A Practical Checklist to Future-Proof Your State’s Digital Infrastructure

State IT modernization is a perpetual challenge. For new technologies like verifiable digital credentials (secure, digital versions of physical IDs), this presents a classic "chicken and egg" problem: widespread adoption by residents and businesses is necessary to justify the investment, but that adoption won't happen without a robust ecosystem of places to use them. How can states ensure the significant investments they make today will build a foundation for a resilient and trusted digital future?

State IT leaders face increasing pressure to modernize aging infrastructure, combat rising security threats, and overcome stubborn data silos. These challenges are magnified by tight budgets and the pervasive risk of vendor lock-in. With a complex landscape of competing standards, making the right strategic decision is more difficult than ever. This uncertainty stifles the growth needed for a thriving digital identity ecosystem. The drive for modernization is clear, with over 65% of state and local governments, according to industry research, on a digital transformation journey.

Here, we'll offer a clear, actionable framework for state technology decision-makers: a practical checklist to evaluate technologies on their adherence to open standards. By embracing these principles, states can make informed choices that foster sustainable innovation and avoid costly pitfalls, aligning with a broader vision for open, secure, and interoperable digital systems that empower citizens and governments alike.

The Risks of Niche Technology

Choosing proprietary or niche technologies can seem like a shortcut, but it often leads to a dead end. These systems create hidden costs that drain resources and limit a state's ability to adapt. The financial drain extends beyond initial procurement to include escalating licensing fees, expensive custom integrations, and unpredictable upgrade paths that leave little room for innovation.

Operationally, these systems create digital islands. When a new platform doesn't speak the same language as existing infrastructure, it reinforces the data silos that effective government aims to eliminate. This lack of interoperability complicates everything from inter-agency collaboration to delivering seamless services to residents. For digital identity credentials, the consequences are even more direct. If a citizen's new digital ID isn't supported across jurisdictions or by key private sector partners, its utility plummets, undermining the entire rationale for the program.

Perhaps the greatest risk is vendor lock-in. Dependence on a single provider for maintenance, upgrades, and support strips a state of its negotiating power and agility. As a key driver for government IT leaders, avoiding vendor lock-in is a strategic priority. Niche systems also lack the broad, transparent community review that strengthens security. Unsupported or obscure software can harbor unaddressed vulnerabilities, a risk highlighted by data showing organizations running end-of-life systems are three times more likely to fail a compliance audit.

Embracing the Power of Open Standards for State IT

The most effective way to mitigate these risks is to build on a foundation of open standards. In the context of IT, an open standard is a publicly accessible specification developed and maintained through a collaborative and consensus-driven process. It ensures non-discriminatory usage rights, community-driven governance, and long-term viability. For verifiable digital credentials, this includes critical specifications like the ISO mDL standard for mobile driver's licenses (ISO 18013-5 and 18013-7), W3C Verifiable Credentials, and IETF SD-JWTs. The principles of open standards, however, extend far beyond digital credentials to all critical IT infrastructure decisions.

Adopting this approach delivers many core benefits for State government. First is enhanced interoperability, which allows disparate systems to communicate seamlessly. This breaks down data silos and improves service delivery, a principle demonstrated by the U.S. Department of State's Open Data Plan, which prioritizes open formats to ensure portability. Second, open standards foster robust security. The transparent development process allows for broad community review, which leads to faster identification of vulnerabilities and more secure, vetted protocols.

Third, they provide exceptional adaptability and future-proofing. By reducing vendor lock-in, open standards enable states to easily upgrade systems and integrate new technologies without costly overhauls. This was the goal of Massachusetts' pioneering 2003 initiative to ensure long-term control over its public records. Fourth is significant cost-effectiveness. Open standards foster competitive markets, reducing reliance on expensive proprietary licenses and enabling the reuse of components. For government agencies, cost reduction is a primary driver for adoption.

Finally, this approach accelerates innovation. With 96% of organizations maintaining or increasing their use of open-source software, it is clear that shared, stable foundations create a fertile ground for a broader ecosystem of tools and expertise.

The State IT Open Standards Checklist

This actionable checklist provides clear criteria for state IT leaders, procurement officers, and policymakers to evaluate any new digital identity technology or system. Use this framework to ensure technology investments are resilient, secure, and future-proof.

• Ability to Support Privacy Controls: Does the technology inherently support all state privacy controls, or can a suitable privacy profile be readily created and enforced? Technologies that enable privacy-preserving techniques like selective disclosure and zero-knowledge proofs are critical for building public trust.
• Alignment with Use Cases: Does the standard enable real-world transactions that are critical to residents and relying parties? This includes everything from proof-of-age for controlled purchases and access to government benefits to streamlined Know Your Customer (KYC) checks that support Bank Secrecy Act modernization.
• Ecosystem Size and Maturity: Does the standard have a healthy base of adopters? Look for active participation from multiple vendors and demonstrated investment from both public and private sectors. A mature ecosystem includes support from major platforms like Apple Wallet and Google Wallet, indicating broad market acceptance.
• Number of Vendors: Are there multiple independent vendors supporting the standard? A competitive marketplace fosters innovation, drives down costs, and is a powerful defense against vendor lock-in.
• Level of Investment: Is there clear evidence of sustained investment in tools, reference implementations, and commercial deployments? This indicates long-term viability and a commitment from the community to support and evolve the standard. A strong identity governance framework depends on this long-term stability.
• Standards Body Support: Is the standard governed by a credible and recognized standards development organization? Bodies like ISO, W3C, IETF, and the OpenID Foundation ensure a neutral, globally-vetted process that builds consensus and promotes stability.
• Interoperability Implementations: Has the standard demonstrated successful cross-vendor and cross-jurisdiction implementations? Look for evidence of conformance testing or a digital ID certification program that validates wallet interoperability and ensures a consistent user experience.
• Account/Credential Compromise and Recovery: How does the technology handle worst-case scenarios like stolen private keys or lost devices? Prioritize standards that support a robust VDC lifecycle, including credential revocation. A clear process for credential revocation, such as using credential status lists, is essential for maintaining trust.
• Scalability: Has the technology been proven in scaled, production use cases? Assess whether scaling requires custom infrastructure, which increases operational risk, or if it relies on standard, well-understood techniques. Technologies that align with established standards like NIST SP 800-63A digital identity at IAL2 or IAL3, and leverage proven cloud architectures, offer a more reliable path to large-scale deployment.

Building for tomorrow, today

The strategic shift towards globally supported open standards is not just a technological choice; it is a critical imperative for states committed to modernizing responsibly and sustainably. It is the difference between building disposable applications and investing in durable digital infrastructure.

By adopting this forward-thinking mindset and leveraging the provided checklist, state IT leaders can confidently navigate the complexities of digital identity procurement. This approach empowers states to build resilient, secure, and adaptable IT infrastructure that truly future-proofs public services.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions. We build privacy-preserving digital identity infrastructure that empowers people and organizations to control their data. Governments, financial institutions, and enterprises use SpruceID’s technology to issue, verify, and manage digital credentials based on open standards.