Thanks a lot Andy, and welcome everyone. We're just discussing backstage, you're asking question on everyone's lips, where is the money? It sounds a bit like maybe a preferred joke. We're trying to do something for, for public good societal impact here.
And then, you know, the consultant walks in, he says, okay, how can we make money out of this? Promise you, it's not like that.
So, brief introduction, who I am, what I do. So I am part of Deloitte Belgium in Deloitte, Belgium, we have about 20 identity professionals working on enterprise identity, customer citizen identity. But we're part of a, a much larger network with hundreds of identity professionals in, in Europe. And over 4,000 I think now globally working on this. And for me this topic is a bit full circle. I started my career around what was then the original large scale pilot ENSs.
I'm not sure if there's still people in the room that remember ENSs or, or even stork bonus points, if you remember what the acronym was for. And then worked with the European Commission as a, as a trainee then in the e IIDA task force. So today we're actually back working with the European Commission. We're supporting them also on a range of topics. A lot of PMO, a lot of stakeholder management. I'm working with my colleagues on certification of the wallets as well. If you have questions about that, do talk to us.
Unfortunately, it really doesn't fit in the time we have here and of course business models. So that allowed us to, to speak to a lot of people already. I do have to say all of the information I'm showing you today is not directly related to that study. These are more our own views, but we will be opening up also for wider input from private sector and member states on, on what the business model is.
Good. Having said that, what are we talking about here?
So there's a part in the regulation and specifically the toolbox that says that it's recommended that member states identify guidelines best practices around business models and fee structure. So that doesn't say a lot because the more we've been talking about this, the more questions we've had on what is a business model really.
So if we, if we zoom in a bit, business models, really who pays who for what? That's the basic question. And then of course, fee structure is what is then the compensation for the services that you offer and the different service levels. Now the original recital, this also says that it's encouraged to find the business models to encourage mostly uptake, mostly for SMEs in a cross border context. And I think that's great. So this is actually structured around generating more uptake.
Maybe what's not so great is that we're asking governments to come up with business models.
So that's where we hope to have a bit of an input as well. There's one more important thing here because there is also a big assumption behind the wallets and the, the ecosystem that drive this. So we've surely seen this digital identity wallets have to be provided either by a member state on behalf of a member state or at least recognized by a member state. So that means that member states do have a large role here as gatekeepers to the topic.
That also means that there is a bit of an assumption here that private sector or commercial models wouldn't provide the services or the minimum service infrastructure that we need to make this happen. Instead, we're mandating member states to, to come up with wallets and that is a bit dangerous.
It means that there's a lot at risk here. We need to get this right, if not, and the question was asked earlier this morning, I think also during your session, Andy, why wouldn't we be overtaken by, for example, Google or Apple wallets and, and that risk exists exists.
So there's a lot at stake here in in getting this right now. Maybe a bit more on what's behind this question. I think the most important thing to, to speak about is not only what's the business model for the EU digital identity wallet, but to zoom out a bit and say what's the business model under which an EU digital identity wallet ecosystem can be successful?
And then we're speaking about making sure that all the ecosystem roles are fulfilled, making sure there's widespread uptake, not just among users but also relying parties, especially use cases in public and private sector with, and this is very important, very high daily transaction and usage volumes.
And so think of for example, mobile driver's license. Definitely a great use case and a great credential to have in your wallet. But the amount of times I've taken out my, my driver's license in the past 15 years is maybe once.
And then the last part of course based on healthy market dynamics as well, to make sure that there is innovation, that there is lower pricing and better user experience in the market. So then we can turn the question on the business models on really what measures are needed, what recommendations or guidelines do we need from government and really where do we apply these measures. I should also talk about a few more constraints in the regulation.
And all of this is important because it does set the scene for what the, the, the space that we have to maneuver the business models around already came up a few times today.
Free for end users, of course, free signatures also free, it has to be set for end users. So there's been a bit of fuzz around this, but really this doesn't change too much on how the market is organized today. I I don't really think there are end users that are already paying for their own e-signatures. Usually it is the, the relying party covering that.
And then probably the most important one that we keep running into, of course is the unlink ability of transactions. And for those not familiar with the concept, this basically means that as an issuer, I cannot know where the credentials that I've issued are being used or how often or when. And it's really to protect the privacy of the end user, which is absolutely a good thing. But it does complicate a lot the the business model because it's very hard to understand as an issuer how to get rewarded for the, the credentials that you've, that you've issued.
Maybe if I take a bit of a step back on how this business model is organized today, and I know this is an enormous oversimplification of the, the structure that we have today, but really there are two, three important parties here, especially in a a federated model. And there's an identity provider that's able to offer a set of reusable digital identity credentials. Usually your core identity, your your name, your birthdate, your your birthplace and a relying party could be anything.
And we, we know that there is a willingness to pay for relying parties for re reusable digital identity. And if you're still questioning that today, I think we have a different problem to solve.
The, the issue that we run into in practice of course, that at the relying party at the verifier site identity is really seen as a call center. You're spending money to make this happen.
In reality, if the people running identity at different companies would get compensated, for example, for all the fraud that they've prevented or for all the costs that they've saved by not doing their own identity of boarding, I think they would be a lot, a lot happier.
But in essence it's the relying party that's willing to pay for something, in this case, reusable set of digital identity data, which is easily facilitated by a single identity provider. You can have a contract in place that takes care of not just what data do you get, but also what's the checks and balances in place, the service level, the liability in case something goes wrong, straightforward. Also in terms of business model. So the money flow is opposite to the data flow. The relying party pays the identity provider. So far no surprises. I think decentralized identity is a bit different.
It really adds a bit of complexity or opportunity depending on the way that you look at this. And I think we can look at that from two different perspectives. One in terms of the data and two in terms of the parties that are involved now. So if we look at the data, suddenly there's this whole range of credentials that are coming available that were not available before and that were locked with let's say the potential issuers. And really anyone in this room can be an issuer. I think a lot of people often think I, I'll be a relying party.
I know there's a lot of wallet providers in the room, but honestly every organization here is so much valuable identity data that we can make available if properly rewarded. Of course. Now the thing with that digital identity data is it can really have a different value based on so many different factors.
There can be a different service level. Is that a one-off credential or that comes into updates. There can be a different liability attached to each credential and of course a different level of trust even for the, for the different credentials.
Think of the range between a concert ticket or a a bus ticket or KYC data from a bank. The fact that I am a Deloitte employee, all different types of identity credentials that can and should be rewarded in a different way. And I think that's also very much the philosophy of the, the Web3 or decentralized identity thinking that we can have this dynamic pricing or distributed pricing and, and reward. Now the other complicating factor here is that there are certainly so many more verifiers on the market and so many more issuers.
So that means that contracting is going to get really complicated and I'll say a bit more in a bit about that.
But really so far all that we have is trustingly liability guarantees in the regulation, which is probably not enough to, to stimulate ecosystems coming off the ground on this. So what does that look like still in terms of a, a picture not all that different to what we have today.
And I, I know this is really an oversimplification of of what there is, but as you see there is a lot more relying parties and certainly a lot more issuers. And those issuers are of course the, the authentic sources today, the organizations and the the trust service providers making them available to qe, aas the qualified electronic attribute providers.
But as you see, contracting will be very difficult here. The same goes for how do we reward all those different credential issuers And for me that's really the key or the flywheel to get this off the ground.
Ideally, of course the relying party still pays an issuer for the credential that they've provided here. It becomes a bit difficult. I know that in the current reference wallet and in some of the wallets that we see out there on the market, the credential that you have as a US user is really visualized as what it's like today. So for example, in your mobile driver's license is really a picture of the driver's license as you, as you have it today. But that's probably not how we're going to work with this in the future. And it's not what relying parties need.
They need a bunch of different credentials from so many different sources.
And I know this is a an example often repeated, but for example if we do speak about car rental then a rental agency is probably interested in yes your digital driver's license maybe in your bank account information, maybe in insurance information they want to know that you're older than 30 so you can have a discount. Maybe there's a loyalty program that you're with with your car rental agency. So all of that can become a composite credential, which is great from a relying party point of view.
In fact, the relying party can bundle that, that information and issue it again as as a credential. So you can use that when you're picking up the car. But you see that the issue is how do we get that that distributed or dynamic pricing to towards all of the issuers here. The unlink ability makes that difficult. And I know that's the $1 million question in the room today.
I wouldn't pretend that we can solve that.
There are some ways around that clearinghouse model is often a, a concept that we see coming back, which basically means that there is a trust or organization taking care of the, the the conversation really between issuers and verifiers. Partly that could be solved in the wallet technically. So the wallet does a bit of that calculation on who gets what of the credential. But in reality you're then burdening the end user with that responsibility. So that's probably something you want to avoid.
That could be a separate organization taking care of the transactions between the relying parties and the issuers much like we have in payment schemes today as well. In this case what we could look at as a proxy for those transactions are the trust list. We haven't spoken a lot about trust list in this conference yet, but I think they'll have a much bigger role as we go forward.
I still want to say a few words about the digital identity wallet because we do talk a lot about the wallets when we're speaking about the business model here. I think there are a few different options.
Personally I do think there is space for a self-supporting offering and I think some of us are familiar with this concept from from payment schemes. Again, if we talk about interchange fees, so in this case the wallet could take a share of the total transaction volume passing their way towards the issuers of course how do we calculate that? That will be a a challenge in in practice. The other option is internal sponsorship or value added services. And I think there are many examples there that are out there today as well in, in all kinds of different markets.
And I mentioned these specifically because from the regulation of course that we see there's an assumption that wallet wallets have to be provided or at least guaranteed by governments.
But maybe there's, there's space out there for wallets to come up with an own offering in the market. And for example, if we look at internal sponsorship, I'm thinking for example of of Sonian PlayStations who were able to offer PlayStations at a loss to the market but they really didn't care because of course they have a lot of income from the license model around that to play online.
If we look specifically at the digital identity markets, for example Belgian identity provider, it's me, yes they sell their solution probably at a loss for government services, but it gives them access to millions and millions of end users that already have the application installed. So they still have a reason or rationale to make available their solution here.
I think only the last resort should be external sponsorship even though it's sort of the common reflex that we have today.
Ah, governments have to provide a wallet then it has to be subsidized by by government. There are probably other options but again I think we're talking a lot about the digital identity wallets whereas this is probably something that will come once we have the right incentives in place for the overall active system. And there there's not a lot of difference with how the market is functioning and working today. There are a few different models out there. For example, an issuer could pay itself to make available at credential.
So for example, university's probably happy to issue your diploma because you've already paid your tuition fees. Another option is that the user pays the issuer as you're probably already paying to get your passport today.
But really those two options are cost recovery models.
They, they aren't really providing that flywheel of private sector to make available more credentials. So the verifier pays issuer is still probably the most relevant option here. And for me that's a bit the underlying assumption here. How do we get this ecosystem of the ground? How do we get this working? Really what we see now is credentials being made available. Our public or semi-public credentials, like I said mobile driver's license bit of course your core identity data, maybe some healthcare data that's really good but maybe not the type of data that they use on a day-to-day basis.
To get this off the ground, we need private sector issuers. There needs to be a lot more focus on how do we get those issuers, the reward or the incentives that they need. And then the use cases will, will come by themselves.
So maybe just to close off, I think there are a lot of different incentives that that need to be provided. We could focus on each of the different roles and I'm, I'm more than happy to talk about each of those different, different roles if you can find me after this session.
But the most important message, message today I think is make sure that the issuers are rewarded for the data that they offer. And there are a lot of brokers or proxies that will incentivize these, these issuers to do so for wallets. And I think the previous speaker has a really good analysis on that as well. I think we need to make sure that they're able to scale across Europe to make this a profitable business.
And relying parties, we, we know there is from experience, a willingness to pay here, which is we need to make sure that they are unburdened in all of the admin stuff that comes around this. And I think identity brokers also have a big role to play here. So close off with that Andy, maybe there's still some time for q and a. Well
Thank you. Thank you very much First Joran. Thank you.
I thought that was just a, a super of explanation of the situation at the moment and we should note that the European Commission is well aware of this economic model or situation because they have contracted you guys to That's true. Okay. So it is not like the European Commission is sitting there going, you doesn't matter. That's not the case at all. Taking it very seriously.
So I had, I was writing out a whole bunch of questions, but you answered quite a lot of them, especially around linkability. So relying party pays issuer. If the issuer can see everything that the person is doing with their credential, how's that gonna be solved with the protocols that we have at the moment? True.
So if I, if I knew the answer I probably wouldn't be standing here and and started a different business of my own. No, I think the real answer is, and and we were speaking about that in the previous session a bit, that we have to look at this from an ecosystem based model. So there will be special, or what's a better word for this organizations around a specific topic, whether it's healthcare, whether it's financial data, whether it's travel use cases that come together and still have to make agreements between themselves on how do we cover trust and liability.
And I don't think the technical protocols or the wallet will be able to cover all of that. Yeah,
I, I, I should mention by the way that Jen does do this in Canada where we run the Canadian digital ID ecosystem and it's been complicated to set up, but there is a way to make sure that everything is blinded so that the issuers cannot see this stuff. But there are technical methods as well. But anyway, sorry, this is your, this is your, this is your slide deck and and presentation. But I've got another question. Once there is a method who's gonna set and govern pricing?
That's also a very good question. I've only seen one example in the market out there today, but there might be more, I dunno if dog.io is in the room. They did come up with a market-based model where you have dynamic pricing.
Again, I think under the current protocols or or privacy requirements that will be difficult to implement. But I think once we're able to set up something like a clearing house, we'll be able to come up with more dynamic pricing. Yeah.
As long as the clearing house can't see everything that goes on. Of course there's a question here. Do you think blockchain connect as a payment rail for verifies and issuers from Sebastian?
Have to admit I'm not a blockchain expert so I cannot answer that question. Okay.
Who, whoever answer asked that, if you see Fraser groom over there runs a business called checked.io who do exactly that, blinded payments with credential exchange. So here's another one from Phil Windley. Can any issue, oh sorry, has that gone away? Can any issuer issue any credential? Can anybody issue a cred? Could you issue a credential for membership of, you know, Yuan fan club for example? I
I could it, it just wouldn't be a qualified, what European Commission calls a qualified at the station. Yep. More widely known as verifiable credentials.
And I think that is important to mention, to get this wallet off the ground, we'll probably have a set of hybrid use cases and credentials. If we only do very high trusted certified credentials, we'll probably use this once, once a month or once a year. If we are able to get a lot more, maybe lower trust but high volume use cases in there that get you to use your wallet, I think that'd be fantastic.
Yeah,
Perfect. I think we'll leave it there 'cause that's flashing angrily as juran. Thanks so much again.
Thank you so much. Thank you.
