Identity

Decentralised Identity: Prove What You Must, Reveal No More Than You Need

To access content or services, we often give away more than we should. Decentralised identity lets us prove facts without exposing our digital selves.

Rob Hoeijmakers

16 Sep 2025 • 5 min read

In our digital lives, we constantly prove who we are. We log in, show IDs, share documents, and verify facts. But have you ever wondered why we do it the way we do and whether it could be done differently?

This article introduces the core difference between centralised and decentralised identity models. We start with a common, very human example: proving you're over 18.

A Tangible Example: Age Verification and Privacy

Imagine visiting a website with explicit content. It asks: Are you 18 or older?

In most systems today, proving your age means logging in with your real name and date of birth. Perhaps you use your Google account, upload an ID, or share your birthdate. The system stores this data and links it to your activity.

You now have access, but at a cost:

Your identity is exposed to access a private space.
Your browsing behaviour is tracked.
Your data is stored centrally, vulnerable to leaks or misuse.

Now imagine a different system. You have a digital credential in your personal wallet that says only: “This person is over 18.” It’s issued by a trusted authority (for example, a government or bank), but when you use it, no personal data is shared — just the one fact needed.

The website sees only that you’re old enough. It doesn’t know who you are, where you live, or what else you do online.

This is the promise of decentralised identity.

The EU’s 18+ Check

This isn’t science fiction. The European Commission is developing a harmonised age-verification system as part of the EU Digital Identity Wallet.

Here’s how it works:

A bank, government, or other trusted provider issues a credential to your wallet that simply states: “Over 18.”
When you visit a restricted website, you present only that credential.
The site checks the cryptographic signature to confirm it’s valid, but it never learns your name, address, or date of birth.

Crucially, the issuer doesn’t see where or when you use the credential. There’s no “phone home.” At most, a verifier can check a public revocation list to ensure the credential hasn’t been invalidated. Very different from every website querying the issuer’s database each time.

In effect, the EU wants to make age checks both legally compliant and privacy-preserving, a concrete application of decentralised identity principles.

What Is Digital Identity, Really?

Your digital identity is how you’re recognised and validated online. It includes:

Logins and usernames
Passwords or biometrics
Verified facts (like diplomas or ID numbers)

It allows you to prove things about yourself: who you are, what you know, where you belong. But how these identities are managed makes all the difference.

Centralised Identity: The Norm

Most systems today are centralised. Your identity is held and verified by a single provider.

Examples:

Google, Apple, or Facebook login
Your bank or telecom account
Government digital IDs (in many countries)

These systems work, but they come with trade-offs:

You rely on a central party to manage your data.
They can track your behaviour across services.
Your data can be breached, sold, or locked away.

Centralisation is efficient, but it creates dependencies.

Decentralised Identity: A Shift in Control

Decentralised identity lets you hold your own credentials. You decide when and what to share.

It still relies on trusted institutions to issue credentials (like a diploma or age proof), but you keep the data in your wallet and reveal only what’s needed.

Key features:

User control over data and sharing
No central database of activity
Verifiable credentials checked cryptographically

This shifts the trust model: the issuer is still trusted, but verification doesn’t require constant access to their database.

Real-World Analogy: The University Diploma

When you graduate, your university stores a record (centralised). But you also receive a diploma. You use that diploma to prove your degree elsewhere, without the university being involved every time.

Decentralised identity works the same way. It gives you a verifiable version of that diploma: digitally signed, portable, and private.

Why It Matters

This is not just about technology, it’s about power, privacy, and trust:

Can you prove something without revealing everything?
Can your identity be yours, not just a login to someone else’s system?
Can we design systems that respect dignity, not just extract data?

In a decentralised model, the answer is increasingly: yes.

Prove what you must. Reveal no more than you need.

Conclusion: A Change in the Terms of Exposure

We’re conditioned to prove ourselves by logging in. But that’s only one way. Decentralised identity offers another: one where you can prove a fact without revealing your entire identity.

Whether you’re accessing explicit content, renting a car, or applying for a job, the principle is the same:

Prove what you must. Reveal no more than you need.

The EU’s 18+ check will likely be the first time many Europeans encounter this new model in practice. From there, it may reshape how we think about identity online: not only what we share, but why.