Something about this question kept pulling me back. Not the technology. The displacement question.
If @SignOfficial verifiable credential architecture becomes the default for national identity verification - and I want to be careful about that “if,” because it is doing a lot of work in that sentence - what happens to the KYC infrastructure that financial institutions and government agencies have spent the last decade building, licensing, and defending in procurement committees?
I do not have a clean answer. But I think the question is worth sitting with.
The scale of existing KYC infrastructure is worth being specific about. Financial institutions globally spend an estimated $274 million per day on KYC compliance according to LexisNexis research. That covers identity verification vendors, compliance staffing, ongoing monitoring systems, and the integration layers connecting all of those pieces. Most of that spending goes toward solving one specific problem: proving that a person is who they claim to be, meets specific eligibility criteria, and has been verified by an authorized authority to a standard that satisfies a regulator somewhere.
@Sign’s New ID System is built around that same problem. But the approach is structurally different in one specific way that I keep returning to.
A KYC check performed today at one financial institution cannot be presented to a second institution as verified evidence. The second institution re-performs its own check. The citizen gets verified again. The vendor gets paid again. The compliance burden multiplies across the system without any improvement in evidence quality. Nobody in this system benefits from the repetition except the KYC vendors.
@Sign’s attestation model is designed to break that cycle. A verification performed once produces a Sign Protocol attestation anchoring the result on-chain. That attestation is portable - queryable by any subsequent institution that needs to confirm the verification occurred, without the citizen being re-verified and without the full KYC record being shared. The evidence travels. The underlying data does not.
I re-read the Sumsub case study in @Sign’s documentation several times because the implication kept expanding. Sumsub built KYC-gated contract call functionality using Sign Protocol attestations as the eligibility gate. A smart contract requires a verified KYC credential before executing, without storing any personal data. The verification happened once. The attestation now gates access permanently. That is a fundamentally different operational model than what most compliance teams are running today.
The long-term implication for legacy KYC vendors is genuinely unclear to me. And I want to be honest about that uncertainty rather than paper over it.
It is not obvious that @Sign displaces existing vendors. The more plausible near-term outcome is that @Sign creates a portability layer on top of existing verification infrastructure. KYC vendors who integrate Sign Protocol attestation output become more valuable because their verifications are now reusable across institutional contexts. Vendors who do not integrate become harder to justify in procurement decisions where portability is a requirement. The competitive dynamic shifts - from who performs the best verification to who produces the most portable evidence of verification.
That is a subtle shift. But subtle shifts in procurement criteria tend to compound over several years in ways that are not obvious until they already have.
@Sign’s broader S.I.G.N. stack amplifies this dynamic specifically. A citizen whose identity is verified through an @Sign-compatible process holds a portable credential feeding directly into CBDC eligibility under the New Money System, program qualification under the New Capital System, and agreement execution under EthSign. Same credential. Different contexts. No re-verification. The credential accumulates utility as @Sign’s infrastructure expands - which means each new sovereign deployment makes every existing credential more valuable.
That accumulation dynamic is the part I find most interesting. And also the part I am least certain about.
Two things give me pause though.
First, regulatory acceptance. Regulators in most jurisdictions have not formally recognized portable attestation-based KYC as equivalent to a direct supervised verification. Until that recognition happens, institutions cannot rely on Sign Protocol attestations as a substitute for their own compliance processes regardless of technical quality. The technology being better does not change the compliance requirement. That gap could stay wide for a long time.
Second, correlation risk. Selective disclosure is genuinely valuable. But a system where credentials are queryable across multiple institutional contexts through a shared evidence layer creates a new kind of privacy exposure. Even if each individual query reveals minimal data, the pattern of queries across contexts could reveal sensitive information about a citizen’s institutional relationships. I have not seen this addressed comprehensively in @Sign’s current documentation. It deserves more scrutiny than it currently receives.
Still. The direction feels right in a way that is hard to dismiss.
KYC infrastructure that produces portable, cryptographically verifiable evidence rather than institution-specific records is a meaningful step forward. Whether @Sign captures that transition or simply enables others to capture it depends heavily on regulatory recognition timelines and on how quickly existing vendors respond. Both are genuinely unpredictable.
I keep coming back to the displacement question and not finding a satisfying answer. Maybe that is the honest place to leave it for now.