Decentralized identity and SSI: the future of verification?

Decentralized identity — often called SSI (Self-Sovereign Identity) — has been promising the same thing for ten years: returning to each citizen direct control over their digital identifiers, without going through a major provider or private platform. The technical building blocks driven by the W3C (the standards body for the web) have been stable since 2022. The EU eIDAS 2.0 regulation, which governs electronic identity, requires each Member State to issue a digital identity wallet, the EUDI Wallet (EU digital identity wallet). Marketing announcements around blockchain and self-sovereign identifiers keep multiplying. And yet, in 2026, less than 1% of digital identities worldwide actually run on SSI. Understanding this paradox — between a mature technology and modest adoption — helps you calibrate your eIDV (electronic identity verification) strategy for the next 24 months.

Definitions: DID, VC, SSI in plain terms

Three acronyms structure this field. Better distinguish them to grasp what actually changes.

A DID (Decentralized Identifier) is a unique digital identifier, verifiable through cryptography, that depends on no central authority. The DID Core standard became a W3C Recommendation in 2022. The did:method:specific-string syntax allows for several methods: did:web (resolved via DNS), did:key (self-contained), did:ion (on Bitcoin), did:ebsi (on the European EBSI blockchain).

Caveat: a DID is not an identity in itself. It is the equivalent of a phone number — an anchor point. What proves that this anchor point corresponds to a real person are the verifiable credentials attached to it.

A VC (Verifiable Credential) is a credential signed by an issuer (for example a State or a university), carrying verified information about a subject (the person concerned), which can be presented to a verifier (the party performing the check). The Verifiable Credentials Data Model v2.0 standard has been stable since 2022. A version 2.1 was released in first public working draft in 2026, with a particular focus on data integrity, zero-knowledge proof, and interoperability.

A concrete example: a State issues a "civil identity" credential signed with its private key. The citizen stores it in their digital wallet. When they sign up for an online service, they present it. The service verifies the State's signature without needing to contact it in real time. The proof holds through cryptography, peer-to-peer, with no call back to the issuer.

SSI (Self-Sovereign Identity) is the overall model combining DID + VC + citizen wallet. Its principle: the person controls their identifiers and attributes, chooses what they reveal (selective disclosure), can prove a property without disclosing the underlying data, and no longer depends on a centralized identity provider.

Three structuring principles:

  • User control: the person decides which attributes they share, and with whom
  • Portability: identifiers follow the person, not the provider
  • Cryptographic verifiability: the issuer's signature replaces the call back to the authority

::: callout-info Quick read

  • DID = unique verifiable identifier (the anchor point)
  • VC = credential signed by an authority (the proven content)
  • SSI = overall model combining both + wallet + selective disclosure
  • EUDI Wallet = mandatory European digital identity wallet, compliant with eIDAS 2.0

:::

W3C standards: where do we stand in 2026?

The W3C ecosystem has matured considerably since 2022. Here is the status of the main building blocks as of April 2026.

Standard2026 statusYear
DID CoreStable W3C Recommendation (REC)2022
Verifiable Credentials Data Model v2.0Stable W3C Recommendation (REC)2022
VC Data Model v2.1First Public Working Draft2026
Verifiable Credential Confidence v1.0Working Draft, finalization expected July 20262026
Verifiable Issuers and Verifiers v1.0Community Group Report, finalization 20282028
DID methods: did:key v0.9, did:web, did:webvhVarious implementationsongoing
OID4VC / OID4VP (VC exchange protocols)Implemented by DCC and the EUDI Wallet2026

The standards are mature. What is not yet mature is interoperability between DID methods. A DID resolved via blockchain (did:ebsi) does not behave like a DID resolved via DNS (did:web). Credentials signed in JWS format are not equivalent to those signed in Data Integrity Proof format. This fragmentation slows industrial adoption.

EUDI Wallet: the eIDAS 2.0 timeline

The eIDAS 2.0 regulation (EU 2024/1183, in force since May 20, 2024) requires each Member State to offer an EUDI Wallet (EU Digital Identity Wallet) to its citizens. This is the most ambitious European application of SSI at scale.

Timeline:

  • May 20, 2024: the regulation enters into force
  • Mid-2026: finalization of technical specifications (Architecture Reference Framework v1.0)
  • End of 2026: availability across the 27 Member States (deadline for States)
  • November 2027: mandatory acceptance by large platforms (fintechs, social media, marketplaces)

European Commission target: 80 million users by 2027. Ambitious but consistent with smartphone penetration in Europe.

Content: the wallet will store personal identification data (PID, the civil identity), qualified electronic attestations of attributes (QEAA, such as a diploma, a license or a professional permit) and unqualified attestations issued by any recognized issuer. Qualified electronic signature is integrated natively.

Interoperability: the wallet must work from one country to another. A French citizen must be able to present their French identity credential to a Spanish service and obtain access. That is the major leap over eIDAS 1.0, whose cross-border coverage barely reached 59% in 2021.

::: callout-info What changes concretely with the EUDI Wallet

  • Identity verification without calling back the issuing authority (proof by cryptographic signature)
  • Selective disclosure: proving you are of age without revealing your date of birth
  • Native compatibility across 27 Member States
  • State deadline: end of 2026 / Platform deadline: November 2027

:::

The paradox of modest adoption

Everything is technically ready. The regulatory schedule is set. The standards are mature. And yet, real adoption of SSI remains modest as of April 2026. Several sources converge: less than 1% of digital identities worldwide run on pure SSI. The vast majority (estimated above 70%) still rests on centralized identifiers, such as Aadhaar (India, 1.3 billion enrolled), FranceConnect, BankID in the Nordics, or Singpass in Singapore.

Why? Four well-documented hurdles.

First, DID implementations diverge. did:web is simple to deploy but reintroduces a centralization risk via DNS. did:ebsi is backed by the European Commission but lightly adopted. did:ion is secure but uncommon in Europe. DID resolution tools are still missing in enterprise environments. This fragmentation cools financial institutions, which cannot commit to one method without long-term visibility.

Then, for a verifiable credential to be useful, both the issuer must be recognized and the verifiers must know how to read it. In 2026, the ecosystem remains asymmetric: few active public issuers (States are only starting at the end of 2026), few verifiers ready in the broader economy. Until critical mass is reached, the credential remains a promise more than a use case.

Integrating an SSI wallet into an existing eIDV journey is not trivial: wallet authentication, reading credentials across several formats, cryptographic validation, revocation handling, governance of trust frameworks. Regulated players are waiting for mature SDKs and security audits before switching.

Finally, traditional eIDV (biometrics, document verification, transactional data) already covers 100% of cases in banked countries. Adding an SSI layer does not remove the need for the existing one. For at least five years, both models will coexist. This coexistence is rational, but it slows the switchover.

SSI is not a short-term revolution: it is a slow transition, driven by the EUDI Wallet, that will play out across the 2026-2035 decade.

How SSI fits with traditional eIDV

Far from replacing classic electronic identity verification, SSI articulates with it. The following table clarifies the respective roles.

AspectTraditional eIDVSSI / EUDI Wallet
Data controlCentralized (authority, eIDV provider)Decentralized (user)
Verification modeCall to issuer or transactional databaseCryptographic (EdDSA, ECDSA signatures)
ConfidentialityAll-or-nothingSelective disclosure, zero-knowledge proof
Biometrics / documentsStored on the provider sideBound to the credential, portable
Worldwide coverage197 countries, 1.5B individuals (our perimeter)EU, with partial interoperability
2026 maturityIndustrializedRolling out
Main use caseOnboarding, banking KYC complianceRecurring strong authentication

The EUDI Wallet does not remove the need for a first enrolment that validates that a real person receives the credential. This initial enrolment leans on traditional tools: biometrics, document verification, verification through transactional data. This is precisely where our business stays relevant.

A typical 2026-2030 pattern:

1. Initial enrolment: the person presents themselves to the French authority (for example via FranceConnect+), which verifies their identity through biometrics + document checks + cross-referencing with transactional data. A civil identity credential is issued into their EUDI Wallet. 2. Recurring use: the person presents this credential to any compatible service (bank, fintech, e-commerce). The cryptographic signature is enough, with no need to re-verify identity at every interaction. 3. Continuous monitoring: transactional data continues to feed dynamic KYC monitoring after onboarding (anti-mule accounts, anti-money-laundering).

::: callout-info Our role in this transition

  • At initial enrolment: we verify identity through transactional data, to validate real existence before the credential is issued
  • For dynamic KYC: we provide continuous transactional signals to detect abnormal behavior after onboarding
  • On international interoperability: we mobilize 4,000 worldwide sources, 197 countries, complementing national wallets

:::

Hurdles to widespread adoption

The "not yet" is the key word. Five documented reasons that will not disappear before 2028-2030.

Regulatory inertia. The EU rules on anti-money-laundering (AMLD6), eIDAS 2.0, MiCA (crypto-assets), DORA (digital operational resilience) and the AI Act all need to converge into operational coherence. That convergence takes time.

Technical coexistence. The wallet does not replace document or biometric verification for the high level of assurance. It complements them. As long as biometric credential standards tied to VCs are not mature, the existing stack remains essential.

User adoption. The average citizen has not asked for a digital wallet. Installation, configuration, and recovery in case of phone loss remain real frictions. Initial usage studies of the German pilot wallet show an activation rate around 12% in the first year.

Institutional trust. Regulators (ACPR in France, EBA at the European level) must validate the operational reliability of wallets before deeming them sufficient for the substantial or high level of assurance. That validation is in progress, but not finalized.

Migration cost. A bank that has invested 10 million EUR in an identity verification platform will not drop it in 18 months. The transition will happen through additional layers, not replacement.

How to prepare in 2026

For regulated players and identity verification providers, a pragmatic strategy breaks down into four streams.

1. Map the existing setup. Which verification methods do you use today? Which eIDAS level do they reach? Where are the blind spots (worldwide coverage, deepfakes, false positives)?

2. Architect in layers. Distinguish the real-data layer (transactional, government, telecom), the biometrics + document layer, and the upcoming credential / wallet layer. The three must coexist in a single verification journey.

3. Follow the EUDI timeline. Mid-2026 (specifications), end of 2026 (availability across States), November 2027 (acceptance by large platforms). Anticipate SDK integration 9 to 12 months ahead of the deadlines that concern your sector.

4. Targeted pilots. Launch an SSI pilot in 2026-2027 on a limited use case (qualified electronic signature, onboarding of B2B partners, employee access). Avoid a big bang on retail production flows.

::: callout-info Practical recommendation

  • Do not wait for the 2027 deadline to explore SSI: pilot early, on small use cases
  • Do not divest from traditional identity verification: it will remain the foundation layer for at least five years
  • Invest as a priority in the transactional data layer: it is the most resilient against deepfakes, and the most complementary to the coming SSI

:::

Key takeaways

::: callout-info Remember

  • DID Core and VC Data Model v2.0 have been stable W3C Recommendations since 2022
  • EUDI Wallet: availability across the 27 Member States by end of 2026, mandatory acceptance by large platforms in November 2027
  • European Commission target: 80 million users by 2027
  • Actual SSI adoption: less than 1% of digital identities worldwide in 2026
  • Coexistence with traditional identity verification for at least five years
  • Verification through transactional data remains relevant: it validates the real existence of a person before the credential is issued

:::

For the foundations of modern identity verification, see the eIDV: electronic identity verification pillar and the eIDV / biometrics / document verification comparison. On the European timeline, read eIDAS 2.0 and the EUDI Wallet. On anti-fraud resilience, Deepfakes and identity: how to detect them in 2026. On transactional data as a foundation, Transactional data sources: why they change the game. On regulatory foundations, see KYC/eIDV regulation France.

::: cta Frame your SSI / EUDI Wallet strategy with our experts? Discuss your project :::