a mobile wallet to hold government-issued attribute credentials as a common infrastructure across ministries and services. Recent developments are particularly significant: the government completed an intermediary migration from Hyperledger Indy to Polygon and in October 2025 announced the start of a full integration with the Ethereum public blockchain, with major credential and service migrations expected to be completed before Q1 2026; statements emphasize that Ethereum’s high degree of decentralization and open-source ecosystem helps improve resistance to destruction and international interoperability, and Bhutan has collaborated with the Ethereum community on hackathons and application development. Bhutan thus became one of the first countries to anchor a national-level SSI system to a mainstream public chain. Its design both strengthens individuals’ portability and verifiability of credentials and signatures, and partially outsources the national root of trust to a globally co-governed blockchain infrastructure, prompting a dialectic about whether the sovereign trust base should be controlled by national infrastructure or by optionally trust-minimized public blockchains—a question worthy of careful assessment by other democracies and multilateral institutions.

Germany and the EU, through the EU Digital Identity Wallet (EUDI Wallet) framework, have taken a regulatory- and market-driven route toward wallet homogenization. Since 2023 the EU has launched four large pilot programs (such as POTENTIAL), testing wallet interoperability across government services, finance, telecommunications, mDL, electronic signatures, and health data in multi-country, multi-sector contexts, with a policy goal of making wallets available to most EU residents by 2030. Germany further led the “EUDI Wallet Prototypes – Funke” competition under the Federal Agency for Disruptive Innovation (SPRIND), publicly funding multiple teams to develop open-source prototypes in 2024–2025 that are required to support legal identity (PID), attribute credentials, anonymous logins, and cross-border interoperability; the results will feed directly into the future national EUDI wallet architecture. The EU has not reduced SSI to a purely decentralized narrative; rather, through eIDAS 2.0 it mandates privacy protection, data minimization, and cross-border mutual recognition, embedding standards like DID/VC within a top-down public infrastructure and market ruleset.

New Zealand follows a “legal-first + gradual walletization” approach, using the existing RealMe as the long-term online identity and authentication service, and establishing a trust framework and privacy rules for service providers through the Digital Identity Services Trust Framework Act 2023. From 2024–2025, the Department of Internal Affairs will promote a government-level app and digital wallet initiative, planning to incorporate RealMe, biometric verification, and certified VCs into a single government application while retaining multiple access channels to avoid excluding those who cannot or do not wish to use smartphones. This model centers on “regulatory and governance design” as its core innovation, rather than immediately moving to full decentralization: the government defines the responsibilities, interoperability, and audit mechanisms of wallets and credential providers through the framework law, then progressively introduces VCs and mobile ID implementations, attempting to institutionalize a balance between user control, industry innovation, and public oversight.

These cases reflect three technical approaches: first, the mDL/mDoc family (such as in U.S. states) excels at “on‑the‑spot verification / digitization of physical credentials”; second, the VC/DID family (British Columbia, provinces, Bhutan, Germany, New Zealand) excels at “cross‑domain credential circulation and minimal disclosure”; third, the hybrid model (EU ARF) supports both mDoc and VC/SD‑JWT to ensure cross‑border interoperability and governance consistency.

It is worth noting that the idea of SSI actually inherits attempts from early Internet communities. For example, the 1990s PGP Party performed decentralized verification through a “web of trust.” However, the PGP Party ultimately failed due to operational inconvenience and lack of adoption, though a few communities still use PGP keys for small‑scale mutual recognition, such as email threads. Today’s digital wallets are seen as a renewed attempt at this idea, translating community trust into practical everyday mechanisms through more user‑friendly experiences and standardized protocols.

Overall, SSI and decentralized digital identity represent the other end of the spectrum. Centered on autonomy, decentralization, and privacy protection, they counter the risks of traditional centralized models. It is worth reiterating that decentralized digital identity does not oppose state or platform involvement, but advocates making user control, minimal disclosure, and “no phone home” defaults, and replacing ubiquitous “data back‑channel lookups” with regulated trust lists and issuer governance. The EU ARF even introduces zero‑knowledge proofs and de‑linking risk mitigation strategies in its “connectivity risk” chapter to ensure that portability and privacy are not sacrificed at cross-border scale.

4.1.5 Advocacy and Civil Society Movements

Beyond the institutional and technical architectures of digital identity, civil society communities and advocacy movements continue to play a critical role. They often do not build systems directly, but engage through public discourse, participation in standards-setting, and policy advocacy, raising awareness of the risks of digital identity and proposing alternatives that align with human rights and privacy. Among recent developments, the most representative cases include the “No Phone Home” movement and the related critiques from the Electronic Frontier Foundation (EFF).

No Phone Home Movement

In June 2025, digital identity researcher Kaliya Young and several experts launched the “No Phone Home” movement, calling for global digital identity designs to avoid “phone home” mechanisms. “Phone home” refers to situations where the issuer is instantly notified whenever an individual presents a digital credential. For example, when someone presents a digital driver’s license to purchase alcohol, the issuing government would immediately become aware of the transaction. This design is already a reality in several countries and systems: India’s Aadhaar, Singapore’s SingPass, Estonia’s eID, and the Nordic BankID all fall under the “phone home” architecture.

The core argument of No Phone Home is that “the relationship between a state and its citizens is not the same as that between a company and its employees.” Within a company, it is reasonable for an employer to know how employees use corporate identities; however, in the relationship between a state and citizens, if the government can monitor every use of an individual’s identities, it violates privacy and the principle of proportionality. The movement advocates an alternative design: the “three-party model,” in which an issuer issues credentials to a holder, and the holder provides cryptographic proofs of those credentials to a verifier, with no direct communication between the issuer and the verifier. In this way, the issuing authority cannot track where or when an individual uses their credentials.

Notably, this issue has emerged in international standards processes, and the No Phone Home movement was launched amid related controversies. The W3C explicitly adopts the three-party model in the Verifiable Credentials specification to avoid phone home risks; however, ISO 18013-5 (mDL/mDOC), the mobile driver’s license standard, includes a “server retrieval” option that allows the verifier to retrieve information from government servers, effectively opening the possibility of phone home. The American Civil Liberties Union (ACLU) warned in a report that such a design could enable the government to obtain real-time knowledge of citizens’ daily movements. The No Phone Home statement therefore specifically targeted the privacy risks of mDL and called on policymakers and developers to disable that option in implementations.

Criticism and advocacy by the EFF
In line with this, the Electronic Frontier Foundation (EFF), which has long focused on digital human rights, has also warned about the design directions of digital identity. In several articles from 2024–2025, the EFF noted that digital identity systems “are not something everyone needs, nor something everyone can bear.” The EFF criticizes two common misconceptions: first, the belief that zero-knowledge proofs (ZKP) alone can solve all privacy problems while ignoring institutional design flaws; second, treating digital identity as universal infrastructure while overlooking the disproportionate risks it may pose to vulnerable groups. The EFF emphasizes that even if privacy-preserving mechanisms are provided technically, if institutions require everyone to possess a certain digital identity, exclusion and surveillance will still be exacerbated. For example, if a government or platform requires people to hold a digital identity to access basic services, those who lack a mobile phone, cannot pass verification, or are denied for political reasons will be thoroughly marginalized. Such a design could, in practice, undermine the very “inclusivity” that digital identity claims to enhance.

The above advocacy illustrates that the development of digital identity cannot rely solely on top-down planning by states or tech companies; participation from civil society communities is a necessary condition for ensuring that systems are “human-centered.”

4.2 Technical inventory and considerations for “Bond for the Future”

4.2.1 Fundamental and key technologies

The development of digital identity depends not only on institutional design but also on the maturity of foundational technologies. The key technologies for digital identity address three fundamental issues: how to ensure the authenticity of identity information, how to share and verify it securely, and how to avoid excessive centralization and surveillance risk. Current foundational designs mostly adopt a three-party model: an Issuer issues credentials to a Holder, who then presents proofs to a Verifier. The value of this model is that credentials can be independently verified without returning to the issuer (no phone home), avoiding linkability of data and panoramic surveillance by governments or platforms.

Decentralized Identifiers (DID) and Verifiable Credentials (VC) have become the core standards of contemporary digital identity foundational design. According to the W3C Decentralized Identifiers (DID) v1.0 recommendation, a DID is an identifier that does not rely on a single central registration authority and can be deployed on public chains, consortium chains, DNS/HTTPS architectures, or generated and verified in offline contexts via mechanisms like did:key, forming multiple technical paths and responding to discussions that “blockchain is not the only prerequisite for digital identity.” The W3C Verifiable Credentials Data Model 2.0 defines a VC as a data container protected by cryptographic signatures, allowing an issuer to assert specific attributes, which the holder stores in their own wallet and selectively presents to verifiers; verifiers can independently perform verification using public keys and standardized structures without reconnecting to the issuer or a central database each time, thereby reducing risks of centralized surveillance and single points of failure. The combination of DID and VC strengthens the Issuer–Holder–Verifier three-party model: users manage their credentials with DIDs, and the presentation and verification of credentials are completed through cryptography and mutual verification rather than relying on platforms or governments to arbitrate identity relationships in real time.

Although VCs and DIDs can provide verifiable and decentralized identity representations, if every presentation requires handing over the “entire” credential or linkable identifying data, cross-service traceability risks remain; therefore, mechanisms that minimize disclosure and resist correlation are needed to reduce the possibility of aggregation and matching. The W3C VC and DID specifications also explicitly highlight privacy considerations regarding correlation and minimal disclosure. So-called Selective Disclosure (SD) allows holders to reveal only the information necessary for verification, for example proving “age ≥ 18” without exposing the full birthdate. Such approaches have recently been implemented commonly in the SD-JWT family, and W3C has defined compatible usage with SD-JWT in the VC JOSE/COSE specifications to combine VC/VP (Verifiable Presentation) with selective disclosure.

Zero-knowledge proofs (ZKP) add the capability to “prove a statement is true without revealing the underlying value,” for example proving salary exceeds a threshold or that an account belongs to a whitelist. As of now, CL signature AnonCreds natively supports various “predicate proofs” (such as range/inequality); BBS+ excels at “unlinkable selective disclosure,” but for complex predicates like ranges it typically needs to be paired with additional ZK protocols, and has not yet become a mainstream standard like AnonCreds; SD-JWT provides “selective disclosure” but is not itself a ZK proof. The Ethereum Foundation’s ZKP survey research is also establishing an evaluation process for ZK tooling maturity.

Digital credentials require revocable and auditable state management to avoid the tracking risk that arises if every verification calls back to the issuer. The prevailing approach uses a status list mechanism that represents the states of many credentials as a bit array; verifiers can offline or batch-compare the bit at the corresponding index to determine revocation status. This is clearly defined with examples in W3C’s Bitstring Status List specification and in the EU EBSI implementation. For scenarios requiring stronger privacy protection, revocation proofs supported by cryptographic accumulators can be used, enabling holders to prove a credential has not been revoked without revealing linkable identifiers. This approach has long been used in AnonCreds’ revocation design and continues to evolve into new versions to improve scalability and performance.

Cross-border trust requires clear, verifiable trust boundaries and sources of authorization, so it is necessary to establish and publish lists or registries showing who may issue which types of credentials. Internationally, general protocols and platforms for querying authorization relationships have emerged, such as ToIP’s trust registry query protocol and the EU EBSI trusted issuer registry; both are used to let relying parties quickly confirm whether a particular entity is authorized to issue corresponding credentials under a specific governance framework. However, there is not yet a multilateral intergovernmental, or globally-consensed public–private, trust framework.

4.2.2 Trust Foundations

The key to a digital identity system lies in whether the trust foundation is sound; this involves not only technical implementation but also governance and regulation. Who is authorized to issue and verify, whether cross-border mutual recognition and audits are possible, determine the system’s security and legitimacy. International mainstream practice centers on verifiable credentials and decentralized identifiers, and establishes traceable and auditable trust boundaries through layered trust architectures and governance frameworks.

The common global paths are roughly divided into public chains and consortium chains, each reflecting different trust and governance models. Public chains emphasize open verification and transparency, while consortium chains emphasize member governance and regulatory control; both can serve as anchors for trust registries or credential status to support cross-domain audits and mutual recognition.

Public chains, such as the Ethereum blockchain route, offer advantages in cross-border verifiability and resistance to single-point dependence, and can be used as public trust registries and status anchors, allowing any relying party to audit authorizations and revocation status without relying on a single jurisdiction. In practice, there are already solutions that combine zero-knowledge proofs with verifiable credentials and support multi-chain scenarios, such as Polygon ID and Rarimo, and even Bhutan’s national digital identity project.

Public chains also face three significant challenges. The first is transaction costs and scalability: costs may rise during demand peaks and affect large-scale services. The second is privacy and governance risks from data immutability: if identifiable or linkable personal data is written on-chain, subsequent corrections and deletions become difficult. The third is regulatory uncertainty: authorities in the EU and UK have issued guidance on blockchain and data protection, advising that off-chain storage should be prioritized and impact assessments conducted.

Consortium chains and permissioned networks are more common in government and enterprise scenarios; their closed architectures lead decision-makers to view their approaches as clear and access as controllable, making regulatory compliance and auditing easier to implement. Representative cases include British Columbia’s BC Wallet ecosystem, which uses Hyperledger Aries and AnonCreds to support privacy-enhancing credential issuance and presentation; and the EU’s EBSI as a cross-border infrastructure that provides credential services such as academic qualifications and legal entity registration, along with registries of trusted issuers and governance.

The limitation of consortium chains is that cross-border and cross-network interoperability is less natural, and external observability also depends on member endorsement and governance arrangements. Academic and industry research generally point out that differences between heterogeneous chains in consensus, access models, and standards make interoperability and cross-domain verification more challenging, especially when linking permissioned and permissionless networks, which requires additional mechanisms.

Another approach attempts to use non-transferable tokens (also called soul-bound tokens) as carriers of identity or reputation, but their non-revocable and hard-to-correct nature, combined with on-chain publicly visible characteristics, introduces risks of privacy leakage and stigmatization. The original paper framed such tokens as a way to encode long-term relationships and reputation; subsequent research and industry observations caution against binding sensitive personal data immutably to public addresses, as this can conflict with rights to rectification or erasure.

In summary, the trust model directly affects technical and institutional trade-offs. Current trends favor hybrid architectures that use verifiable credentials and decentralized identifiers to support minimal disclosure and revocability as core capabilities, supplemented by zero-knowledge proofs to strengthen privacy, and maintained cross-border interoperability and governance auditability through trust registries and state anchoring on public or consortium chains. Related standards are gradually converging, for example OpenID’s credential issuance and security and trust specifications, ToIP’s trust registry query protocol, and the EU’s trust lists and trusted issuer designs in EBSI and digital identity wallets.

4.2.3 Commercialization Challenges

Beyond standards driven by public institutions and governments, the commercialization pathways for digital identity also deserve attention. Most current solutions come from the Web3 ecosystem and large platforms, combining decentralized identifiers and verifiable credentials with zero-knowledge proofs, attempting to apply them to scenarios such as age verification, login, and risk control. However, without transparent governance and rights protections, they can indeed cause privacy violations and exclusion risks, so institutional design remains essential.

Privado ID is the successor development of Polygon ID; in 2024 it became independent from Polygon Labs and operates under a new name, with the official emphasis on a privacy-first and cross-ecosystem interoperable positioning. Its technology combines decentralized identifiers and zero-knowledge proofs, and it promotes age verification and minimal disclosure as primary application directions, demonstrating a product strategy centered on user control and selective disclosure.

Next ID’s focus is not on establishing a unified standard for verifiable credentials, but on providing tools to create and manage decentralized identifiers, linking multiple identifier fragments such as wallets and social accounts into a portable identity graph, and offering identity linking and data backpack services. Overall it trends toward developer orientation and continuous evolution, and can be regarded as a reinforcement of identity correlation and aggregation capabilities.

Microsoft Authenticator can now function as a wallet to store and present verifiable credentials, integrated with Microsoft Entra Verified ID’s issuance and verification services, while also allowing identity authentication partners to act as issuers. The official design currently positions Authenticator as the primary user agent and adopts a web-based decentralized identifier trust framework, making integration with enterprises relatively straightforward. Because the client can view presentation activity logs, implementations should adopt metadata minimization and transparent logging strategies to balance auditability and privacy.

Rarimo is centered on a zero-knowledge registry and operates on a zero-knowledge aggregation chain, aiming to deliver and verify private data on-chain while supporting multi-application and cross-chain synchronization. Its ecosystem includes passport-based zero-knowledge credentials and anonymous voting tools, as well as self-recovering identity and wallet solutions, attempting to strike a balance between privacy protection and verifiability. This direction is technologically forward-looking, but the trust sources for credential validity and the pathways for interfacing with traditional regulation still await market validation.

Overall, commercialization depends on whether technology and governance can advance in tandem. Key tensions include choices about trust sources and traceability, trade-offs between cross-platform interoperability and platform dependence, and balancing minimal disclosure of private data. International experience suggests adopting open standards and transparent oversight to reduce the risk of technical lock-in, and exploring feasible approaches to reduce data exposure using zero-knowledge proofs within the legal frameworks of mainstream democratic countries.

4.3 The Digital Trust Challenges of Emerging International Technologies

4.3.1 Risk Aspects of Digital Identity

Digital identity is indeed a critical infrastructure of the digital society, and it carries high risks. W3C’s Identity & the Web document and related presentations point out that identity is not merely a single technical identifier; it involves social and governance aspects such as human rights and privacy. Standardization can mitigate impacts like surveillance and discrimination, and they emphasize that the technical and policy aspects of identity must be considered together.

International human rights law has long affirmed the fundamental right to legal recognition of personhood. Article 6 of the Universal Declaration of Human Rights and Article 16 of the International Covenant on Civil and Political Rights both explicitly stipulate that everyone has the right to be recognized everywhere as a person before the law. In the context of digital transformation, this should serve as the baseline for the design and implementation of digital identity. Digital identity brings both opportunities and threats. On the opportunity side, if designed according to human rights and privacy principles, it can help forcibly displaced and stateless people obtain verifiable identities and services, and promote mutual recognition of identity and accessibility of public services in cross-border contexts.

When assessing risks, Microsoft’s Harms Modeling framework can be cited to systematically identify harms at different levels. This framework extends harm types to include deprivation of opportunity and economic loss, and also covers human rights violations such as dignity and privacy, providing a means to identify and mitigate issues in product and system design in advance. In this context, the principles of anti-surveillance and unlinkability are especially critical. The former means that an identity system should not allow a single entity to continuously observe a user’s identity operation traces; the latter requires that credentials or proofs presented in different contexts cannot be linked back to the same individual. W3C explicitly treats selective disclosure and unlinkability as design goals in the Verifiable Credentials data model and the BBS cryptographic suite specifications to reduce the risk of transactions being correlated.

Most current centralized solutions still struggle to meet these requirements. For example, India’s Aadhaar authentication process sends data to a central identity database for online verification and retains audit logs, allowing the issuer to know the time and context of each authentication. Singapore’s Singpass uses OpenID Connect’s authorization code flow, with a central identity provider performing user authentication and returning tokens to relying parties, which is an online federated authentication. Even in a decentralized context, requiring the verifier to interact online with the issuer at authentication time increases transaction linkability. The OpenID Foundation’s analysis of government credentials points out that, compared with centralized models like Aadhaar and Singpass, keeping the issuer out of the authentication process can reduce the risk of transactions being linked.

Overall, the risks stem not only from external attacks but are deeply rooted in architectural and governance choices. The W3C warns that the systemic impacts brought by identity must be mitigated at both technical and governance levels; otherwise, no matter how advanced the cryptography, improper architecture and permission configurations could lead to a failure path of full observability and high linkability.

4.3.2 Immature Technology and Policy Adoption

Zero-Knowledge Proofs (ZKP) have attracted attention in the digital identity space in recent years. Their core value is completing verification with the minimum necessary information, allowing users to respond only yes or no—for example, proving they are over eighteen without revealing their birthdate. This approach aligns with the design goals of selective disclosure and unlinkability. However, ZKP adoption involves a gap between technology and governance. The complex mathematics and implementation details are difficult for decision-makers to grasp, leading policy circles to prefer existing traceable and revocable mechanisms to spread risk. This creates a trust and understanding divide between engineering communities and policy communities.

QuarkID in Buenos Aires, Argentina, can serve as an observational case. In October 2024, the city government integrated QuarkID into the miBA app with the goal of enabling 3.6 million citizens to manage verifiable credentials in a decentralized manner. Technically, it uses the ZKsync Layer-2 network and employs zero-knowledge techniques to reduce unnecessary disclosure and strengthen credential verification. Official and technical documents position QuarkID as an open digital trust and self-sovereign identity framework, emphasizing decentralization and interoperability.

Observations from civil advocacy organizations remind us of the limits of institutional measures. The Electronic Frontier Foundation notes in related articles that ZKPs can reduce data disclosure in a single verification but cannot prevent verifiers from repeatedly requesting or over-requesting data, nor can they stop websites from collecting users’ IP addresses or device information, and they cannot address the large volumes of personal data and long-term linkability issues inherent in the data brokerage market. Without legal and institutional constraints, relying solely on ZKPs is insufficient to fully protect privacy.

Overall, ZKPs are an important tool for building human-centered digital identity, but policy adoption still faces three challenges. First is the gap in technical communication: decision-makers find it difficult to grasp complex mechanisms. Second is the lack of institutional support: regulations and governance norms have not yet matched real-world usage scenarios. Third is the boundary of privacy protection: even with ZKPs, if verification processes and platform behaviors are not regulated, over-requesting and centralization risks may still occur. Only with legal regulation, technical design, and social consensus advancing together can ZKPs’ potential be truly realized and repeated setbacks avoided.

4.3.3 Trust Lists and Governance Challenges

The advancement of digital identity is not just an engineering issue but also a matter of cross-border governance and coordination of trust frameworks. In the EU model, for example, ecosystem participants must identify and authorize each other based on trust lists: from qualified trust services to wallets and verification services, identities must be verifiable within regulated registries. This list-based governance aims to maintain sustainable mutual trust among different authorities and markets, avoiding fragmentation and the risk of single-point monopolies.

Reviewing the experience of the Web of Trust reveals practical limitations. Research and field observations consistently identify three long-term bottlenecks: first, difficulty scaling — sparse signature networks are not conducive to large-scale verification; second, inadequate certificate revocation and state-maintenance mechanisms, which cause directories to become outdated easily; third, a poor user experience — key management and endorsement workflows present a high barrier for ordinary users. These factors have prevented the model from reaching mainstream adoption.

Digital wallets have not automatically solved the above challenges, but their legal and technical foundations have advanced significantly. The EU’s European Digital Identity framework came into effect in May 2024; member states must provide at least one wallet and enable cross-border recognition by the end of 2026, while interoperability, certification, and security requirements are being refined through multiple rounds of implementing acts and reference frameworks. Official documents also explicitly list cross-border use cases such as bank account opening, healthcare, education, telecommunications, and travel. In other words, the foundational rules are set, and implementation specifications are still being fine-tuned and integrated on the ground.

Interoperability is still being built out; in the short term, existing national identity schemes and new wallets will operate in parallel, and enterprise integrations tend to be cautious due to details around certification and allocation of responsibilities. National-level schemes like the Nordics’ BankID continue to operate and participate in large EU pilots, demonstrating the coexistence and coordination needs during the transition. Industry observers have used the analogy of high-speed trains versus motorcycles to describe the gap between vision and reality, pointing to the time required for governance and market maturity to move from pilots to full adoption.

Multilateral governance also highlights inclusivity gaps. The 2025 WSIS+20 meeting emphasized multi-stakeholder participation, but civil society and Global South groups simultaneously called for strengthened substantive participation and feedback mechanisms to avoid mere formal presence without agenda influence. Related documents and initiatives recommend incorporating impact assessments and institutionalized consultation arrangements into decision-making and standards development to reduce legitimacy deficits.

Technical standards are not value-neutral. Choices of identity models, whether to use verification flows that return to the issuer, and whether to support selective disclosure all shape the power relationship between citizens and the state or platforms. In design, requiring verification to connect back to the issuer in real time may help dynamic risk control and revocation, but it can also create usage trails that are susceptible to abuse. In response, standards communities have proposed privacy-preserving approaches such as privacy-checkable status registries and selective disclosure to reduce tracking risks, including W3C Verifiable Credentials and IETF SD-JWT pathways, as well as no-back-channel demands for mobile driver’s license standards. These solutions share a common direction of prioritizing offline or low-linkability presentation while supporting revocation and deactivation through public status lists.

In summary, the core of trusted lists and governance is how power is shared. The history of the Web of Trust reminds us that decentralization requires a trade-off with manageable and controllable registry mechanisms. The EU wallet demonstrates cross-border recognition and legal convergence, but true interoperability and adoption still depend on the maturity of trust infrastructure and implementation details. In multilateral arenas, meaningful inclusion of civil society and Global South interests requires bilateral consultation and transparent feedback, so that long-term trust in digital identity can be anchored in human rights and the public interest.

4.3.4 Influence of Tech Giants

In the evolution of digital identity, large technology companies are progressively shaping de facto specifications and practices. Operating systems and built-in wallet applications affect not only user experience but also create a governance reality where platforms become standards in cross-border verification and industry collaboration.

Since introducing Sign in with Apple in 2019 and promoting passkeys in 2022, Apple has continued to center privacy and minimal disclosure in its designs. Beginning in 2025, Apple implemented the W3C Digital Credentials API draft in Safari/WebKit (Safari 26, with iOS 26 and related releases) and integrated it with Apple Wallet’s digital identity documents. Standards-compliant websites can, via a standardized API, request that users selectively release fields from mobile identity documents stored in the wallet (such as mDL/mdoc conforming to ISO/IEC 18013-5/-7) for use cases like age verification, KYC, or real-name registration; with the user’s consent, the browser and wallet transmit the relevant information through encrypted channels, reducing the traditional need to upload document scans and perform selfie comparisons. This mechanism currently still depends on Wallet identity documents and service integrations available in specific regions and is built on the W3C Digital Credentials API specification, which is still under development. This combination extends the use of digital credentials from primarily in-person scenarios to online identity and age verification.

In the United States, Apple has enabled adding state IDs or driver’s licenses to Wallet in multiple states and territories, allowing them to be presented at certain TSA checkpoints and some merchants for age and identity verification. The official list of supported jurisdictions includes Arizona, California, Colorado, Georgia, Hawaii, Iowa, Maryland, Montana, New Mexico, North Dakota, Ohio, Puerto Rico, and West Virginia. Japan opened the ability to add My Number cards to iPhone Wallet in June 2025, with presentation possible both in person and within some iOS apps; this is the first Apple digital identity integration implemented outside the United States and indicates that Apple is becoming one of the significant partners in national digital identity infrastructure.

Improved convenience also brings governance risks. When national-level identity documents use platform wallets as the primary interface, authority over standards and implementation details partially shifts to platform providers, reducing governments’ discretion over privacy protection and technical autonomy.

On Google’s side, in April 2025 Google announced that UK residents could create a digital identity passport from their UK passport and store it in Google Wallet, initially in cooperation with UK rail operators for age and eligibility verification for Railcards. Google also introduced zero-knowledge proofs to enable responses limited to whether a user is over eighteen, and committed to open-sourcing the related technology; a library was released in July. The UK’s digital identity trust framework is still expanding and being accredited, and Google noted that Wallet identity passports must complete the relevant compliance processes before they can be more widely used in regulated contexts.

The EU, through eIDAS 2.0 and the EUDI Wallet, is building a public-sector-led cross-border digital identity framework that requires member states to provide wallets and promotes mutual recognition and private-sector adoption. However, in practical deployment, OS- and platform-based wallets have already taken the lead across multiple markets in forming usable everyday scenarios, highlighting the importance of public–private collaboration and interoperability.

In summary, deep integration of mobile operating systems and platform wallets has shifted tech giants from service providers to de facto standards setters. The result is rapid adoption and smoother user experience, but it also raises three structural issues: technical dependence on a single platform, risks of data centralization and indirect surveillance even under privacy-focused designs, and the need for more mature multilateral coordination to bridge gaps between official standards and de facto platform standards.

4.4 Summary and Recommendations

This chapter synthesizes international cases, key technologies, and governance challenges to outline the multifaceted nature of digital identity. Countries broadly follow three paths: a centralized model based on physical cards and PKI that prioritizes efficiency and administrative control; a convenience model relying on mobile devices and platform accounts that accelerates adoption but brings platform dependence and privacy concerns; and an emerging approach represented by decentralized identities, Verifiable Credentials, and zero-knowledge proofs that seeks a balance among security, privacy, and user autonomy. Technologies and standards are gradually converging: W3C’s DID and VC, IETF’s SD‑JWT, and ISO’s mDL and mDoc form a common vocabulary for cross-border trust. The EU’s eIDAS 2.0 incorporates selective disclosure into regulatory requirements, reflecting the public sector’s emphasis on privacy and unlinkability. Nevertheless, gaps remain in policy adoption and implementation: institutionalization of ZKP and public communication are not yet mature, and cross-border pilots like the EUDI Wallet also expose fragmented governance and the difficulty of multi-stakeholder coordination. While rapid entry by tech platforms demonstrates technical feasibility, Apple Wallet and Google Wallet have simultaneously raised concerns about national digital sovereignty and the legitimacy of public standards.

Based on the above observations, this study proposes four directions to serve as the foundation for the civil backup proposal in the next chapter. Institutional design must center on human rights and privacy, implementing anti-surveillance and unlinkability to prevent digital identity from becoming a surveillance tool; promote localization of international interoperability standards by connecting DID with VC, SD‑JWT, mDL, etc., to health insurance and public services; establish cross-departmental and public–private collaboration mechanisms that use open standards and pilot programs including multiple stakeholders to reduce single-point decision risks; and strengthen risk management and backup thinking by preplanning continuity and alternatives for scenarios such as natural disasters and man-made incidents. In summary, digital identity is not merely a single technical issue but affects governance models, the social contract, and international standards. Only by finding a new balance between efficiency, privacy, and autonomy can we avoid repeating the harms of centralized surveillance or platform monopolies, and chart a path centered on citizen autonomy and democratic resilience while taking into account state institutions and global standards.

Chapter 5 | “Bond for the Future”: Civil Digital Identity Backup Proposal

5.1 Introducing the features of “Bond for the Future,” redesigning digital identity in the context of Taiwan

Taiwan faces both high levels of digitalization and significant geopolitical risks. As databases grow larger and become “big honey pots,” and as risks from damaged submarine cables or deliberate shutdowns affect communications and transport, the moments when society most needs identification and coordination may paradoxically be the moments when it is hardest to verify one another.

This proposal confronts a core question: when a black swan strikes, when the network is unreliable, when centralized databases become sources of risk, how can we still “prove that I am me, and you are you,” and continue to operate the minimum necessary public functions? The value proposition of “Bond for the Future” is to ensure oneself by backing up, safeguarding, downloading, and protecting identity proofs, turning the small sealed container in everyone’s hand into a portable identity backup.

The basic concept of “Prepared Arrival” is to implement a “digital identity VC” that converts identity credentials into a small sealed jar each person can hold, carry, verify offline, and still use when public services fail. On the technical path, we fill the gaps between the existing TW FidO, MyData and Taiwan Digital Credential Wallet (TW‑DIW), introducing a verifiable credential model centered on W3C DID and VC 2.0, and adding zero-knowledge proofs at the presentation layer to achieve the three bottom lines of “minimal disclosure, unlinkability, No Phone Home.” The short-term “minimum viable service” will focus on ZKP, and we also expect future teams to continue developing on-chain trust lists, peer-to-peer verification, or PGP public-key exchange and community trust.

Regarding the trust architecture, we hope this project can achieve “data introduced by the authorities is self‑issued and endorsed as true,” and continue researching publishing revocation and trust list commitment values on a public blockchain (for example Ethereum or compatible L2) to obtain censorship resistance and proof beyond borders; the offline aspect aims for peer-to-peer credential presentation and verification. If a simpler, quickly-deployable decentralized trust model is needed in the future, PGP public-key exchange with community trust can be introduced in edge scenarios as a short-term “minimum viable service.”

As a transitional nonprofit public demonstration, “Prepared Arrival” aims to empower communities to perform identity verification, entitlement determination, and aid distribution when networks are unavailable, cross-border needs exist, or situations are high-risk; the project is not intended to replace government systems but to “fill in” when they fail. We advocate reinterpreting digital identity with Privacy Enhancing Technologies (PETs): for example, when verifying adulthood one need only prove “over 18” instead of revealing a birthdate, without exposing other personal data or submitting biometric identifiers. This “give only what is necessary, not more” minimal disclosure, combined with the No Phone Home principle of not returning data to servers and leaving no verification traces, prevents each verification from accumulating a new honey pot and reconfigures trust from centralized credential trust into a federated or even decentralized trust system, preserving the resilience and applicability of digital identity services.

“Prepared Arrival” also seeks to respond to structural constraints in Taiwan’s current system. The present digital signature services are monopolistic; although compliant with regulation, they erect high barriers to innovation diffusion and ecosystem openness. This proposal argues first for a civil-level compliance practice using “electronic signatures consented by the parties,” then to progressively explore a privately governed credential hub under regulatory compatibility, allowing citizens—backed by the TW FidO legal basis—to self-issue and witness-endorse their attribute data, forming a decentralized yet auditable community trust network.

How do you explain difficult technical language and digital policy initiatives to everyone? Strategically, we use a “fairy tale fable” to tell a story about crisis and resilience. Because new technologies are often hard to understand and adopt, we aim to use a fairy tale that even elementary school students can understand so the public can better grasp Taiwan’s situation, digital identity self-sovereignty, and the power of privacy-enhancing technologies (see bonds.tw or 有備而來.台灣 for details). The story’s “little sealed jars” and various elements are given special meanings: each person’s jar holds a portable identity backup, the wax seal on the lid is the key, the forest represents the community, the fence is a single point-of-failure channel, the big honey jar is an overly centralized and indexable personal data repository, the label on the bottle is a verifiable attribute, and the processes of exchanging and endorsing are the mutual trust network woven by the community. BEAR points to centralization and intrusion; cutting trees and building fences boxes society into a single channel and a central database. Once everyone has their own little jar, even if the “bad bear” fragments the forest, cuts trees, builds fences, and shuts paths, people can still recognize one another in the dark.

In governance strategy, this proposal insists on three principles: non-confrontation, modular design, and dispersing risk by extending territory. Non-confrontation means we do not advocate contesting the government’s “authority over identity”; instead we provide an alternative path of “minimal services,” building three tiers of trust—local, cross-domain, and diaspora—through the exchange of tokens, so communities can continue to operate and mutually verify and communicate when government services stop. Modular design breaks the system into three decoupled modules: issuance, holding, and verification, using Self-Sovereign Identity (SSI), Verifiable Credentials (VC), and Decentralized Identifiers (DID) as the framework, with Zero-Knowledge Proofs (ZKP) as the tool for minimal disclosure, and adhering to unlinkability and no-backdoor principles to ensure a compromise in any single part won’t affect the whole. We also use our own official site as a “verification” demonstration. Extending territory to disperse risk means the community can activate a fill-in mode when necessary so credential checks can be carried out spontaneously even in leaderless situations, with civilian channels taking over services, making attackers understand that closing networks and erasing identities cannot achieve their political aims. People can, like the groups in the story carrying little jars, migrate to a nation-on-chain so identity, rights, and community relationships can continue. Taiwan can draw on Estonia’s data embassy concept, and with more mature technology today, even mirror embassies onto each diaspora member’s device; with trustworthy proof methods, Taiwanese identities would not vanish from the world.

The “little sealed jar” will be compatible with Taiwan’s official digital credential wallet service and will contain self-issued identity VCs and ZK proofs that can be presented offline. The trust roots of the credentials come from two ends: one is the minimal necessary fields obtained via MyData as the factual source; the other is self-signing using TW FidO or device keys as an expression of intent and proof of possession. The wallet includes an offline verification channel where verifiers use a simple verification interface to validate without calling the cloud or leaving return logs. At the community level, neighborhood associations, alumni associations, labor unions, healthcare organizations, and various other groups can all become issuers, forming a Web of Trust through cross-endorsements; overseas Taiwanese communities and Taiwan-friendly institutions may in the future provide endorsements or even issuance so the everyday life of the nation-on-chain can continue beyond national borders.

Policy-wise, “Prepared” advocates using SSI, VC, DID, and ZKP as the core, with unlinkability and no backdoors as the bottom line; non-confrontational, supplementary, and modular as the strategy; and combining a community trust network to split Taiwan’s identities and memories into portable “little jars” everyone can carry. When we can recognize each other in the dark, backup, guarantee, download, and protection are no longer slogans but public capabilities that can be activated, keeping society out of cages and no longer hostage to any large honeypot. In the fairy tale, the little sealed jars aren’t meant to fight bears but to preserve each other’s names and relationships.

In fact, issuing digital identity documents alone cannot eliminate the structural risk of government agency database leaks; but it can raise the baseline, making public institutions and civic communities aware that centralized designs must shift, gradually adopting decentralized data processing and the principle of minimal disclosure, and incorporating revocable, auditable, and cross-domain consistency institutional arrangements into trust governance. What “Prepared” aims to do is a transitional demonstration that integrates “technology, governance, and society” to pave the way for the next phase of institutional transformation.

5.2 Technical Architecture

The primary goal of the technical architecture for this “Prepared” project is to establish a credential lifecycle that can operate offline, across borders, and in fragile environments, while remaining compatible with Taiwan’s existing services. The data model adopts the W3C Verifiable Credentials Data Model, using Data Integrity (JOSE/COSE) or equivalent signatures as the credential foundation; the identification layer uses W3C DID to avoid dependence on centralized registries. In principle, we prefer presenting VC 2.0 and ZK technologies as the medium-term and short-term focal approaches.

In the future, the issuance and presentation workflows are planned to align with the existing OpenID ecosystem, using OID4VCI for credential issuance and delivering Verifiable Presentations (VPs) to verifiers. This choice avoids duplicate migration costs on one hand and facilitates cross-border interoperability with TW‑DIW or other digital wallets on the other.

Taiwan’s officially authorized digital signature service under the Electronic Signatures Act — the mobile natural person certificate (TW FidO) — is a prerequisite for further user verification in the project. This means self-signing has legal effect as an expression of a natural person’s intent. Users must first apply and activate the certificate in person at a household registration office, then complete binding via the TW FidO App on their mobile device. When a user issues a self‑issued identity VC within the “Bond for the Future” App, the system will initiate an App‑to‑App flow where TW FidO performs a digital signature of intent and a Proof of Possession, ensuring the self‑signature can be relied upon by verifiers and carries a consistent legal meaning. The key here is separating “I can be verified” from “the data can be verified”: the former is guaranteed by the signing process as “issued by me, held by me,” while the latter requires verifiable evidence of data integrity.

User data on the platform will be obtained after users log into Taiwan’s official MyData platform, download their “National ID data,” and generate a VC on their personal device. Because current MyData and most data-providing agencies do not yet offer document‑level signatures, this project will use the mobile natural person certificate for digital signing during the transition, enabling every Taiwanese natural person to vouch for their own identity. This allows verifiers to form reasonable beliefs about field authenticity without accessing original documents, while continuously exploring transitional evidentiary mechanisms for data provenance. Once the competent authorities complete document‑level signing specifications and deployment, the integrity and official authenticity of data sources can be further improved.

The zero-knowledge proof module will be designed as “mobile-first”: our threshold is “proofs can be completed locally on the phone,” based on what mobile devices can afford, to avoid outsourcing proofs to the cloud and introducing new linkage and leakage risks. For common verification scenarios such as age threshold checks, nationality attribute extraction, and liveness/uniqueness, we evaluate precompiled lightweight circuit solutions and provide standardized VP Schemas so verifiers can complete validation with minimal computation. For the “uniqueness” challenge, the project adopts a “falsifiable but unlinkable” verification model: rather than centrally storing biometric data or device fingerprints, checks are performed using commitments and locally protected values, enabling verification without revealing raw data.

To implement the No Phone Home principle, verifiers and credential holders will exchange data in offline contexts (for example: via Wi‑Fi Aware, Bluetooth, or NFC). The verifier only needs to hold the latest trust list commitment and revocation list commitment to perform consistency checks on received VPs. To make adoption easy for verifiers, we will release a lightweight ZK Relying Party verification interface (mobile app or pure frontend web) and provide reproducible demo scenarios for enterprise and academic testing. This verifier will not connect to the cloud, will be anonymous, and will leave no traces unless the user proactively chooses to report an error or submit debug materials.

Trust lists and mirror switching are key governance components. Under normal circumstances, the trust list specifies who or which organizations may issue which types of credentials, and the conditions and procedures for revocation; in emergencies, governance nodes can publish a new list commitment value on‑chain to declare that a mirror issuer takes over, and the verifier only needs to accept the new commitment to continue verification under offline conditions. This design also inherits on‑chain redundancy and the spirit of an online embassy: even if physical infrastructure is damaged or principals are forced to relocate, legal and technical continuity can still be maintained.

Regarding compatibility strategy with TW‑DIW, this project will adhere to official standards as much as possible. Future plans are to align with DIW using the VC data model and OID4VCI interaction flows, while recommending that DIW promptly support ZK presentations so that minimal disclosure no longer depends on server‑side data exposure. On the other hand, if DIW adopts SD‑JWT as the primary path, de‑linking and anonymous holder paths must be built in parallel to prevent authorized data packages from becoming new honeypots. In the long term, DIW, private wallets, and cross‑border wallets should collaborate via “mutual recognition of trust lists” and “cross‑verifiable revocation information” as interfaces to avoid creating islands in international mobility scenarios.

In addition, we expect to list the current project’s shortcomings here, hoping for better solutions and research outputs in the future. First, before government formally recognizes self‑issued VCs, relying parties need more user‑friendly verification interfaces and clearer risk explanations to drive adoption; second, MyData platforms and information‑providing departments do not handle document signing, so the government needs better coordinated planning for possible technical attestation schemes to serve as evidence of data correctness; third, TW FidO’s third‑party and international integrations still face administrative hurdles that require joint optimization by regulators and industry; fourth, Taiwan’s digital wallet should promptly consider adopting ZKP, because if SD‑JWT is used, the security and custody costs after data authorization remain high and can easily become honeypots. Taiwan’s digital wallet should establish standards for trust lists and issuers, and even allow self‑issuance measures based on the Electronic Signature Act. These limitations and current conditions remind us of the importance of aligning technology and policy. Within the framework of existing laws and regulations, we hope to demonstrate the path’s reasonableness and feasibility with a minimum viable product and to concretize institutional requirements.

5.3 Use Cases

In peacetime, “Bond for the Future” first addresses the need to “prove only what is necessary” — in other words, applications that require proving you are a specific person without revealing who you are, proving you are not Chinese, not a bot, not a minor, etc. For example, many platforms, venues, or services need to confirm a user’s age or specific nationality for verification, to reduce cross-border fraud and information manipulation risks. In the past, this often meant submitting a full set of identity data, exposing oneself to unknown risks. This project enables users to provide attribute proofs that can be answered “yes” or “no”; verifiers will not see information beyond what is necessary, such as name, address, or ID number.

For example, when purchasing concert tickets, a ticket holder can generate a “real person and unique” credential via a mobile ZK (zero-knowledge) flow to perform liveness verification and prevent scalpers; platforms can suppress bots and duplicate registrations without collecting biometric data. For age-restricted online services, such as buying alcohol or accessing adult content, users only need to present “over 18” without submitting full birthdate or ID number. When a persistent yet anonymous user identity is required, credentials can consistently indicate “the same person” without revealing a real name, supporting procedural legitimacy in scenarios like anonymous whistleblowing, public consultations, and anonymous voting.

In emergencies, the focus of use cases shifts to “continuity of minimal services,” which can prove that you (once) were Taiwanese, are a natural person, etc. If Taiwan faces large-scale disruption or must go into exile, individuals holding self-issued identity VCs can, with the collaboration of overseas mirror issuers and Taiwan-friendly institutions, quickly restore basic rights and entitlements. Refugee placement and political asylum require a credible determination and initial protection level of “formerly Taiwanese”; medical triage and distribution of supplies require minimal verified disclosure of “I am a natural person” and “I have certain qualifications or needs (e.g., whether prescription records exist).” In high-risk and surveilled spaces, citizen journalists and recorders can obtain passage or upload rights using continuity credentials that prove an “anonymous specific person” — the system cares about non-repudiation rather than linkability. The resilience of these processes does not depend on the integrity of any single database, but on a design that is portable, offline-capable, supports interchangeable trust lists, and allows revocation.

Connecting with government systems is the key for this project to build a “daily and backup” bridge between the two poles of “peacetime and emergency.” In addition to national ID card data, MyData can, as needed, gradually incorporate sources such as good conduct certificates, entry/exit records, driver’s license data, etc., converting them into VCs via minimal required fields and self-signatures so that citizens can “bring verifiable data” to various scenarios and establish and autonomously control more Taiwanese identity data. On the institutional side, MyData document-level signatures, TW FidO cross-domain integration, digital wallet support for ZK and trust-list governance, and similar measures are all development paths that can make the ecosystem more complete.

The “Bond for the Future” project also aims to become the starting point for citizens to create their own digital signing tools, making future self-issued online endorsements increasingly common and usable. Civilian digital signing tools will enable citizens to self-sign documents and statements and accept community witnessing. There are many possible uses—remote signing of legal documents, establishing legal relationships, or providing credible endorsements in public discourse. Compatibility and interoperability with Taiwan’s digital wallets will naturally extend these capabilities into cross-border wallet ecosystems, so that in contexts like international travel, cross-border education and employment, or overseas medical care, Taiwanese people’s data and rights are not interrupted by geographic or system boundaries.

We believe the real challenge of this project is not merely writing good code but treating “trust” as infrastructure. Building a community trust network requires neighborhood organizations, schools, labor unions, medical institutions, and various civil organizations to be willing to take on node roles and provide witness of relationships between people based on clear criteria. Overseas Taiwanese communities and Taiwan-friendly organizations must be willing to become mirror issuers and accept transparent, auditable responsibilities. Cultivating an open-source ecosystem requires releasing wallet SDKs, Verifier SDKs, ZK circuit templates, and OID4VCI server implementations so industry and academia can iterate on a common base. More importantly, there must be an open licensing and governance charter to ensure this foundation cannot be captured by private interests. Providing verification modules, creating “one-click verifiable” simple applications, and offering comprehensible risk explanations will expand verifier participation, enabling businesses, schools, and local governments to join at low cost.

In summary, “Bond for the Future” is not about confrontation but about serving as a demonstration project for digital resilience. It brings the internationally mature technical stack of SSI, VC, DID, and ZKP into Taiwan’s institutional and social context, using a non-confrontational, complementary, modular strategy and adopting unlinkability and No Phone Home as the bottom line to split identity and relationships into portable “small containers” everyone can carry. When everyone can recognize each other in the dark, backup, guarantee, download, and protection become capabilities rather than slogans; when adversaries know “attacks are ineffective and costlier,” society gains an additional layer of nonviolent defensive deterrence. Even if self-issued identity cannot solve all structural threats of data leakage at once, it is still a starting point: a way to make technocrats understand what the public cares about and can do, to shift design from centralization to decentralization, and to enable the state to retain continuity in the worst scenarios.

Chapter 6 | Conclusions and Follow-up Recommendations

6.1 “Bond for the Future” as a Resilience Design for Democratic Systems

The core of the “Bond for the Future” project lies in creating a resilience design for democratic institutions. In light of Taiwan’s unique geopolitical risks, we argue that digital identity systems must embody both antifragility and redundancy. By distributing digital identity infrastructure during peacetime, services can be rapidly restarted and citizens’ rights protected even under extreme conditions. A redundant digital identity deployed by “Bond for the Future” will free Taiwan from reliance on a single fragile, indefensible, and insider-vulnerable line of defense; instead, it will pre-deploy interchangeable trust architectures to prevent single points of failure and establish a self-healing foundation for digital democracy.

This project is not merely a technical prototype but an advocacy for future governance models. As multiple cases cited in this study show, identity systems that lack redundancy and rely on centralized management can have nationwide impact if breached. The risks posed by authoritarian regimes using digital identity for surveillance are also significant and cannot be ignored; privacy-as-national-security has become a social consensus. In response to the questions raised in earlier chapters—such as geopolitical risk, surveillance threats, and government data leaks—we provide concrete solutions to strengthen the resilience and legitimacy of democratic systems.

“Prepared” emphasizes using privacy-enhancing technologies to counter surveillance and eliminate backdoors — for example, using zero-knowledge proofs (ZKP) to achieve “I prove my qualification without revealing my identity” — reducing the possibility of big-data collection and abuse of public power at the source. In short, this project repositions digital identity, shifting from the traditional centralized control that claims to “protect” but can cause harm, toward a decentralized architecture that grows stronger in response to risk, embedding redundancy into democratic governance. The goal is to ensure Taiwan’s digital identity system is prepared and robust under any storm.

6.2 Recommendations for Government Digital Governance

The institutional design of digital identity cannot rely solely on technical prototypes or unilateral promotion by civil society; the government’s role is crucial — arguably the most important. As the primary provider of public infrastructure and the rule-maker, the government must lead on institutional legitimacy, technical architecture, and governance models, while ensuring it does not curtail civil rights or stifle innovation. This study proposes that Taiwan should adopt “openness, privacy, mutual recognition, and democratic oversight” as four foundational pillars when advancing digital identity. By building modern Digital Civic Infrastructure, implementing a no-backdoor digital governance principle, accelerating international alignment, developing public blockchain applications, strengthening multi-stakeholder governance mechanisms, and promoting legal reform, Taiwan can progressively realize a legitimate and resilient digital identity system. The following explains each point in turn.

1. Build modern Digital Civic Infrastructure (Digital Civic Infrastructure)

We believe that to strengthen digital citizen infrastructure and the open-source ecosystem, the government should take the lead in building a modern “digital citizen infrastructure” based on open-source modules to enhance the resilience and innovation of the overall ecosystem. Avoid confining digital identities to closed systems or a single contractor; instead, publish standard interfaces and module code, invite industry and civic tech communities to co-develop, and through open-source and modular design incubate robust application services within the ecosystem so that outstanding developers can better participate in public-sector projects and jointly create innovative solutions. This approach will not only decentralize technical risk (avoid dependence on a single vendor or technology) but also cultivate the capacity of the local technical community, forming a positive cycle of government–civil collaboration. In policymaking, the government must also remove unnecessary restrictions and barriers to allow a more diverse array of digital identity applications to flourish, truly realizing the value of digital identity as public infrastructure.

To build a sustainable digital identity ecosystem, the government needs to break existing market monopolies and bureaucratic barriers to allow more small and medium-sized innovative companies to participate, adjust government procurement rules to lower participation thresholds and increase flexibility, and avoid treating large telecoms or traditional vendors as the only options. For example, increase the weighting for innovative technology, security, and privacy protection in bid evaluations rather than focusing solely on price and past performance; adopt phased outsourcing or modular tendering so that startup teams can take on development of partial functions, as in the case of Canada’s digital wallet.

The government should establish a Regulatory Sandbox mechanism that allows new technologies not yet approved by traditional processes to be trialed in limited domains and timeframes, enabling both regulators and developers to gain experience and adjust regulations. Private-sector innovative identity solutions can be piloted in specific scenarios first and then scaled based on effectiveness. Only by creating a healthy competitive market environment with diverse supply can the digital identity system continuously evolve, reduce costs, and improve service quality. In the long term, this will also open new opportunities for Taiwan’s digital industries, spawning innovative services that combine civic value with commercial momentum.

2. Implement the digital governance principle of “no backdoors”

In addition, the government should actively adopt privacy-enhancing technologies and implement a “no backdoor” digital governance principle, embedding Privacy by Design into digital identity policy. By using self-sovereign identity (SSI) architectures, Verifiable Credentials (VC), and zero-knowledge proofs (ZKP), it can verify identities without exposing unnecessary personal data. For example, introducing selective disclosure and cryptographic attestations in digital identity wallets allows citizens to prove qualifications (such as being an adult or eligible to vote) without handing over full identity information. This kind of unlinkability design also prevents different services from correlating users’ identity traces, eliminating backdoor returns that would infringe on citizens’ privacy.

As discussed above, the current international trend in digital identity governance focuses on achieving both privacy and security through technical means. We recommend that the government follow this lead and establish explicit anti-surveillance measures in digital governance—for example, prohibiting identity systems from logging unnecessary usage and adopting “No Phone Home” (no user data callbacks) as a core design principle. Through parallel legal and technical measures, ensure that any government-deployed digital identity system is built with anti-surveillance, backdoor-free mechanisms so that those with malicious intent have no means to monitor users.

3. Accelerate international alignment and cooperation; establish global mutual recognition of digital identities

Taiwan should proactively integrate into the global trend of standards for digital identity and privacy technologies and play an active role in international organizations and cross-border cooperation. On one hand, it should ensure that the country’s digital identity regulations are compatible with emerging international standards, such as the European Digital Identity Wallet (EUDI Wallet) framework promoted by the EU, W3C’s Decentralized Identifiers (DID) and Verifiable Credentials (VC) standards, and so on. By participating in the development of these standards, Taiwan can include privacy-enhancing concepts like unlinkability and zero-knowledge proofs in the list of internationally recognized practices and gain a voice in the field of digital identity. In addition, actively participate in multistakeholder organizations and, drawing on cases like Bhutan’s cooperation with public blockchains, explore trust mechanisms of “permissionless mutual recognition.”

4. Develop public blockchains in the digital identity domain

Compared with closed consortium chains or centralized systems, public blockchains have decentralized, censorship-resistant characteristics that can provide greater resilience for democratic societies. The government should carefully evaluate the role of public blockchains in digital identity—for example, in scenarios such as cross-border identity verification or refugee identity certification, verification records on a public chain are more transparent and less likely to be controlled by a single government. The government should invest resources to study international cases that successfully use public blockchains, such as Bhutan’s decentralized identity experiment and the EU’s ESSIF framework, and pilot projects in cooperation with like-minded democratic countries to seek international support and redundancy for Taiwan’s digital identity system. Overall, taking the international stage helps Taiwan build alliances on digital governance issues and avoid falling into a passive position when digital identity standards are monopolized by authoritarian states.

5. Establish a standing multistakeholder working group to advance digital identity policy through consensus decision-making and public audits

We encourage the government to take the lead in establishing a standing working group or collaborative platform composed of government, industry, academic research institutions, and civic organizations (especially digital rights groups) to regularly discuss and oversee the development of the digital identity ecosystem. This multi-stakeholder mechanism should have formal authorization to ensure that civil society input can materially influence policy direction. The working group can reference the model of the Internet Governance Forum (IGF) and form policy recommendations through consensus decision-making, as well as conduct public audits of major decisions. For example, on issues such as setting technical standards for digital identity, privacy protection regulations, and inter-agency data-sharing procedures, the working group would provide a space for open discussion and negotiation, incorporating the perspectives of different stakeholders into decision-making.

In addition, this mechanism should be responsible for overseeing the actual operation of digital identity systems, including regularly reviewing security audit reports, data breach notification mechanisms, and revisiting the allocation of responsibilities between the public and private sectors within identity frameworks. Given that digital identity involves fundamental civil rights and national security, this governance mechanism must be transparent and open; its discussion records and decision bases should be disclosed to the public. Through institutionalized public participation, the government can promptly grasp societal concerns about policy and quickly adjust course, while civil society can more readily trust and support government measures, ultimately creating a virtuous cycle of collaborative governance. This will greatly improve the current situation where public opinion struggles to effectively influence digital policy, injecting democratic oversight into digital governance.

6. Promote related legal reforms

When Taiwan previously implemented the electronic ID (eID), backlash arose due to the lack of clear legal authorization and privacy safeguards, highlighting the importance of dedicated legislation. We recommend that the government consolidate relevant legal experience and enact a specialized “Digital Identity and Privacy Protection Act.” This special law should on one hand grant digital identity legal status and clearly assign administrative responsibilities, and on the other hand enshrine the principles of “privacy protection” and “de‑linkability” in its core provisions as mandatory requirements for governmental development of digital identity.

Referring to international experience, Germany as early as in the Identity Card and Electronic Identification Act detailed the categories of identity card data, supervisory responsibilities of competent authorities, limits on personal data collection and use, qualification review of service providers, and the rights and obligations of cardholders; Taiwan’s new special law should include similarly comprehensive provisions. For example, it should stipulate that citizens have the right to choose whether to adopt a digital identity credential and whether to enable chip functionality, establish an independent personal data protection authority to supervise and audit the operation of digital identity systems, and require systems not to record unnecessary usage logs and to prevent cross-identification of users across different applications. By legislating these principles, we can institutionalize them legally and build a firewall at the legal level for digital governance, avoiding a repeat of previous failures in related digital identity policies and consolidating public trust in digital identity through the rule of law.

This special law should also retain flexibility to remain future-compatible: whether in response to emerging technologies (such as biometric recognition, decentralized ID wallets) or democratic practice needs (such as secure remote voting, referenda), the law should provide space for innovation while ensuring any innovations meet basic rule-of-law and human-rights requirements. Through forward-looking legislative planning, Taiwan’s digital identity system will have both a solid legal foundation and the capacity to adapt as technology advances and democracy deepens.

6.3 Advocacy for Civil Society Public Participation

If the digital identity ecosystem is led solely by government, it will inevitably face limitations and risks. To truly build an identity network with redundancy and resilience, active participation from civil society and engagement of diverse stakeholders are essential: civic groups, industry, technical communities, and local organizations can all play indispensable roles. Through civil-society–issued credentials, construction of open-source verification modules, participation in international standards development, and application of technology to local public uses, the private sector can not only fill government gaps but also form distributed trust anchors, making the overall system less vulnerable to single-point failures. In other words, civil participation is not subordinate to government but is a parallel, complementary, and advancing key force; the following presents proposals across several dimensions.

1. Independently issue verifiable credentials; build open-source verification modules and trust nodes

The resilience of a digital identity ecosystem depends not only on government leadership but also on participation and support from civil society. We advocate for private entities — such as schools, associations, civic groups, and businesses — to actively serve as credential issuers, issuing various verifiable credentials tailored to different scenarios, for example academic degrees, professional qualifications, volunteer service hours, and voter eligibility. This multi-stakeholder participation model prevents personal identity data from being concentrated in a single government database and instead stores it across multiple trust nodes, accelerating the formation of a decentralized web of trust.

Taiwan currently lacks an ecosystem of verification modules, and community-led open-source solutions can fill this gap, reducing the burden and consequent constraints of sole government maintenance. We encourage technical communities to contribute to the development of open-source verification modules, providing standard libraries that anyone can use to validate the authenticity of the aforementioned credentials and to foster the related ecosystem. Open-source modules are transparent and auditable; any backdoors or vulnerabilities are more likely to be discovered and patched by the community, further enhancing system security. The government should incentivize such open-source projects through subsidies or competitions and prioritize the adoption of mature community open-source modules in official services to create a demonstration effect. The establishment of a privately-led issuance and verification ecosystem will form an important component of society-wide digital resilience: even if a single institution is affected by disaster or failure, citizens’ credentials can still be verified by other nodes, ensuring that social functions are not interrupted.

2. Acknowledge the value of the blockchain practitioner community and promote its participation in international standards and local public applications.

Currently, blockchain technology communities in Taiwan and internationally are often misunderstood and marginalized due to negative impressions from cryptocurrency speculation. However, these blockchain communities are proficient in distributed ledgers, cryptography, and multi-party consensus—skills precisely needed to build the next-generation digital identity ecosystem. In fact, the development of global digital identity standards has already seen important participation from blockchain communities; for example, the W3C Decentralized Identifiers (DIDs) v1.0 standard emerged from multi-stakeholder efforts including blockchain developers, producing a new kind of web standard that offers users privacy-friendly identity tools without the need for a central registration authority. We call on Taiwan’s blockchain industry and communities to proactively engage with international standards organizations such as the Decentralized Identity Foundation (DIF) , Trust Over IP (ToIP) , and ISO identity standards working groups, to contribute technical insights and gain a voice.

At the same time, we also encourage grassroots participation in local public-domain pilots—such as community self-governance, NGO projects, and local revitalization use cases—so that decentralized technologies can help solve real-world problems and counter the public perception that they are merely speculative tools. Government and academic institutions should also build bridges by hosting hackathons and seminars to connect public-sector needs with blockchain technology and provide experimental venues. When blockchain communities see their technologies shine in public services, their role will shift from outsiders to collaborators in digital governance, which will not only boost innovation in the digital identity ecosystem but also build mutual trust between private technical forces and government. Ultimately, we hope that practitioners of emerging technologies like blockchain, together with traditional IT firms and the public sector, can shape Taiwan’s influence in global digital identity development and demonstrate the soft power of a democratic nation mastering privacy-preserving technologies.

6.4 Conclusion

Taiwan’s digital governance currently faces insufficient laws and policy dilemmas on digital identity issues, and traditional centralized identity systems are gradually revealing serious risks, including security vulnerabilities leading to large-scale personal data leaks, potential abuse for surveillance, and the worry of identity authentication failures under extreme circumstances. These problems underscore Taiwan’s urgent need to catch up in law and policy to establish a long-term digital identity framework that is both lawful and constitutional and resilient.

This report argues that Taiwan should promptly build a digital identity system that combines legitimacy and resilience to ensure that citizens’ fundamental rights and democratic values are not easily sacrificed when the nation faces internal or external challenges. Legitimacy means the system design adheres to democratic rule-of-law principles: clear legal basis, independent oversight mechanisms, and full protections for citizens’ privacy and human rights; resilience means the system can continue operating or recover quickly during crises, including protection against tampering with data integrity, an architecture without single points of failure, and the ability to provide identity authentication services across diverse environments, including offline or when networks are disrupted.

To achieve the above goals, the new digital identity framework must encompass five key elements simultaneously: data integrity (ensuring identity data cannot be forged and is verifiable through cryptographic signatures and distributed trust mechanisms), privacy-enhancing technologies (using zero-knowledge proofs, non-return mechanisms, and unlinkability designs to minimize the risks of collecting personal data), democratic governance (establishing multi-stakeholder decision-making and oversight structures so civil society jointly sets rules and monitors implementation), rule-of-law protections (enacting specific laws that clearly define powers, procedures, and remedies, providing avenues for citizens’ rights redress), and economic feasibility (developing sustainable business models to attract private investment and create positive feedback loops). Only by balancing these five dimensions can Taiwan’s digital identity system truly become a public infrastructure trusted by all.

What the “Bond for the Future” initiative advocates is not a fanciful ideal but is grounded in deep reflection on real-world problems and lessons from global experience. From international trends led by the EU and the UN promoting privacy and digital rights, to successful digital identity legislation in neighboring democracies, and to Taiwan’s own democratic transition, all point in the same direction: the next generation of digital governance must treat resilience and rights as equally important design considerations. Especially for Taiwan, situated on the frontline of authoritarian challenges, a legitimate and robust digital identity system is not just a technical issue but a key step in deepening democracy. It will demonstrate that democratic states can defend citizens’ rights in the digital era, build internal trust between the people and government, and externally showcase values fundamentally different from authoritarian models.

The “Bond for the Future” project aims to provide a blueprint for the next phase of Taiwan’s digital democracy development: using redundancy to promote resilience, and using resilience to safeguard democracy. Through ongoing institutional innovation and public participation, we hope to see in the near future the digital identity system become an important pillar of Taiwan’s democratic governance, accompanying Taiwan toward a more mature and more resilient next stage.

Appendix

Appendix A | Glossary of Key Terms

Glossary of Key Terms

---

Footnotes

1. India’s centralized identity service here refers to Aadhaar; subsequently the Indian government launched the relatively decentralized Digilocker service. ↩

2. Kyle Chayka, “The Internet Wants to Check Your ID,” The New Yorker, July 10, 2024. ↩

3. Same as note 1 ↩

4. National Institute of Standards and Technology (NIST), “Digital Identity (Glossary Entry).” ↩

5. ID Principles, “Principles of Digital Identity.” ↩

6. European Union, Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation), consolidated text as of October 18, 2024. ↩

7. OpenID Foundation, Human-Centric Digital Identity: Whitepaper v1.1, October 2023. ↩

8. OpenID Foundation, “Human-Centric Digital Identity (Whitepaper Overview).” ↩

9. Garber, E. and Haine, M. (eds) “Human-Centric Digital Identity: for Government Officials” OpenID Foundation, September 25, 2023. ↩

10. In California, in addition to issuing digital driver’s licenses using the mDL standard, there are plans to issue vehicle registration, insurance documents, and other credentials using the VC standard, adopting a dual-track approach. ↩