Public Working Draft View on GitHub
Problem Solution How it works API Blog Demo Status Contact
Public Working Draft View on GitHub
Blog

OpenVPT and the EU Digital Identity Wallet: Why Digital Identity Alone Is Not Enough for the Open Internet

19. 12. 2025

OpenVPT and the EU Digital Identity Wallet:
Why Digital Identity Alone Is Not Enough for the Open Internet

The EU Digital Identity Wallet is a major step forward for digital identity in Europe. However, strong digital identity alone does not address many of the trust problems faced by open online platforms. This article explains why a complementary, minimal verification layer is still missing — and where OpenVPT fits.

Diagram illustrating anonymity, OpenVPT minimal verification, and regulated digital identity

Introduction

The European Union is currently developing the EU Digital Identity Wallet (EUDI Wallet) as a central component of the revised eIDAS 2.0 regulation. The ambition is to provide citizens with a secure, interoperable and legally recognized digital identity that works across borders and sectors.

This effort is both necessary and timely. Digital identity is a prerequisite for secure digital public services and regulated economic activity.

At the same time, there is a growing realization that digital identity — especially a strong, legally binding one — is not a universal solution for all online trust problems.

What the EUDI Wallet Is Designed For

The EUDI Wallet is primarily designed for high-trust and regulated interactions. These include communication with public authorities, access to government services, electronic signatures, and the presentation of official attributes such as name, date of birth, residence or nationality.

In these contexts, full identity disclosure is appropriate and often required. The EUDI Wallet provides strong assurance, backed by legal and institutional trust frameworks defined at the EU level.

This strength, however, also defines the intended scope of the wallet.

The Problem the EUDI Wallet Does Not Directly Address

Most online platforms do not operate in a regulated identity context. Social networks, forums, gaming services and community platforms rarely need to know the real-world identity of their users.

Instead, they struggle with different questions:

  • Is this account controlled by a real human being?
  • Is the user above a certain age threshold?
  • Can this be verified without collecting personal data?
  • Can this be done without turning platforms into identity providers?

Current solutions are often weak, invasive or both. Email verification, phone numbers, CAPTCHAs and behavioral analysis provide limited protection and do not scale well against coordinated abuse.

The Missing Layer Between Anonymity and Identity

There is a structural gap in the current digital ecosystem. On one end lies full anonymity. On the other, full digital identity.

What is missing is a way to establish minimal trust without identity disclosure: a mechanism that allows platforms to verify specific claims about a user without learning who that user is.

Examples of such claims include:

  • “This account is controlled by a real person.”
  • “This user is older than 16.”
  • “This user is older than 18.”

No names. No birth dates. No persistent identifiers.

What OpenVPT Proposes

OpenVPT (Open Verified Person & Age Token) is an open, privacy-preserving proposal designed to fill this missing layer.

OpenVPT defines a cryptographically signed token that contains only purpose-specific claims. These claims are issued by a trusted issuer after performing appropriate checks.

The platform verifies the token locally using the issuer’s public key. It does not communicate with the issuer during verification and does not receive any identity data.

How OpenVPT Differs from the EUDI Wallet

Aspect EUDI Wallet OpenVPT
Primary role Digital identity Verification token
Identity disclosure Yes No
Target environment Public services, regulated sectors Online platforms
Data shared Identity attributes Minimal claims only
Platform responsibility Handles identity data Verifies signatures only

The Relationship Between OpenVPT and the EUDI Wallet

OpenVPT is not a replacement for the EUDI Wallet. Instead, it can operate as a complementary layer.

A trusted issuer may rely on the EUDI Wallet to perform strong identity or age verification, and then issue an OpenVPT token that contains only the necessary claims.

From the platform’s perspective, the EUDI Wallet remains invisible. This separation is intentional and preserves proportionality.

Why This Separation Matters

Forcing full identity disclosure into everyday online participation carries significant risks: excessive data collection, increased legal liability for platforms, reduced accessibility and the erosion of legitimate pseudonymity.

The open internet does not need universal identity. It needs appropriate trust, proportional to context.

Why This Discussion Is Urgent

Regulatory pressure around age verification and online safety is increasing rapidly across jurisdictions.

Without privacy-preserving primitives, the default response will likely be more centralized and more invasive identity checks.

OpenVPT is presented as a conceptual and technical proposal that demonstrates an alternative approach.

Why Would Platforms Implement OpenVPT?

For online platforms, the primary challenge is not identity management, but trust at scale. OpenVPT addresses this challenge without turning platforms into identity providers.

Advantages

  • No identity handling: Platforms do not store or process personal identity data, significantly reducing legal and operational risk.
  • Local verification: Tokens can be verified cryptographically without contacting the issuer, preventing third-party tracking.
  • Higher cost of abuse: Obtaining a verified token is more expensive than creating disposable accounts, raising the barrier for bots and fake users.
  • Privacy by design: Platforms receive only purpose-limited claims and nothing beyond what is strictly required.
  • Vendor neutrality: OpenVPT does not mandate a central authority or provider.

Limitations and Trade-offs

  • No full identity: OpenVPT is not suitable for scenarios requiring legal identity or contractual accountability.
  • Issuer dependency: Trust depends on the quality and governance of issuers.
  • Not a moderation solution: Verified personhood does not prevent all forms of harmful behavior.
  • Regulatory interpretation: Even minimal verification mechanisms require careful communication and policy alignment.

Conclusion

The EU Digital Identity Wallet is a foundational building block for trusted digital interactions in Europe.

However, identity alone is not sufficient for the open internet. OpenVPT explores a complementary layer focused on minimal, purpose-limited and privacy-preserving verification.

It is not a product, not a replacement and not a competitor — but an invitation to discussion.

← Back to blog