Mirela Ciobanu, Lead Editor with The Paypers, shares insights from Europe’s leading digital identity and cloud conference in Berlin.
If you want to know how much you really care about digital identity, just look at the conferences you attend. For me, the 18th edition of the European Identity and Cloud Conference (EIC 2025) — hosted by KuppingerCole — was a clear confirmation: I’m all in.
Held in sunny Berlin at the start of May, the event brought together over 1,400 identity and security experts, consultants, policymakers, vendors, students, and tech leaders from across Europe, North America, Asia, and the Middle East. The big theme? Trust and identity — for humans and non-humans alike.
This was my second time at EIC, and once again, I felt the strong sense of community and eagerness to exchange knowledge on everything from authentication, identity verification, and digital wallets, to AI agents, non-human identities, and securing emerging technologies.
And yes, while identity experts might have a reputation for being ultra-focused (read: geeky 😄), they’re also fun, curious, and community-driven. From food truck feasts and music to boat rides on the Spree and morning runs, the KuppingerCole team and sponsors made sure there was plenty of fun alongside the learning.
EIC 2025, Berlin, Morning run
The Paypers had the pleasure of connecting with many thought leaders and attending sessions packed with insights. The agenda was rich — touching on European Digital Identity Wallets, B2B trust frameworks, IAM resilience, deepfakes, autonomous AI agents, and more. Of course, I couldn’t cover it all, so I focused on two big themes: identity fabrics for today and tomorrow, and the latest adoption trends around the European Digital Identity Wallet.
Let’s dive in.
In his opening keynote at EIC 2025, Martin Kuppinger, Co-Founder and Principal Analyst at KuppingerCole Analysts, outlined the foundational trends that will shape Identity and Access Management (IAM) over the coming decades. Central to his vision is the concept of the ‘identity fabric’—a modular, orchestrated mesh of identity services designed to deliver secure, seamless, and governed access across a growing landscape of human and non-human identities.
Source: Slide from Martin Kuppinger's presentation at EIC 2025
As digital ecosystems expand, speakers throughout the conference echoed the importance of identity as a core business enabler—one that goes beyond cybersecurity to support resilience and business continuity in increasingly complex environments.
So, what exactly is an identity fabric? According to Martin, it’s not just about technology—it’s a long-term architecture that must stay relevant well into the 2040s. It enables organisations to securely manage access across decentralised systems while adapting to constant change.
Here are the key trends Martin Kuppinger identified for the future of IAM:
Policy-based access control - moving beyond static entitlements, policy-based access control is essential to eliminating ‘standing privileges’—the root cause of many identity failures. Access decisions should be context-aware, factoring in behavioural signals, risk levels, and real-time data. ‘We need to make decisions based not only on static data, but on context, signal, and behaviour’, Martin noted. ‘Static entitlements are just bad programming.’
Modular, modern architectures - the identity fabric must be modular and modern, built for flexibility and easy deployment. This is already reflected in how vendors expose capabilities via APIs—now the industry standard.
Orchestration - as IAM solutions grow more complex, orchestration becomes critical to integrate various components into a cohesive mesh. In the latest Leadership Compass: Identity Fabrics, orchestration scored higher than ever, signalling its growing importance in bringing together centralised and decentralised identity models.
Decentralised Identity - decentralised identity models reduce silos and create reusable, verifiable identity credentials for both people and machines. These identities can include attributes like job roles or employment status, enabling dynamic authorisation without relying on a single point of failure. ‘With decentralised identity, you can attack one identity—not thousands. That makes a difference’, said Martin.
Signal Sharing - identity systems must increasingly rely on a rich variety of contextual signals—risk data, behavioural indicators, device posture, and more. These signals form the basis of autonomous identity models, where decision-making can be driven by AI based on consistent patterns across multiple inputs.
Autonomous Identity - with the rise of agile, distributed environments, manual identity administration is no longer scalable—especially for non-human identities and operational technology (OT). AI-powered identity systems are needed to make nuanced, real-time decisions that are neither purely ‘allow’ nor ‘deny’, but dynamically adaptive.
AIdentity (AI + Identity) - this emerging intersection supports smarter decisions in authentication, fraud detection, and access governance. As Kuppinger puts it, ‘AI for identity, and identity for AI’.
Traditional identity management is siloed, fragmented, and often brittle. The shift toward decentralised identity—paired with strong, real-time signals—offers a more robust, flexible, and reusable approach. As Martin concluded, ‘this is a paradigm shift—especially for non-human identities—finally moving us past the elusive ‘single source of truth’.
Digital identities are transforming how individuals and organisations verify information about themselves—without the friction of physical documents. Yet in today’s reality, that process is still clunky and inefficient. People tilt ID cards awkwardly in video calls or send photos via messaging apps, only for the data to be manually re-entered. It’s inconvenient, leads to drop-offs, and undermines security. ‘The security properties of physical documents are lost when you take a screenshot’, one expert noted. ‘That opens the door to fraud.’
The solution? Digital credentials—cryptographically protected, portable, and designed for trust and efficiency, stored within digital wallets. If built on interoperable frameworks supported by both public and private actors—and backed by the right incentives—digital identity systems can finally scale.
At EIC 2025, experts across sectors came together to discuss the evolution of the European Digital Identity Wallet (EUDIW)—a cornerstone of the EU’s plan to make secure, cross-border digital identity a reality. While many perspectives were shared, here are some standout insights.
The European Digital Identity Wallet aims to offer a non-discriminatory, interoperable infrastructure where anyone—governments, banks, service providers—can issue or accept verified credentials, regardless of platform or provider. By the end of 2026, all EU member states must make such a wallet available to their citizens. States can choose from several implementation models: develop their own, assign it to an external provider, or create broader ecosystems. Regardless of the path, all wallets must be certified, secure, interoperable, and compliant with the EU regulations.
Still, while compliant and sovereign, these digital identity systems need to be up and running and provide exceptional UX. During a hilarious roleplay on the diversity of national approaches, Sadrick Widmann, CEO of cidaas, issued a call to action: ‘Europe, we have a problem. While the US and China built the platforms powering the digital economy, we’re still stuck in policy debates. We’re great at making rules—but not at building the platforms to enforce them.’
Source: Slide from Sadrick Widmann's presentation at EIC 2025
Sadrick emphasised that digital sovereignty is not just about data privacy, as often conflated with GDPR, but about owning infrastructure, access, and identity flows. ‘If we keep delaying, we risk losing momentum—not just for users, but for companies and the providers building these solutions.’
To drive adoption of the European Digital Identity Wallet (EUDIW), Dr. Dominik Deimel, Managing Director at Wallet Experts GmbH, emphasised the importance of ecosystem thinking and stakeholder influence.
Rather than treating the EUDIW as a standalone product, Dr. Deimel suggested approaching it as a relationship-based ecosystem—one shaped by users’ lived experiences across different domains. These ecosystems have distinct rules, governance, and infrastructure, with participants investing significantly in their development.
Source: Slide from Dominik Deimel's presentation at EIC 2025
The EUDIW introduces a new way of handling infrastructure and data governance, enabling citizens to share verified information in a self-determined, privacy-preserving manner. Beyond identification, it unlocks features like digital signatures, which can enhance contracting and open the door to new, cross-sector use cases.
To gain traction, Dr. Deimel proposed a practical framework:
Identify key decision-makers responsible for architecture
Understand their pain points and desired gains
Map EUDIW features as pain relievers and gain creators
Use this understanding to influence broader ecosystem adoption
Ultimately, changing mindsets and ensuring long-term infrastructure adoption depends on identifying and empowering the right stakeholders within each ecosystem to drive decentralised, user-centric innovation.
To scale the European Digital Identity Wallet (EUDIW), it’s essential to answer a core question: How do we attract and incentivise stakeholders to join the ecosystem? Luigi Castaldo and Jörg Lenz from Namirial offered insights into monetisation approaches that could make the initiative sustainable.
Source: Slide from Namirial team's presentation at EIC 2025
One popular use case is the qualified electronic signature, which raises practical questions from potential relying parties—like banks and insurance companies—about their role in the ecosystem. To address this, the Namirial team outlined three potential models:
User-pays model - the user pays for the issuance of electronic attestations (e.g. renewing a passport or certificate). While straightforward, this model places the financial burden on individuals.
Issuer-pays model - typically adopted by governments, this model funds issuance through public taxes, making attributes free to users. However, it's less practical when involving private stakeholders.
Verifier-pays model (proposed solution) - relying parties—such as banks—pay a small transaction fee each time they verify an attribute. This compensates the issuer for managing the infrastructure and ensures scalability without shifting costs to users.
These models support a range of real-world use cases, particularly in finance and compliance, such as KYC processes, credit checks, and income verification. However, ensuring unlinkability—where users remain in control of who accesses their data—is key. As Luigi noted, technologies like credential encryption can preserve privacy while still enabling secure, consent-based data sharing.
In our next instalment, we’ll take a closer look at how various European countries are shaping their EUDIW strategies—insights drawn directly from KuppingerCole’s European Identity and Cloud Conference. Stay tuned for a deeper dive!
About Mirela Ciobanu
Mirela Ciobanu is Lead Editor at The Paypers, specialising in the Banking and Fintech domain. With a keen eye for industry trends, she is constantly on the lookout for the latest developments in digital assets, regtech, payment innovation, and fraud prevention. Mirela is particularly passionate about crypto, blockchain, DeFi, and fincrime investigations, and is a strong advocate for online data privacy and protection. As a skilled writer, Mirela strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. Connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now