This is my physical passport. And this passport has some really awesome characteristics so I can carry it with me. Nobody can take it away from me from the distance. If I show you the passport, only you and me know that I'm showing you my passport and not the ministry of Interra from Austria in this case. And several years ago where my decentralized identity journey started, I was driven by the mission that I get this characteristics from the physical passport into digital identity. Because till now we have centralized eids, governments, Google, apple, whatever.
And this identities, these digital identities don't have the characteristics from a physical document. So that was my journey to decent identity and I'm really happy that in this conference there is so much room for this topic. In the last two days, we heard a lot about the protocol challenge. So a lot of protocols are under discussion, not decided.
And in addition, there is some time pressure.
Yeah, in November, we have two years time to implement the IDOs two in Switzerland, the plan is to go live 2026 for such projects that not, that is not that much time. So how you can manage this protocol challenge with the time pressure, the scope of the presentation is really focused on I two architecture reference framework and more on the technology perspective, not on the governance certificate and, and so on perspective, why is IDAs two as proc as a solution provider? Important for us, we have two products. One is proc, one focused on I two and decentralized identity.
And the second one is mobile government solution, which is already in production. And of course we as solution provider, we need to get, get the information, which protocols we should implement, which protocols we should support with our product.
So we are also on a time pressure and sitting on the edge of our chairs and say, okay, what, what, what will be the decision?
So for us, it's also really important to get this decisions. A short look on the timeline. When it comes to I two in November, we have the amendments and then the time is ticking. So we have 24 months time to implement the IDAs and 36 months time to get the cross border acceptance done and the acceptance from third parties. So here in the picture, the wallet should be be ready end of 2026, and cross border use cases should be possible at the end of 2027. And huge companies has to accept also this credentials on the European identity wallet. Let's look on the status.
So where are we at the moment when we talk about technology and standards and protocols?
It's not every protocol on the slides, it's just to show the picture. Where we are in Europe, we have the situation that almost every country has already existing EID machines, sometimes more than 20 years history. So we have a legacy which is in production used from millions of peoples and so on. And we have different protocol stacks, which are at the moment in the architecture reference framework. When you go to Switzerland, there is a little bit of advantage. There is no EID issued from the government.
So it's more or less greenfield. And here also the final decision about the protocols is not yet done, should happen in the next month, most probably open ID and estate chart. Then we have the us. In the US you have the situation that different states have their own MDL implementation. So there is a kind of legacy and you have DHS with analysts here.
They're also working on a technology stack for federal identities. So it's a huge ity of protocols and legacy. And that reminds me of an old story. Yeah. So God created the languages to create chaos and confusion.
And you can compare it a little bit with the current situation we are facing now when it comes to decentralized identity interoperability and so on. What are now your options as a government, as a company? So how you should proceed First options, you wait and see, we often hear that in the market, no, it's so early, we don't know what to implement and all these arguments. But if you see on the timeline, two years is not that much. If you have to integrate in legacy systems, if you have to integrate in your, I don't know, CRM system, SAP system, whatever.
So two years is nothing from my experience.
The advantages is you make no wrong decisions and you're learning from the mistakes others making. The risk is you lose time, you maybe have competitive disadvantage. And the most important risk is if the timeframe is shrinking for your implementation, you will get under stress. And this is really expensive. So if you have a huge scope, a short timeframe, that gets expensive and leads to pressure. The second option is you start now, you have less stress. You start small with a small team, like we see it in Europe.
Some countries start with pilot demo drying out technology and you can explore the integration in your pre system legacy system. And you may be, as a company, have a competitive advantage when the AI does credentials are available. You can use it from day one. The risk is you go in a wrong technically direction. So you have best dependency.
There's no way of going backwards. You have to rework all this stuff and you have stranded costs. But is there a third option to manage this uncertainty in protocols or technology and the time you have?
So we tried with one standard for all in the language area with Esperanto, we failed. So we think it is not possible. It is not possible that we agree. All countries, all authorities, companies, different geographies on the same standard will not happen. Or maybe I, I will, I will not say there is a a possibility, but it's small. Our approach is you have to manage diversity. So this different standards, different implementation, different directions will not go away.
And you need something like the Bubblefish Bubblefish from Hitchhiker's Guide on the Galaxy, which can speak all languages and can translate different languages in real time so that you can communicate with everybody.
So the approach is you reach interoperability with this flexibility. So from our perspective or from my perspective, there is a third option start now stay flexible.
That's the same story as O'Neal told us yesterday in his keynote, that you have to be flexible, you have to start, but stay flexible with this nice example of the railroad with different sizes, how you can reach this because it's easy road on a, on a slide, but how can this be done? Here's a example, how this flexibility can look like.
Yeah, you can issue credential in multiple formats. Like you have a driving license, you need to support the ISO standard, but you also want to have the advantages of a new decentralized credential format, like a state shot. So why not issue it in the wallet in two formats, of course the citizen will only see one credential, but in the backend you have multiple formats, then the wallet can decide if you're coming in a police control.
Yep, I go the the either way because I have everything in my wallet. If I rent out the car, it's not the ISO path, it's the SD job base as an example. So that's examples how you can manage this multi-protocol challenge. What we have done and two years ago we faced the same challenge. So we want to build a product, but we don't know which protocol stack should we choose. And it's a high risk as a company, if I choose the wrong one, it's no market fit. So we decided the flexibility is the most important characteristic of our solution. So flexibility was a prerequisite.
And you see here the different standard passwords grouped this we already support. So I think that's all standards listed in the architecture reference framework in the A ID law in Switzerland. And also technically requirements from DHS. So we created this as icorp in the last two years, which supports everything. And if there is another technology protocol popping up like DICOM two or something else, we can easily implement it because it was designed to be flexible and monitored. This core is everywhere the same. So every wallet is using this core.
So we don't have an implementation for Android, for iOS, and for the backend. The code base is the same and that's the same for the server.
Next thing is, as I mentioned in Europe you have legacy systems and also in the panel discussion this or existing EID system, not legacy, it'll not go away. Almost every country has an app, has an online account or whatever you can use as a citizen. This system are used from millions of people in different countries. So it would be stupid to throw that in the bin and start from the scratch. So we have to manage these existing systems.
You can build everything from the scratch. That's the most extreme example. But you can use your apps which are outside with an existing EID she and just put an SDK underneath, which supports the future European wallet capabilities and have this schemas in parallel on the front end. If it's done good, the citizen will not recognize that his EID the old one is different as other credentials in the wallet.
And the next possibilities you just use the core, the functionalities if you have an existing product. So now comes the marketing slide, sorry for that.
What what might makes us as proceed is different is the combination. I talked a lot about this flexibility and interoperability with the different diff with the different protocols, but it's also the performance. So we build our solution also with the prerequisites. It must be really high performance that means support millions of credentials and millions of users enterprise ready. So enterprise or a government will need support 24 7.
Yeah, because it's a major piece of your future infrastructure for the citizens. So we also provide the support to our product deployable, as I mentioned, you as a customer decide where to deploy it in your data center, in the cloud, wherever you want. So we have no limitations there. Privacy by design.
I started my talk with my passport. That's also really important that we don't sacrifice this privacy by design standards with easy technical solution and have no shortcuts. And the last thing is end to end. So we are providing all different components for a solution.
So thank you very much for your time and your attendance to my talk. I see I'm seven minutes before the time. We are not only me is here on the conference. So also my colleagues WAN and Kai are also on the, on the conference. So if you have questions, if you have other opinions, if you do want to challenge us, please reach out to us.
Thanks very much Andreas. Thank you. Stay on for some questions. So if you've got any questions for Andreas, just drop them in the chat thingamajig.
But I've got one which is you are clearly seeing a, a business opportunity from this situation of multiple protocols. Do you think though that one protocol is gonna win out?
I give you another Swiss answer because with Swiss company we are, we have opinions, but we go the way the the market decide. Yeah. If a customer reach out to us and wants our opinion on different protocols, we are open to discuss it and go also consult also on the decision process. But at the end of the day, we implement what the customers want to be implemented. Right.
So you're pretty agnostic at the moment, would you say? Yeah. And what do you think of firstly the, the new developments in the mobile driving license protocol? ISO 1 8 0 1 3 dash seven. Yeah. And second question, what do you think of the Apple and Google digital credential? API
Second one is a dangerous one.
Yeah, the first
One we we're trying to make it non-dangerous by talking about it, you know. No,
The the dash seven is great because it extends the, the usable, the, the usage of MDL because the MDL was not meant to for use online, digital. Yeah. And dash seven will solve that, and then you can use also an ISO credential online. So we are really looking forward to that. And if it's out there, we'll also support it. Yeah.
Okay. And what about the difficult question?
Ah,
It's different question. Yeah.
You know, we are talking a lot about, so of, of the countries and Europe and we have to get a little bit more independent from the hyperscalers. So
It,
It, it's really hard. I think you have to pay attention that you are not, then again end up with the hyperscalers and they have a sort of control over APIs or their wallets and so on. So I'm really looking forward how this will play out. Countries will decide differently. Maybe there are countries who support this wallets, maybe they're not.
Yeah, wait to see. But from your perspective, you don't mind because it's just another protocol to add on.
So yeah, it's more business for view, the more protocols are. Exactly. So you're hoping there isn't one that wins out?
No, that not means we want to have as much protocols and much different implementations as possible. That would be also for us really, really cumbersome. And we are talking now a lot about protocols and interoperability, but the truth is if different governments and different companies are implementing the same protocol, it'll not fit together. So you even need to make it interoperable between countries or between implementations, even if the, the they use the same protocols because the So protocols have so much room for interpretation in the real development. Yeah.
Well
That, that's the big problem. You can have like a standard like DIDs, when DIDs first started it was like this, the solution to everything and now there's 850,000 did methods. Yeah.
And at the end we, we use five or something else. Yeah. Yeah. And that's, I would wish for that the European Union makes a kind of test harness. Yeah. With APIs we everybody can test and develop against because one to thank you. Oh yeah. Because one-to-one testing makes no sense because then I have to get to every player and at the end I'm not interoperable with the first one because it changed so much.
Yeah. So we really need there more than a you reference wallet, test harness where everybody can test against with their implementation. Right? And then is everybody free? Develop it on your own, work with a company, whatever. Yeah. Yeah.
So that sounds like a really good business opportunity for someone in the audience.
Possibly, or maybe selves. The last question, just there's two minutes left to go. I'm quite interested about, you may not be able to answer this.
What, what's Switzerland doing with I DDAs
With the EID? Yeah. Yeah. I think Roy Rosberg must be here in the conference. So he's the the person to go if you want to have information. Yep. Switzerland, a few years ago the wanted to implement the EID based on private issued eids. This was taking down from the people in the referendum and now they take the total opposite direction. So they choose to go decentralized identity. It'll be issued from the state, from the fed pool, not with private companies. And that's really exciting because these SSI principles are written in the law.
And if the legislation process goes as planned, it should be online 2026. Right.
And interoperable with e IDAs. Of course
Ask, ask Ro, ask ro, ask Ro. He's general. Ask this question. We're getting involved.
It's,
Yeah. Well it's actually a really interesting conversation because coming up next we have somebody who can answer a lot of these protocol questions around e iida as well. But I think at the moment, Andreas, thank you very much indeed.
Thank you for having me. Thank you. Bye-Bye.
