After four packed days at the European Identity and Cloud Conference (EIC) in Berlin, we’re heading home with fresh perspectives, stronger relationships, and a clearer sense of where the digital identity industry is heading.
Below are the top trends and takeaways we’re bringing back from the event.
Key Industry Trends at EIC 2025
A major topic this year was the emergence of non-human identity.
While we’ve been exploring organizational wallets for some time, the focus at EIC was on securing infrastructure—servers, systems, and agents—with cryptographic credentials.
New standards like SPIFFE and SPIRE, combined with OpenID-based authentication flows, are shaping how these machine identities will be handled securely and interoperably in the future.
Another dominant theme was the rise of AI agents.
There’s broad agreement across the industry that AI agents will soon become a core part of how individuals and businesses interact online, accelerating customer journeys, managing workflows, and even making autonomous decisions.
From shopping assistants to financial bots that handle bill payments and optimize spending, these agents promise speed, convenience, and massive scalability.
But in our view, realizing that potential depends on a critical foundation: trust.
If these AI-powered systems are to operate safely and at scale, every interaction must reliably answer three essential questions:
- Is this agent truly acting on behalf of a legitimate user or organization? Can we prove it?
- Has the user authorized this specific action, under clearly defined terms?
- And can the payment provider, merchant, or institution instantly verify that claim with full confidence?
Without strong identity and delegation mechanisms, businesses face serious risks: fraud, impersonation, unauthorized spending, and compliance failures.
A malicious actor could spoof an agent, hijack its permissions, or manipulate a system into executing unauthorized actions.
While the technical conversations at EIC were focused on how to authenticate and authorize agents, we found that the legal and business risks, especially around liability, received far less attention.
Frameworks will need to emerge that clearly define who’s accountable when something goes wrong.
Biometrics and Real-World Architecture Decisions
Biometrics were another major focus area, both in sessions and hallway conversations.
Richard Esplin, Head of Product at Dock Labs, gave a fantastic presentation on how verifiable credentials are an effective way to move data between organizations and that, when they are combined with biometrics, give relying parties assurances that the presenter of the credential is the same person who received it.
One thing that stood out to us was the diversity of views on where and how biometric processing should happen.
Some vendors strongly favor on-device processing in line with decentralized identity principles, while others still rely on server-side models, especially in enterprise settings.
But beyond the technical architecture, the real takeaway was the need for flexibility: different use cases require different trade-offs.
Legal, Political, and Implementation Challenges
One keynote addressed growing geopolitical risk.
European organizations seem to be increasingly wary of relying on U.S.-based SaaS providers, particularly in light of shifting U.S. government policies. This is reshaping how the EU thinks about data sovereignty and digital identity infrastructure.
Another major thread throughout the conference was eIDAS 2 and the push toward launching the EU Digital Identity Wallets by the end of 2026.
Many sessions focused on the implementation gaps between the current state and that target. Supporting the state wallet requires major progress on certification for issuers, verifiers, and wallets, not just technical capabilities, but also compliance readiness.
While it’s encouraging to see energy around the initiative, we left with the sense that the final 20% of implementation, the part that must be nearly perfect, is where the real challenge lies.
