Implementing Chile's national digital identity strategy

Digital identity has become an important policy priority given the rapid digitalisation of public services and the growth of the digital economy. As digital identity systems become increasingly embedded into the lives of people and businesses, governments need a forward-looking approach to their development and governance in the years ahead. This section provides an overview of key trends that will shape digital identity policies over the next decade, with particular attention to security risks, public-private collaboration, and cross-border interoperability. It follows the request of the Chilean government to identify policy trends to inform the implementation of its digital identity strategy. These trends have been identified based on OECD’s existing work and additional research.

The OECD (2023[2]) defines digital identity1 as the tools and systems that let individuals and organisations prove who they are and share verified information (attributes and/or credentials) such as proof of age, qualifications, or permits in a secure and reliable way through digital means. It covers the entire digital identity lifecycle, including identity verification (verifying that someone is who they say they are) and authentication (ensuring that the person trying to access the service is the same person whose identity was previously verified) and the sharing of digital attributes and credentials. Trust services complement by enabling secure digital transactions, such as signing, sealing, or time-stamping documents, or ensuring communications cannot be tampered with, as recognised in OECD recommendations.

The benefits of a well-designed digital identity system include:

• For individuals: simpler and safer access to essential public and private services, with stronger security, privacy, and recovery options, while maintaining non-digital options.

• For businesses: lower costs and risks in customer verification, easier regulatory compliance, and smoother participation in economic activities. Estimates have pointed to a 3-13% GDP increase from digital identity adoption by 2030 (White et al., 2019[3]).

• For governments: more secure, cost-effective, seamless and efficient service delivery as well as stronger fraud prevention while protecting privacy.

Because so many essential services and interactions depend on digital channels, digital identity can be thought of as a public infrastructure, similar to roads or electricity (OECD, 2024[4]; OECD, 2023[2])). Roads allow people and goods to move safely and efficiently between places, and electricity provides a reliable foundation for homes, businesses, and public services. Like these systems, well-designed digital identity system can offer the pathways for people and businesses to interact securely with public and private services in the digital age. Just as governments invest in building, regulating, and maintaining physical infrastructure to serve the public, they should also ensure that digital identity systems are secure, interoperable, inclusive, and resilient, so that the benefits extend to all users while risks are managed. In countries where legal identity management is decentralised or federal, governments will need to co-ordinate across levels of administration (OECD, 2023[2]).

Over the next ten years, digital identity will accomplish more than just proving who you are. In line with the OECD Recommendation on the Governance of Digital Identity (OECD, 2023[2]), digital identity includes the ability for people and organisation to exchange verified digital information (such as attributes and credentials) about themselves. This may include digital proofs of diplomas or age, driver’s licences, residency permits, and vaccination records, which have the same legal weight as their physical counterparts. It also enables individuals to securely share this information with various services, such as through digital wallets or mobile apps. Gartner (2024[5]) estimates that, by 2026, half a billion smartphone users will regularly use a digital identity wallet. By then, 22 out of the 38 OECD members who are EU member states will offer interoperable digital identity wallets that will let citizens store and use verified credentials and attributes and across public and private services. These verifiable credentials and attributes will be issued according to rules and standards that ensure they can be trusted with a high level of assurance (European Commission, 2025[6]). Additionally, there are plans to roll out EU business wallets tailored to the specific needs of businesses and organisations as wallet users (European Commission, 2025[7]).

Better digital identity approaches can enhance security and privacy by ensuring that individuals have more reliable, user-centric ways to verify their identity and to authenticate themselves online and in person. Stronger identity systems reduce reliance on insecure practices such as weak passwords or easily forged paper documents, lowering the risk of fraud and identity theft. Modern frameworks can also embed privacy-by-design principles and technologies such as zero-knowledge proofs2, giving people greater control over what personal data is shared and with whom (Aad, 2023[8]). For governments and service providers, this enables more secure access to essential services, greater efficiency in delivery, and stronger protection of sensitive information.

At the same time, the adoption of digital identity systems carries risks that are likely to increase as technologies develops. These risks should be carefully managed over the next ten years. As digital identity becomes embedded in access to essential services, large-scale cyberattacks or system failures could disrupt critical national infrastructure, endanger individuals, and erode trust in service providers. Such risks include identity fraud, data breaches, and exclusion when people cannot access or recover their accounts. For instance, although artificial intelligence offers more seamless and secure identity verification, it also enables new threats such as synthetic identity fraud and deepfakes, which can undermine remote identity checks (OECD, 2024[9]; Iproov, 2024[10]; Shahid Hanif, 2024[11]). In 2024, figures show that a deepfake attempt occurred every five minutes, while digital document forgeries increased by 244% year over year (Entrust, 2025[12]).

Multi-factor authentication is important because it strengthens protection compared to using a simple password; however, it remains vulnerable to bypass attacks, such as through social engineering techniques and phishing attacks (Cyber Security Agency of Singapore, 2024[13]). Digital identity will also face major cryptography challenges in the coming years. Quantum computing could break today’s standards, forcing difficult migrations to new algorithms (OECD, 2025[14]). Other risks associated with increased reliance on digital identity include outages that cut off access to essential services, weaknesses in account recovery processes, and compromises in the technology supply chain. No solutions are risk-free, including widely used, secure digital identity solutions, as demonstrated by the case of BankID in Sweden (Box 1).

These risks highlight the need to design identity systems with resilience and security at their core. In particular, centralised identity platforms can become attractive “honeypots” for cyberattacks, and if breached, the consequences may spread across entire sectors. Governments therefore carry a particular responsibility to set robust security standards, ensure systems are tested and audited, and provide fail-safes so that essential services remain accessible even when digital identity systems are under stress (OECD, 2023[2]).

While many countries are advancing national efforts, the growing cross-border flows of people, goods, services and businesses, including through digital trade, make mutual recognition and trust in digital identity systems across borders increasingly important.

Today, countries are embedding digital identity into trade and digital economy agreements, deepening bilateral and regional partnerships, and engaging in multilateral dialogues through the G7, G20 and beyond. The OECD has supported this agenda by helping shape international consensus on digital identity policy and governance. In 2023, 38 OECD Members adopted the Recommendation on the Governance of Digital Identity, which includes a third pillar focusing on “Enable Cross-Border Use” (OECD, 2023[2]). In 2024, the G20 endorsed the G20 General Principles on the Governance of Digital identity, drawing on the OECD framework (G20 Digital Ministers, 2024[16]). That same year, a G7-wide mapping of digital identity approaches was completed which identified strong alignment across G7 members as well as key areas for further cooperation, particularly in relation to the adoption of different international technical standards and approaches to high-assurance interoperability (OECD, 2024[17]; G7 Digital and Tech Ministers, 2024[18]).

Several regions, including Latin America and Europe, have shown early signs of progress toward the mutual recognition of digital identity systems. Uruguay and Brazil, supported by discussion through Mercosur, have implemented cross-border digital identity for online public services (gov.br, 2024[19]), and Chile is preparing to participate. Chile is also chairing the Red GEALC (the e-Government Leaders Network of Latin America and the Caribbean), which is advancing a cross-border digital signature and authentication initiative (RedGEALC, 2025[20]). These developments demonstrate the importance of regional co-operation and efforts to achieve interoperability.

Although digital identity is increasingly recognised as a form of public infrastructure, it operates within a broader ecosystem that includes private providers of identity solutions, credential issuance, verification services, and trust services, such as electronic signatures. These private actors can contribute innovation and specialised expertise, helping to develop tools such as digital wallets, authentication apps, and verification platforms. Their involvement can accelerate adoption, reduce costs, and expand the range of services that can rely on trusted digital identities (Global Government Forum, 2021[21]; OECD, 2023[2]). However, relying on private identity providers without proper oversight or backup can introduce potential risks to essential services, such as unequal access, system vulnerability, and inconsistent security and privacy practices. Strong public-private coordination is therefore essential to maintain robust digital security, resilience, and access across the ecosystem.

Governments play a critical stewardship role in this market. While they do not need to operate every component of the identity system, they can establish clear rules, standards, and accountability mechanisms to ensure that the system functions in the public interest. This includes certifying or accrediting private providers, enforcing security and privacy standards, and ensuring interoperability across sectors and borders. By setting a consistent legal and technical framework, governments can create a market environment where private innovation is encouraged, but trust and inclusion are maintained (OECD, 2023[2]).

Effective governance requires particular attention to resilience. Digital identity is foundational infrastructure that in many countries underpins a wide range of critical services: if systems fail or exclude certain groups, the impact can be widespread, affecting access to essential services and eroding public trust. Governments should therefore govern with critical infrastructure resilience in mind (OECD, 2020[22]), including by co-ordinating with private stakeholders to ensure alternative access paths, inclusive onboarding processes, and oversight mechanisms that hold all stakeholders accountable. In this way, the public sector can leverage the benefits of a competitive private market while safeguarding the resilience of the digital identity ecosystem.