KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
While we're getting our together. One of the Analogies that Daniel has used, which I, I find helpful is the notion of a roaming agreement where we all have an example of a trust framework that crosses regulatory borders, that crosses technology stacks, et cetera. And that Romi agreement allows us to use a phone here in Berlin, as well as in India, et cetera. So it can be done. It has been done. And I'll ask NA if you would go first, because you introduced this notion in Munich in September, what's your thoughts on its progression? It's timing. It's testing it's traction since then. Okay.
Is it on? Yeah, so it's just been like, I mean, nine months or something like that, it's a very short period of time for the coordinated effort like this. And For that kind of short period, I think we have seen a lot of progress, both in technical film, as well as in, in the coming to some kind of, you know, forum to discuss the policy field as well.
I mean, just having, you know, for example, five organizations, the, the gain thing is currently coalition of open 90 foundation or IX life I and cloud signature consortium. That's getting them agreeing to one agreement, takes a substantial effort, but we've done that. So that's a great first step, as well as I guess Torson can talk more closer to it, but we've been doing the alpha POC and then we are into the, the first phase POC and things like that.
And we have improving that, you know, part of the, you know, things that needs to be solved or need to be demonstrated has already been demonstrated in this short period of time. So that's a great progress. I think Sid, I wonder if you could introduce yourself, you're a, a recent gain interested party. If you could introduce yourself and give a little bit of background on not only why gain is of interest, but what you bring to the table, which I think we're all interested in the fantastic work that's occurred in India over the last few years. Sure.
Thank you so much for inviting me and, and being a part of this panel. Hey, everyone, I'm saddha Shati from, from India Goa, which is this coastal city out there, I'm a part of a nonprofit called ice spirit. We are a think tank that focus on building out digital public infrastructure in India. So what Daniel touched upon, which is we've struck upon an innovation architecture where the hard societal problems that we have India is about 1.3 billion people. 28 states. Each state has a completely different culture, language attached to it. So large amounts of diversity.
And so we face a problem when we are thinking about the delivery of financial services, health services, and other critically important socioeconomic services, how do you go about solving for this? No one government service provider can do it. No one private sector entity can do it. And so that's when we pursued a path of creating a set of open standards and the case of identity and then payments, and then data that allowed the government to come in at a base level to create that core public infrastructure, think of it like GPS, but then opened it up to private innovators on top.
And so in the case of payments, the protocol called U P today does a couple of few billion transactions a month it's as a result of UPPI, you've got a number of fintechs that have been built on top. So we do which too recently, China was the leader in digital payments. India does two and a half times that number on a completely open system. So you've not shut out your borders. You've allowed everyone to compete, but it's completely interoperable. So you don't have monopolies coming up.
And so we've now extended that in the case of data as well, where we've thought, how do you create an architecture that gives people control of their data? And that's rolling out for finance about 300, 400 million accounts are now enabled on that system. And similarly for health. And that's sort of how the worlds with, with gain connected as well, promote Walmart. Who's one of the other architects on the team connected me with Daniel.
And, and that started a conversation where there was a real meeting of minds where we realized a lot of the thinking that's happening on what we call digital public infrastructure, these kinds of open standards, where we've had to think about interoperability at the technical and legal level, right in the start, because you cannot otherwise achieve scale connected, closely and resonated with a lot of the discussions that were happening first in the identity and then in the data group.
And, and that's really how, how over the last few months, I think that that sort of collaboration and magic has, has come together. SI when you look at Nick mother Shaw's presentation, how does that map onto your experience of operationalizing trust frameworks at scale in India? So it really depends.
I mean, I'll, I'll touch upon each ecosystem. It varies across identity payments and data. In the case of identity, what we did is we created basically an open standard, which is a 12 digit completely random identifier. That's issued to every individual against their biometrics today, over a billion Indians have that.
And there's about 50, 60 million authentications that take place that required one and ecosystem approach towards this second, it required a legal framework starting through an act of our parliament, which then flowed into subsequent guidelines around various privacy preserving features that were critical around the usage of the ID, the storage of the ID. And you had many concerns that you had to crossover. Can I use this ID for financial transactions as similar discussions out here? What happens in the case of F ATF?
And so a lot of those first principles, we sort of baked into the regulations right in the start, but we left, we didn't mandate adoption. So even in payments and in data, we left it to the market players because if they like it, they can use it. We didn't really mandate that they come on board. And what that did is it really created a competitive environment for people to convince each other, saying, if this is better for us, we will come on board. If it isn't, you know, we won't. And so those are some of the areas where particularly on what we call techno legal.
So a lot of these solves yes, technology is important, but you need an overarching legal framework to build in the right protections and accountability of the players that are involved. And I think those are some of the touchpoints, at least from what Nick had shared, I joined in the latter part of the presentation to what we've seen in the ecosystem out there. Can you talk a bit more about public private partnerships? I think everybody in the room knows that while that's easily said, it's very hard to do. And how did that get done or how is it evolving in your context?
Yeah, so It's, it's, it's quite messy, but to say the least, but the way we think of it is you could across firstly law, technology and institution. Again, it varies depending on the ecosystem. If I start from payments in payments, it's a three layer stack in India. So you have the government which has sort of built through an institution where the banks invested. They created the base public infrastructure. Think of it as an interoperable network, between all the banks, we took a decision that money should remain.
The money flow should be within regulated entities, but it should then be opened to third party innovators on top. So you now have an architecture where you have an interoperable network, which is run by NPCI at the base in the middle. You have the banks, which are the regulated entities. And then on top of that, you have all the fintechs, which are the Google pay and the WhatsApp pay and all of these entities that are built to create the front end consumer experience. So that's one example of a public private partnership.
In the case of data, we said, we did not want the government involved in any of the transaction flow. And so the way that worked is the, the, essentially our central bank created a licensing regime for what are called consent managers, because we felt consent should not be collected either by the custodian of your data or even by the consumer, which is a lender or doctor or any third party, you should have specialized fiduciaries that collect that consent.
So the way the public private partnership played out is the government just notified the broad regulatory framework and said, these are common technical standards. And then people are to apply, get appropriate licenses. And then you have third party players built on top. And in lastly, in the case of identity, however, we required a special purpose vehicle to be created for, since this was dealing with sensitive biometric information and the case of identity, and particularly in biometrics for a lot of use cases.
And I know a lot of crypto enthusiasm in the room, but you do need for de-duplication, there's no way you can do de-duplication in a decentralized manner. And so therefore there was a need for a centralized data store to be created that had to happen within the special purpose vehicle, which had very clear mandates on what they could couldn't do, et cetera.
So, so it depends on each ecosystem, but that's sort of how our primary design principle has been. What is the one thing that, that government should do that they can't screw up because they will generally screw up.
And, and so you give that to them because there are certain benefits that they do bring in, particularly when you're talking about country scale or societal scale problems. And you want to leverage that without housing, everything else within them, Give us a little bit more of a picture of that special purpose vehicle vehicle. What does that really mean? What does that look like? Who owns that? So in the case of identity, as I mentioned, you needed a unique idea to be issued.
So that special purpose vehicle became the unique idea authority of India, U I D AI, and they basically house the encrypted biometric details. And then they open up third party APIs that private innovators can consume. So they're not involved in market creation at all. They're just responsible for the safe storage of that data and ensuring that you have a resilience system. It is up at all points in time, but then the market creation, because we designed a set of open authentication and K YC standards around it, you had various public and private sector. We have a mix in our economy come in.
So whether it was a telecom company, which used in India, you have to do a K BYC when you get a SIM card. So a telecom company like geo used that infrastructure to do 170 million KCS in a similar number of days to deploy 4g connections across the country. But that same infrastructure was then reused by banks to scale up and open up bank accounts. And as a result, we accelerated financial inclusion by about 36 years versus the conventional paper process. Now these are a range of public and private sector entities that become consumers of these APIs, but they're not part of the SPV.
So the SPV had a very narrow mandate that was set up. And again, it's a statutory authority that was put in place, but we didn't extrapolate that design in the case of payments and in data that wasn't required at all. So we didn't replicate that same template there.
I mean, ask one more question and then I'm gonna give my microphone to Torsten and I may not get it back. So that's why I'm asking my questions.
Now, you, you, you know that I have my own. Yeah. That's what I was afraid of. Just in general, when you look at Daniel gold Schneider's or Don Quixote's vision of a globally interoperable network of which India would be a pillar, potentially what occurs to you as the challenges or the opportunities that comes from from that vision? I think it's, it's fascinating vision, I think challenges and opportunities in terms of challenges, a couple, you know, first starting technically, how do you go about actually thinking in terms of interoperability between protocols, right?
And that can also get contentious. We've not even, at least in the data group reached the contentious parts of it. We've still been aligning and, you know, having other discussions where luckily we've founded a first principle's perspective, we agree on a lot of the matters. So I assume the details will work out, but I think that's really where the rubber hits the road from a technical perspective. I think from a legal perspective, also, what we are seeing is in most countries, even our recent interactions in the, with the European union is that the legal frameworks are largely similar.
Again, in the case of data, we believe in consent. We believe in user agency, we believe in the right to data being portable and constructs like that. But I think you are going have, particularly when it comes to crossbo use cases, how does trust get established? What do those similar to our next spoke about what do those levels of assurance look like when I port my data from one region to the other, what does liability and adjudication look like? So I think those are some of the, the challenges that we'll run into, but my belief is that largely all of these are solvable.
And if you look at the end state that gets there, that means I have the ability to share my health data with the best in class doctor in the world, without any constraints and get a informed second opinion. I have the ability to share my financial data for a range of trade transactions across borders and get credit attached to that, which today is a very painful process, all limited to only certain geographies or for example, manage my money and wealth a lot better, which today we've seen, especially even within one geography is painful.
So I think in terms of opportunities, it is extremely powerful to get towards a state where we have interoperability between the core systems that are deployed in various parts of the world. I think it's very positive, at least what we are seeing ground up, that there's an intent and core enthusiasm that we actually come together as individuals and designers of these systems. I think we'll soon get to the stage of actual details being fleshed out. But like I said, I'm, I'm fairly confident that we will flesh those details out. Let me tease twist one more time.
You were teasing teasing us with the work that you're beginning to do with the European union and our audience. There would probably want to know a bit more about what that might indicate Is this for No that's for you?
No, no, no, no. That's for you.
And then, then I promise tourist, But, but it's great because I'm so astonished. I'm, I'm just digesting.
I mean, I live in Germany and we are a developing country in comparison. What, I mean, we have many areas to improve in India, but, but I, but to add to that, I think what, what we realized particularly given the work in data and payments is there was a lot of resonance in other regions.
And so in interactions that we were having with Margaret Vesta at the European union, the realization that can we think about a global effort to put this together, because a lot of countries, the EU as a region, India were passing very similar legislation, but what the key flaw is the class of problems that we are dealing with today. Firstly, our global problems, the, the actors are globally coordinated, right? So you cannot have an uncoordinated response to a globally coordinated actor on the other end. And then if you look at it, you cannot take the same old legal or regulatory approach.
When most interactions are digital. See in the old world, what worked was you put in place regulations that was intermediated through existing institutions. And so that regulations flowed through on the ground today. What we are seeing is you put in place regulations, but companies are able to bypass those regulations because those regulations are not enforceable in the digital interactions that are taking place.
And therefore the realization that you need a techno legal approach where you have regulations, but those same regulations reflect in the first principles of the technology standards that are being created is key. And so then that became a point of resonance where we created a group called the data six, which has Margaret West air and then political representatives from India, Norway, Australia, Japan, and two multilateral bodies, which is the digital public good Alliance and the bank of international settlements. And recently the BIS published a paper about this.
That's trying to bring this effort together. So I'm the moderator rudely interrupting this panel. So interesting. And I have to say thank you so much for sharing your experiences for that. Also bringing some perspective here. Torston I'm sorry. Can I have just, can I, can I, can I, I mean, and it's not a problem because I'm, I'm lined up for the next half an hour for presentation together, Christina. So I will have enough time, just five seconds. We will have a presentation and the demonstration of the current status of the technical PSE of the global short identity.
Joseph, I don't think we will make it right now because I'm scheduled right now to be on stage with Christina. But if you're staying in this room right after the presentation, by Stefan, from ly, you will be able to, to take a look onto what we have achieved so far. We've got a couple of cool stuff to show you. So please stay tuned. That'll be at six 30. It's not on the agenda. This is the EIC secret agenda. So you guys are in the know now run of applause.
