Why Digital Identity Frameworks Should Be Public Infrastructure

Most people think of digital identity as a mobile driver’s license or app on their phone. But identity isn’t just a credential, it’s infrastructure. Like roads, broadband, or electricity, digital identity frameworks must be built, governed, and funded as public goods.

Today, the lack of a unified identity system fuels fraud, inefficiency, and distrust.  In 2023, the U.S. recorded 3,205 data breaches affecting 353 million people, and the Federal Trade Commission reported $12.5 billion in fraud losses, much of it rooted in identity theft and benefit scams.

These aren’t isolated incidents but symptoms of fragmentation: every agency and organization maintaining its own version of identity, duplicating effort, increasing breach risk, and eroding public trust.

We argue that identity should serve as public infrastructure: a government-backed framework that lets residents prove who they are securely and privately, across contexts, without unnecessary data collection or centralization. Rather than a single product or app, this framework can represent a durable set of technical and statutory controls built to foster long-term trust, protect privacy, and ensure interoperability and individual control.

From Projects to Public Infrastructure

Governments often launch identity initiatives as short-term projects: a credential pilot, a custom-built app, or a single-agency deployment. While these efforts may deliver immediate results, they rarely provide the interoperability, security, or adoption needed for a sustainable identity ecosystem. Treating digital identity as infrastructure avoids these pitfalls by establishing common rails that multiple programs, agencies, and providers can build upon.

A better approach is to adopt a framework model, where digital identity isn’t defined by a single product or format but by adherence to a shared set of technical and policy requirements. These requirements, such as selective disclosure, minimal data retention, and individual control, can apply across many credential types, from driver’s licenses and professional certifications to benefit eligibility and guardianship documentation.

This enables credentials to be iterated and expanded on thoughtfully: credentials can be introduced one at a time, upgraded as standards evolve, and tailored to specific use cases while maintaining consistency in protections and interoperability.

Enforcing Privacy Through Law and Code

Foundational privacy principles such as consent, data minimization, and unlinkability must be enforced by technology, not just policy documents. Digital identity systems should make privacy the default posture, using features (depending on the type of credential) such as:

• Selective disclosure (such as proving “over 21” without showing a birthdate)
• Hardware-based device binding
• Cryptographically verifiable digital credentials with offline presentation
• Avoid architectures that risk exposing user metadata during verification.

By embedding security, privacy, and interoperability directly into the architecture, identity systems move beyond compliance and toward real-world protection for residents. These are not optional features, they are statutory expectations brought to life through secure protocols.

Open Standards, Broad Interoperability

Public infrastructure should allow for vendor choice and competitive markets that foster innovation. That’s why modern identity systems should be built on open, freely implementable standards, such as ISO/IEC 18013-5/7, OpenID for Verifiable Presentations (OID4VP), W3C Verifiable Credentials, and IETF SD-JWTs.

These standards allow credentials to be portable across wallet providers and verifiable in both public and private sector contexts, from airports and financial institutions to universities and healthcare. Multi-format issuance ensures credentials are accepted in the widest range of transactions, without compromising on core privacy requirements.

A clear certification framework covering wallets, issuers, and verifiers can ensure compliance with these standards through independent testing, while maintaining flexibility for providers to innovate. Transparent certification also builds trust and ensures accountability at every layer of the ecosystem.

Governance Leads, Industry Builds

Treating digital identity as infrastructure doesn’t mean the public sector has to (or even should) build everything. It means the public sector must set the rules, defining minimum standards, overseeing compliance, and ensuring vendor neutrality.

Wallet providers, credential issuers, and verifiers can all operate within a certified framework if they meet established criteria for security, privacy, interoperability, and user control. Governments can maintain legal authority and oversight while encouraging healthy private-sector competition and innovation.

This governance-first approach creates a marketplace that respects rights, lowers risk, and is solvent. Agencies retain procurement flexibility, while residents benefit from tools that align with their expectations for usability and safety.

Why This Matters

Digital identity is the entry point to essential services: healthcare, education, housing, employment, and more. If it’s designed poorly, it can become fragmented, invasive, or exclusionary. But if it’s designed as infrastructure with strong governance and enforceable protections, it becomes a foundation for inclusion, trust, and public value.

Well-governed digital identity infrastructure enables systems that are:

• Interoperable across jurisdictions and sectors
• Private by design, not retrofitted later
• Transparent, with open standards and auditability
• Resilient, avoiding lock-in and enabling long-term evolution

Most importantly, it is trustworthy for residents, not just functional.

A Foundation for the Future

Public infrastructure requires alignment between law, technology, and market design. With identity, that means enforcing privacy in code, using open standards to drive adoption, and establishing certification programs that ensure accountability through independent validation without stifling innovation.

This is more than a modernization effort. It’s a transformation that ensures digital identity systems can grow, adapt, and serve the public for decades to come.

Ready to Build Trustworthy Digital ID Infrastructure?

SpruceID partners with governments to design and implement privacy-preserving digital identity systems that scale. Contact us to explore how we can help you build standards-aligned, future-ready identity infrastructure grounded in law, enforced by code, and trusted by residents.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.