Digital Identity Systems and Privacy

Europe is undergoing a digital identity revolution, with three major systems competing to define how we prove who we are online. The European Union’s EUDI Wallet, Switzerland’s eUID, and Austria’s ID Austria each promise secure digital identification, but they take dramatically different approaches to protecting user privacy—especially for sensitive tasks like age verification.

The stakes are high. These systems will determine whether proving your age to access restricted content means surrendering your birthdate, name, and browsing history to countless websites—or simply confirming “yes, I’m over 18” without revealing anything else. The difference between these approaches isn’t just technical philosophy. It’s the difference between surveillance and sovereignty over your personal data.

The Privacy Paradox

The EUDI Wallet has the strongest privacy requirements on paper. European regulations mandate that the system must prevent tracking users across different services, support selective disclosure of only necessary information, and ensure unlinkability so that companies cannot collude to build profiles of your digital activity. The law explicitly requires zero-knowledge proofs—cryptographic techniques that let you prove facts about yourself without revealing the underlying data.

But here’s the problem: the current technical implementation doesn’t actually deliver what the law requires. In June 2024, a group of expert cryptographers analyzed the system’s architecture and delivered a damning assessment. The proposed design falls short of the regulation’s own privacy requirements, they concluded, and would need a major redesign to meet the legal standards. The European Data Protection Supervisor echoed these concerns.

The European Commission has declined to adopt zero-knowledge proofs in the current design, citing concerns about mobile device limitations and technology immaturity. This creates an awkward situation where the law demands privacy protections that the actual system won’t provide when it launches in December 2026. The gap between legal requirements and technical reality remains unresolved as the deadline approaches.

Switzerland’s Ambitious Vision

Switzerland approved its eUID system in a September 2025 referendum by the narrowest of margins—just 50.39 percent voted yes. The system, launching in late 2026, takes a more aggressive stance on privacy than either the EU or Austria. Official documentation explicitly confirms plans for zero-knowledge proofs, allowing users to prove they’re over a certain age without revealing their exact birthdate or any other identifying information.

The Swiss design stores all identity data exclusively on users’ smartphones, not government servers. Most of the infrastructure will be open source, enabling independent security audits. The system uses peer-to-peer verification between digital wallets and service providers, generating no transaction logs or usage profiles. Each interaction requires explicit user consent.

Yet Swiss privacy experts have raised doubts about whether all these ambitious features will actually be implemented at launch. The system remains unproven until it goes live, and zero-knowledge proofs—while confirmed as “planned”—still lack a firm delivery timeline. There’s a real risk that Switzerland might overpromise and underdeliver on its privacy goals.

Austria’s Working Solution

Austria takes a different approach entirely: ship something that works today rather than promise perfection tomorrow. The ID Austria system has been operational since December 2023, with over one million digital documents already activated. It offers genuine selective disclosure for age verification—when you prove your age, service providers see only your photo, the verification timestamp, and confirmation that you meet the age threshold. Your name and birthdate remain hidden.

The system works offline through short-lived QR codes and Bluetooth transfers, making it practical for real-world verification like traffic stops. It’s integrated with government services and the private sector. It demonstrates that privacy-preserving digital identity isn’t just a theoretical concept—it can work right now.

But Austria’s pragmatism comes with limitations. The system lacks the advanced cryptographic protections that Europe legally requires and Switzerland promises. There’s no zero-knowledge proof capability, and the documentation doesn’t address unlinkability—the ability to prevent different services from correlating your activities. Most critically, the age verification feature currently works only within Austria, not across the EU.

What This Means for Users

The tension between these three systems reveals a fundamental challenge in digital identity. Legal frameworks can mandate privacy protections, but if the technology isn’t ready or the implementation is flawed, those protections exist only on paper. Ambitious technical designs can promise cutting-edge cryptography, but if they never ship, users get nothing. And working systems prove the concept, but may not provide adequate long-term privacy protection.

For age verification specifically, all three systems support the basic concept of selective disclosure—proving you’re old enough without revealing your exact age. But they differ dramatically in how thoroughly they protect against tracking and correlation across multiple services. The EUDI Wallet legally requires unlinkability but may not technically achieve it. Switzerland plans for zero-knowledge proofs but hasn’t delivered them yet. Austria provides working selective disclosure but without advanced anti-tracking measures.

The practical implications matter. When these systems go live, they’ll determine whether online age verification means creating a digital trail of everywhere you prove your age, enabling both government surveillance and corporate profiling. Or whether you can prove facts about yourself while maintaining genuine privacy and control over your personal information.

Photo: Jakub Zerdzicki via Pexels