Practical Digital Identity in America

Part 5 of SpruceID’s Digital Identity in America Series

This article is part of SpruceID’s series on the future of digital identity in America. Start with the first installment here.

Digital identity has shifted from being an abstract concept debated in think tanks and working groups to something playing out in real time across America. It’s happening in airports and DMVs, in state legislatures and federal courts, and, increasingly, in the apps on our phones.

The past few years have been a whirlwind of experimentation and progress. Seventeen states have rolled out mobile driver’s licenses (mDLs), with more on the way. Private sector services like CLEAR and ID.me have become mainstream, while Google and Apple are moving aggressively beyond “Login with…” buttons into identity verification itself. Civil society is weighing in with digital rights guidelines. Regulators are updating decades-old frameworks. And generative AI is rewriting the fraud landscape.

In other words, we’ve reached a critical inflection point. The momentum is real, but so are the risks. Public trust in both government and technology is at historic lows. People expect consumer-grade experiences but fear surveillance. Businesses and governments need more reliable verification, but worry about costs and compliance.

So the question becomes: how do we build practical digital identity in America? How do we move beyond pilots and policy debates to systems that are usable, secure, private, and decentralized? Here, we’ll lay out where we are, what’s working, the challenges ahead, and the shared goals that can get us to the future we want.

A Moment of Traction… and Tension

It’s easy to be cynical about government technology, but adoption numbers tell a different story. Seventeen states already issue mobile driver’s licenses. TSA accepts them at over 250 security checkpoints. ABI Research projects over 143 million Americans will hold one by 2030.

These credentials are not theoretical. In California, the DMV Wallet has issued over 2 million mDLs in less than two years. Beyond licenses, it has digitized more than 30 million vehicle titles using blockchain-backed records. Utah has launched a statewide framework for verifiable credentials, embedding privacy protections into law. The Department of Homeland Security is piloting digital credentials for immigration. And NIST’s National Cybersecurity Center of Excellence (NCCoE) has convened banks, agencies, and vendors to test interoperable online mDLs.

At the same time, the private sector has surged ahead. CLEAR now handles identity verification for millions of travelers. ID.me is used by over 100 million Americans for government benefits and tax filing. Apple Wallet and Google Wallet are expanding from credit cards and transit passes into identity credentials and IDV. In short: identity is no longer confined to government-issued documents. It’s a growing market with both tech giants and startups competing to become the default identity provider for the digital age.

But while adoption is accelerating, trust is fragile. Pew Research surveys show confidence in government at near-historic lows. Distrust of Big Tech is even deeper, with most Americans skeptical about how their personal data is handled. For digital identity to scale, it cannot simply be a matter of rollout. It must be designed to address this fundamental trust deficit.

Policy Momentum: Guardrails Are Emerging

Policy is beginning to shape the contours of digital identity. Civil society groups like the ACLU have published Digital ID Guidelines, emphasizing voluntariness, consent, and protections against profiling. These aren’t academic exercises—they’re trust guardrails designed to reassure the public that digital identity will serve individuals, not exploit them.

Utah’s SB 260 is a landmark example. Passed in 2025, it sets some of the strongest privacy protections in the country: no forced phone handovers, no remote disabling of credentials, no tracking or profiling, and mandatory support for selective disclosure. Crucially, it requires that physical IDs always remain valid, ensuring no one is excluded from essential services for opting out of digital identity. Utah’s framework has quickly become a reference point for other states.

California has its own privacy tradition. Its California Consumer Privacy Act (CCPA) set a national benchmark for data rights, and digital identity is falling under that umbrella. Add to this a Supreme Court ruling on age verification, which has forced lawmakers to grapple with how to prove age online without exposing sensitive data.

Meanwhile, sanctions enforcement demonstrates how central identity already is to national security. U.S. sanctions remain one of the country’s most effective geopolitical tools, but their success depends on accurate, efficient identity verification. Without modernized digital identity, sanctions compliance risks becoming porous and costly.

Federal reform is also brewing. The GENIUS Act and the CLARITY Act reforms are opening the door to modernizing financial identity. These changes could allow the financial system to move away from outdated, document-heavy verification toward digital credentials and even integration with digital assets. For the first time in decades, there is legislative momentum to overhaul the frameworks that govern how identity is managed in the financial sector.

Technology Foundations: Maturing Fast

While policy is catching up, the technical foundations of digital identity are already here. The past five years have seen significant harmonization of standards and a rapid growth of the vendor ecosystem.

Decentralized identity isn’t built on a single technology, it’s emerging from a family of open standards that serve different needs. The W3C’s Verifiable Credentials (VCs) provide a flexible way to express facts like your degree or professional license, cryptographically signed so they can’t be altered. ISO/IEC 18013-5 and 18013-7 set the rules for mobile driver’s licenses (mDLs), already accepted at more than 250 TSA checkpoints across 17 states, while ISO/IEC 23220-4 “mdocs” extends this approach to other government-issued documents like passports or residence permits. In parallel, SD-JWTs bring many of the same privacy-preserving features into the existing web and enterprise identity ecosystem, letting users share only the claims needed for a transaction without exposing everything else.

These standards aren’t competitors so much as complements. Each solves a different piece of the identity puzzle, whether it’s cross-sector interoperability (VCs), government-issued IDs (mDLs and mdocs), or enterprise adoption (SD-JWTs). The role of NIST’s Digital Identity Guidelines (SP 800-63-4) is to provide a baseline of trust and assurance that ties them together. The real test for policymakers and implementers will be ensuring these standards work in harmony, so digital identity becomes an interoperable layer of trust rather than another fragmented patchwork.

The NCCoE’s Online mDL initiative is stress-testing interoperability between DMVs, banks, and wallets. Internationally, the EU’s Architecture and Reference Framework (ARF) for the European Digital Identity Wallet provides a comprehensive model, while in the U.S., the American Association of Motor Vehicle Administrators (AAMVA) has released Implementer’s Guidelines for states.

What once required phone calls and paper files can now be verified instantly with a cryptographic signature.

The result is a robust technical ecosystem. There are now multiple wallet providers, credential issuers, and verifiers building on shared protocols. It’s not perfect - interoperability still needs work - but it is far enough along to move from pilots to production.

The AI Shockwave: Old Methods Won’t Survive

Generative AI has fundamentally changed the identity fraud landscape. It’s not just that photos can be faked. Entire personas can now be generated: faces, voices, utility bills, bank statements, employment records. What used to take a skilled fraudster hours now takes an AI model seconds.

Traditional identity verification methods, such as uploading a selfie, scanning a document, showing a utility bill, are collapsing under this pressure. Vendors admit quietly that their old models are increasingly ineffective. The industry consensus is clear: document-based verification is on borrowed time.

Generative AI can now fabricate faces, voices, and documents in seconds—putting legacy identity verification on borrowed time.

This is both a crisis and an opportunity. It is a crisis because billions are being lost and trust in online transactions is eroding. It is an opportunity because it forces the adoption of stronger, cryptographically anchored systems. Instead of checking pixels in a photo, verifiers will need to check digital signatures on credentials. Instead of relying on “feeder documents” like bills, systems will need to issue credentials directly from authoritative sources - DMVs, universities, banks.

The only sustainable path forward is to evolve toward risk-based systems that combine cryptographic verification with dynamic fraud detection. Decentralized identity isn’t just a better model; it’s becoming the only defensible one.

Why Practical Identity Matters

All of this activity - adoption, policy, standards, AI threats - points to the same conclusion: the U.S. is at a crossroads. We can either build digital identity haphazardly, with siloed solutions and uneven protections, or we can align on practical systems that work for people, governments, and businesses alike.

So what does “practical digital identity” look like? Four qualities stand out.

It must be usable. People expect consumer-grade experiences. If it isn’t as easy as tapping Apple Pay, people won’t adopt it.
It must be secure. Credentials must be tamper-proof, resilient against phishing and deepfakes, and backed by encryption.
It must be private. Selective disclosure and zero-knowledge proofs should be defaults, not extras. Verifiers should never get more data than they need, and platforms should not be able to track where and when credentials are used.
And it must be decentralized. Interoperability is essential. No single vendor, wallet, or government silo should control digital identity. People should be able to carry their credentials across state lines, industries, and borders without starting over.

From Vision to Reality

Getting there requires coordination and courage. Coordination between states, federal agencies, and the private sector to align on interoperable standards and trust frameworks. Courage to move away from outdated verification models and entrenched intermediaries, even when they are familiar.

The good news is that America has done this before. We built interoperable payments systems. We built the internet on open protocols. We standardized driver’s licenses and passports. The same is possible for digital identity, if we focus on shared goals.

If we succeed, the benefits are enormous: reduced fraud, more efficient services, better compliance, and restored trust in digital interactions. If we fail, we risk fragmentation, lock-in, and systems that serve platforms or governments rather than people.

The path forward isn’t easy, but it is clear. America needs practical digital identity that is usable, secure, private, and decentralized. We have momentum: adoption is growing, policy guardrails are emerging, technical standards are maturing, and AI has made the need urgent. What we need now is alignment.

Practical digital identity is not about replacing the plastic card in your wallet. It’s about rebuilding the trust layer of the digital world. Done right, it can strengthen democracy, modernize financial systems, and empower individuals. Done wrong, it risks entrenching surveillance and exclusion.

The choice is ours - and the time is now.

This article is part of SpruceID’s series on the future of digital identity in America. Read more in the series:

SpruceID Digital Identity in America Series

Building digital services that scale take the right foundation.

Talk to our team

About SpruceID: SpruceID builds digital trust infrastructure for government. We help states and cities modernize identity, security, and service delivery — from digital wallets and SSO to fraud prevention and workflow optimization. Our standards-based technology and public-sector expertise ensure every project advances a more secure, interoperable, and citizen-centric digital future.