New Upcoming

• Human Agency Summit, February 23, Napa Valley (Kaliya will be there along with many other decentralize identity folks)

Upcoming

• Workshop: CREDEBL For Decentralized Identity and Verifiable Credentials, Wednesday, February 18 at 8 AM Pacific Zoom

• Join us at the 1EdTech Digital Credentials Summit in Philadelphia, February 18-20, 2026.

• DIF Unconference Africa (an IIW Regional Event) Feb 24-26, 2026 Cape Town

• KERICONF26 April 21-23 2026, Lehi, Utah (US)

• Internet Identity Workshop #42, April 28-30, 2026, Mountain View California

• Agentic Internet Workshop #2, May 1, 2026, Mountain View California

• dice: Digital Identity unConfernece Europe (an IIW Regional Event) June 22-24, Copenhagen, Denmark

PNG’s [Papua New Guinea] First Ever Verifiable Credential Wallet App now available on Google Play

The Department of Information and Communications Technology (DICT) has announced the official release of the SevisWallet App, now available for download on Google Play. The app is a Digital Public Infrastructure and marks a key achievement in PNG’s digital transformation journey, giving citizens SECURE ACCESS to decentralized verifiable credentials.

AI and Identity

“Know Your Agent” (KYA) is emerging as a concept, but its framing guarantees it will fail at scale.

AI agents are running into resistance today for the same structural reasons large, coordinated fraud operations succeed:

→ They operate continuously

→ They retry efficiently

→ They optimize for task completion, not perception

To existing security and risk systems, that behavioral pattern is indistinguishable from attack. This constraint is missing in most discussions. Inference-based identity systems cannot reliably separate delegated intent from compromise once delegation begins to scale. The resulting cost shows up as false positives, throttling, and shutdowns, not because the systems are malfunctioning, but because they are behaving rationally given the information available to them.

Google is building an AI Agent-enabled e-commerce ecosystem

Currently, agentic commerce is flawed. Every AI agent needs custom integrations for every platform. It is complete chaos. Google just solved this with UCP - an open standard co-developed with Shopify, Etsy, Wayfair, Target, and Walmart. Endorsed by 20+ companies, including Mastercard, Stripe, Visa, PayPal, and American Express.

[TIME Magainze 100 AI 2025] Andy Parsons Senior director of content authenticity, Adobe

Parsons oversees the Content Authenticity Initiative, an Adobe project focused on creating a more transparent ecosystem where users can tell whether digital content has been made by humans, AI, or some combination of both. Its currency: “Content Credentials,” a digital signature that holds information like the creator’s name, what device was used to make the content, and the content’s edit history, including whether AI was used in its creation.

“It’s a new kind of metadata,” Parsons says. The credentials allow tracking of any changes to content, he says. “It’s permanently attached to the media, bound to the pixels, or the frames, or the waveforms.”

The AI System That Never Was

“I have an embarrassing backlog of reading about what’s been happening with AI over the last few years. Going through it chronologically turned out to be unexpectedly useful.”

One pattern stood out more than any single policy shift or technical breakthrough: the use and then decline of the phrase “AI system.

Model AI Governance Framework for agentic AI.

Unveiled by Minister for Digital Development and Information Josephine Teo, and released by the Singapore’s Infocomm Media Development Authority (IMDA), the framework addresses governance challenges specific to agentic AI systems, which can plan, take actions, interact with tools, and operate with varying degrees of autonomy.

Thoughtful

Privacy Activists Broke Privacy

Blocking without replacement is not victory. It’s sabotage with better branding.

For the last 30 years, professional privacy activists have been a net negative for actual privacy. Not because privacy doesn’t matter. Because they fought the wrong war, with the wrong tools, and they won the wrong victories. They optimized for symbolic privacy (the kind that sounds good in a press release) and delivered a world of operational non-privacy (the kind that ruins actual lives).

Digital Identity: Bundling, Unbundling and Rebundling

In the context of identity, we are currently transitioning from a period of extreme bundling (centralized silos) to a period of strategic unbundling (verifiable credentials), leading toward a future of user-centric re-bundling (self-sovereign identity). We are currently in the messy middle of this cycle. Governments and banks are beginning to “unbundle” their records into VCs (like Mobile Driver’s Licenses), and wallet providers are competing to be the place where you “re-bundle” your life.

Canadian Competition Bureau - Your Data, Your Control:How data portability can unlock competition and empower consumers

This Canadian report examines data portability—the ability for consumers to transfer personal information between service providers—finding it could save Canadians $1.10–$3.83 billion annually in the insurance sector alone, while also boosting competition and innovation. However, successful implementation requires addressing behavioral barriers, privacy and security concerns, and interoperability challenges through smart regulatory design informed by international examples like the UK’s open banking and Australia’s Consumer Data Right.

Research

[Research] Interoperable Architecture for Digital Identity Delegation for AI Agents with Blockchain Integration

This research proposes a framework for verifiable delegation in digital identity systems that introduces Delegation Grants as distinct authorization artifacts, a protocol-agnostic verification model, a layered trust architecture, and optional blockchain anchoring—designed to work across centralized, federated, and SSI environments for both human and AI agents.

[Research] European digital identity ∗ A missed opportunity

This paper critiques the EU Digital Identity (EUDI) framework and its OpenID architecture for having a narrow conception of authentication, insecure practices, limited credential types, and a trust model that fails to deliver meaningful gains in user control or privacy over existing solutions—while also arguing that the regulation’s institutionalized trusted lists risk re-centralization—and suggests alternatives like OAuth’s UMA/A4DS and GNAP to better support dynamic, decentralized identity use cases.

[Research] Know Your Contract: Extending eIDAS Trust into Public Blockchains

This paper presents an architecture for bridging the EU’s eIDAS trust framework with public blockchains by cryptographically binding smart contracts to qualified electronic seals, enabling machine-verifiable identity attribution of on-chain actions to legal entities—supporting automated regulatory compliance (KYC/KYB) for institutional DeFi, asset tokenization, and agentic commerce without introducing new trusted intermediaries.

[Video] (Nicky Hickman) Verifiable AI with SSI - A Socio Technical Exploration Link to hackathon.

DIDs Going live for CBP (Slide 2) Cargo Traceability User Interface: Oil CBP-135a

Beginning as a pilot with a small set of participants, this enhancement enables use of global interoperability standards (GIS), including decentralized identifiers (DID) and verifiable credentials (VC), to trace crude oil imports from point-of-origin to arrival in the U.S. • For more information, review this related Federal Register Notice.

The Agentic Convergence: Rebundling Trust, Discovery, and Execution

Trust frameworks for Agentic AI are fast developing. In the post-AI, post-agentic-AI era, we got to think identity rebundled not just as “data,” but as verifiable trust and agency. AI provides the discovery and intent, while Tokenization and Verifiable Identity provide the execution and trust. When these technologies converge, they solve the Last Mile problem of the digital economy—the gap between finding a service and actually executing a secure transaction without a mountain of paperwork.

(Nitin Badjatia) The Case for Us: Why the Agentic Web Needs Contracts, Not Consent

Something significant is happening to alter the path forward. MyTerms, the IEEE 7012 standard for Machine Readable Personal Privacy Terms is now officially available to build with. I believe it’s a missing part of the protocol framework that will make the emerging agentic web actually work for people instead of against them. (full disclosure, my fellow board members at Customer Commons were deeply involved in the creation of MyTerms).

What AI “remembers” about you is privacy’s next frontier

Personalized, interactive AI systems are built to act on our behalf, maintain context across conversations, and improve our ability to carry out all sorts of tasks, from booking travel to filing taxes. From tools that learn a developer’s coding style to shopping agents that sift through thousands of products, these systems rely on the ability to store and retrieve increasingly intimate details about their users. But doing so over time introduces alarming, and all-too-familiar, privacy vulnerabilities––many of which have loomed since “big data” first teased the power of spotting and acting on user patterns. Worse, AI agents now appear poised to plow through whatever safeguards had been adopted to avoid those vulnerabilities.

[Report] (CDT) A Roadmap For Responsible Approaches to AI Memory

As AI systems increasingly incorporate memory features to retain user preferences and context across interactions, they raise complex questions about privacy, personalization, transparency, and user control that both echo and deepen longstanding concerns from traditional digital platforms. A 2025 CDT and Microsoft workshop explored these implications, emphasizing that developers’ current design choices around how memories are stored, edited, and deleted will critically shape whether AI memory systems operate responsibly and respect user privacy going forward.

[Report] Position Statement: Age Assurance & Online Safety Regulation

The Global Online Safety Regulators Network, launched in 2022 as the first international forum for independent online safety regulators, is calling for a common, principles-based, and privacy-preserving international approach to age assurance to better protect children online, arguing that greater regulatory coherence will improve child safety, simplify compliance for tech platforms, and build public trust.

[MOSIP] Claim 169’s new version is out!

The latest enhancements are the result of continued collaborative efforts to refine our standardised, interoperable, and offline-friendly QR code. It now includes secondary-language support, elaborated clarifications on implementation guidelines, standard CWT & COSE attributes, credential status, and security considerations, enabling individuals to verify identities quickly and securely in any language, setting or remote areas, while reinforcing trust across diverse identity systems.

(Tim Buma) My goto architecture diagrams for identity, hegemony and payments.

Digital ID Part 2: Three Countries, Three Choices 🇬🇧🇲🇾🇸🇬

🇸🇬Singapore : Competence Without Consent

🇲🇾 Malaysia: Speed Without Safeguards

🇬🇧UK: Rights Before Efficiency

Why is the implementation going through without resistance? Are people here less concerned about personal rights? Is it cultural differences? Collectivists vs Individualists? Where’s the independent bodies conversing awareness? Do citizens have access to information, legal protections, oversight and space to resist? Progress doesn’t need to require choosing between efficiency and citizen rights. Both can be built adjacently.

Our children’s brains are not for sale.

Les preuves d’âge arrivent. The era of “self-declared” age on social media is coming to an end - and a 🇪🇺 European identity system is forming.

Yesterday, French lawmakers in the National Assembly voted overwhelmingly (116 to 23) to ban children under 15 from social media. This follows a similar landmark move by Australia and precedes Ireland’s own mandatory age-check plans.