Verifiable credentials and decentralized identity

Tools that let a citizen carry portable, machine-verifiable credentials and have an agent present them are now widely available. As that becomes routine, an agency must be able to verify a claim about a submitter (their identity, qualifications, organizational affiliation, or authority to speak on behalf of others) without requiring the submitter to disclose more information than the purpose at hand calls for.

W3C Verifiable Credentials Data Model v2.0 (W3C Recommendation, May 2025). The full family of VC specifications achieved Recommendation status in 2025, establishing a web standard for expressing credentials (driver's licenses, degrees, professional registrations) in a cryptographically secure, privacy-respecting, and machine-verifiable form. The model supports selective disclosure. See the Recommendation announcement, the VC overview, and the 2026 Working Group charter signaling sustained institutional commitment.

EU eIDAS 2.0 and Qualified Electronic Attestation of Attributes (QEAA). The revised eIDAS regulation (Regulation (EU) 2024/1183), which entered into force on 20 May 2024, mandates that all EU member states provide European Digital Identity Wallets by end of 2026, with services required to accept them from 2027. The QEAA trust service provides a legally recognized form of Verifiable Credentials issued by Qualified Trust Service Providers, with cross-border interoperability via the Architecture Reference Framework and an 80% adoption target by 2030. See Regulation (EU) 2024/1183, QEAA explained, and QEAA put simply.

Australian Digital Identity System. The Digital ID Act 2024 established a legislated accreditation scheme building on the Trusted Digital Identity Framework (TDIF) pilot operational since 2019. The TDIF is now the former accreditation framework — under review, with new accreditation paused — having been superseded in practice by the Australian Government Digital ID System (AGDIS) under the Digital ID Act 2024. The system, most recognizable as myGovID, opens to the private sector from December 2026, with November 2025 rule reforms adding a redress framework. But it is designed for identity verification, not content provenance or submission process attestation. See the Digital ID Act 2024, Allens' analysis, and the TDIF standard.

India: Aadhaar Verifiable Credentials in Google Wallet (April 2026). Google added Aadhaar-based Verifiable Credentials to Google Wallet for India using the W3C Digital Credentials API and ISO/IEC 18013-5, demonstrating government-scale VC integration into consumer wallet infrastructure. See Authsignal's coverage.

High transferability for identity verification; low transferability for content provenance. Verifiable Credentials solve the "who is submitting" problem well. They do not solve the "how was this submission prepared" problem at all. A citizen presenting a verified credential proves their identity but says nothing about whether their submission was personally drafted, AI-generated, or copied from a campaign template.

VCs could be extended with custom claim types, such as a "submission process attestation" claim where the holder declares the preparation method. This would be self-attested but cryptographically bound to identity, creating accountability for false declarations. No such credential type has been built, so it is an unbuilt response rather than an adaptation of an existing one.

The gap is concrete wherever a national digital identity scheme already exists. A government authentication wallet typically handles sign-in to public services but offers no mechanism for attaching provenance claims to the submissions a citizen lodges through it. An accreditation framework could in principle support attribute assertions about preparation methods, but where no such use case has been contemplated in the legislation, rules, or technical architecture, closing the gap depends on amending the scheme's rules rather than on the technology alone.