Article
See new posts
Conversation
Sign
@Sign
Three National Identity Architectures (and Why None Wins Alone)
Every country already has an identity system. The only question is whether it is coherent.
There is a fantasy that shows up in too many strategy decks: a country will “build a digital ID.” As if identity starts at zero. As if there is no history, institutions do not exist, and the first database solves the last mile.
Reality is harsher and more interesting.
Most countries already have a patchwork:
a civil registry,
a national ID card,
agency databases,
login providers,
benefits systems,
bank KYC files,
border systems,
and a lot of manual work that keeps the whole thing from falling apart.
Digital identity does not replace that overnight. It connects it.
So the core problem is architecture.
And architecture is policy, written in systems.
In practice, most national approaches cluster into three families.
The Three Families
the three distinct models that are emerging
Each one can work.
Each one can fail.
None wins alone.
Let us walk through them, step by step.
Model 1: Centralized Registry
This is the simplest story.
One national system becomes the source of truth.
Relying parties integrate once.
Verifications flow through a central pipe.
Why governments choose it
It is easy to explain. It is easy to mandate. It can reach high coverage quickly.
However, it also feels like control, albeit sometimes that is the political goal.
Operationally, it can deliver:
a single identifier,
standardized onboarding,
consistent assurance levels,
straightforward reporting.
What it costs
The cost is concentration.
A centralized identity system becomes:
a single point of failure,
a single breach surface,
a single place where logs accumulate,
a single choke point that can be captured by bureaucracy, vendors, or politics.
It also tends to create a quiet habit, where every verifier asks for more than they need, because the system makes it easy.
Consider an everyday example where you register an account for a new app you just downloaded. Let’s say, a FinTech app.
The company needs to perform KYC.
Legally, it must confirm:
Your identity.
Your age.
Your address.
That is the compliance requirement.
In a centralized identity architecture, the app integrates with the national identity backbone for “verified onboarding.”
One authentication. The system confirms you are real.
But the integration does not return a narrow confirmation.
It returns the full identity profile tied to that identifier.
Full legal name.
Date of birth.
National ID number.
Address history.
Household composition.
Linked identifiers.
Possibly occupation or demographic classifications.
Now pause.
The company is legally required to perform KYC. It is commercially incentivized to understand its users. And the marginal cost of pulling more data is close to zero.
So what happens?
The company likes to have as much data on its customers as possible for possible advertising and its own monetization purposes. So, if the pipe is wide, it gets used. Not only for compliance. But for risk scoring. For cross-selling. For targeted advertising. For data enrichment. For resale to analytics partners where permitted.
The logic is simple: If companies have access to the full profile, they are incentivized to ingest the full profile.
Compliance becomes the justification.
Monetization becomes the motive.
Architecture makes it effortless.
From the citizen’s perspective, opening an account becomes the moment their entire civic identity can be mirrored into a private database.
Not because anyone broke the rules. But because the system delivered abundance instead of minimum necessary proof.
That is how centralized identity quietly feeds commercial profiling.
Not through abuse.
Through incentives.
And that is how privacy dies. Not with malice. With convenience.
The predictable failure mode
This system is also prone to failures, like data breaches. The predictable failure mode is a national honeypot.
When everything routes through one place, that place attracts:
attackers,
insiders,
and mission creep.
So, although the system might be efficient, it becomes fragile and even harmful for citizens.