The OpenID Foundation recently participated in the ITU-T’s most recent workshop on Trustable and Interoperable Digital Identities for Human and Agentic AI in Geneva - the first of three planned ITU-T workshops on this theme. The workshop brought together speakers from governments, standards bodies, and industry across two days, with sessions covering digital identity policy, technology, and the emerging challenges of agentic AI. Full programme details and all presentations are at the ITU-T workshop page.

Representing the OpenID Foundation, Executive Director Gail Hodges made two presentations on day one of the event, covering the global state of digital identity and the standards landscape, trust framework mapping. The OpenID Foundation’s ITU-T Liaison, Bjorn Hjelm, presented remotely on day two in the AI for Good session covering the OpenID Foundation’s work on identity for agentic AI.

This blog post summarises the key points from those sessions.

The global state of digital identity

In her first session, Human-Centric Digital Identity: Overview and State of Play, Gail Hodges noted that more than 60 countries now treat digital identity as critical Digital Public Infrastructure. Verifiable credential deployments are live in the United States, Japan, the United Kingdom, India, and Switzerland (in beta), with the EU on track to launch its digital identity wallet by end 2026 and the Western Balkans expected to follow. Approximately 43 countries are issuing or actively planning to issue verifiable credentials.

The reasons governments are investing are consistent: equity and inclusion, economic growth, cross-border trade, health services, saving time and money, and averting cybercrime - estimated to cost the global economy between $1 and $10 trillion. In 2023, most national identity models were centralised. By 2026, a clearer pattern has developed. Countries are building on foundational identity infrastructure to issue verifiable credentials held in user-controlled wallets. These are digitally signed, tamper evident statements that allow holders to share only what is needed, such as confirming they are over 18 without revealing a date of birth. 

The standards landscape

Gail's first session also covered the standards landscape, noting that the Foundation’s OpenID for Verifiable Credentials suite - OID4VCI, OID4VP, and the High Assurance Interoperability Profile (HAIP) - has been adopted as the technical foundation for the EU Digital Identity Wallet, trusted by the EU and its 27 member states, with the We by stern Balkans and other jurisdictions following suit.

Since December 2025, ISO and the OpenID Foundation have been conducting joint due diligence on where to host work that can support both the ISO 18013-5 and OpenID4VP presentation protocols in a harmonized solution, with more information forthcoming. 

Separately, the Foundation has launched an accreditation programme for ecosystem testing, with MOU signatories including FIDO Alliance, Kantara Initiative, FIME, Raidiam, TrustID Solutions, and BixeLab. The Foundation is working with the European Commission, NIST, the Australian Government, and California on conformance programmes.

Last but not least, jurisdictions that consider verifiable credentials may also want to consider the optimal standard for discovery. OpenID Federation 1.0, has been selected by EDUGain, the Italian Government, and the Bank of International Settlements for Project Aperta, a cross-border open data initiative in trade finance. Federation includes use of the ITU-T’s own x509 but it allows for greater flexibility to support new requirements.

Trust Frameworks – the policy layer

Gail's second session, Trust Framework Mapping and SIDI Hub, addressed why the policy and governance layer is as important as the technical one. Trust frameworks define the rules and policies that allow users, organisations, services, and devices to rely on one another, but they must reflect local legal systems, civil registration infrastructure, institutional arrangements, and the role of the private sector.

The SIDI Hub has conducted original trust framework analysis across more than ten countries, including the UK, EU, US, Canada, Singapore, Sweden, Japan, Thailand, Australia, and New Zealand. Working with Fraunhofer, it is developing a comparison tool for policy makers, GovTech teams, and private sector organisations building for multiple markets.

The session also presented a worked financial services example: the NIST NCCoE SP 1800-42A publication on mobile Driver's Licences, developed through 11 interoperability events involving state issuers, banks, digital platforms, and the OpenID Foundation. Four jurisdictions, including the US, EU, Australia, and New Zealand, are aligning on financial institution compliance through protocol level metadata covering assurance levels, proofing methods, and authentication types.

Agentic AI - identity and delegation

Bjorn Hjelm's session addressed identity and authorisation challenges for autonomous AI systems, drawing on the AIIM Community Group's 2025 whitepaper Identity Management for Agentic AI. Existing frameworks can support current agent use cases, including agents working within a single organisation or helping users access their own data, with the Model Context Protocol (MCP) - the leading standard for connecting AI models to external tools.

As AI systems move toward greater autonomy, those frameworks face new challenges around delegated authority across networks of connected agents. The OpenID Foundation has been developing the OpenID Connect Authority Claims Extension for on-behalf-of delegated authorisation that can also support AI systems. The specification supports use cases including AI-driven identity, the use cases supported in the Death and Digital Estate (DADE) community group, and age assurance.

Continuing the conversation

The OpenID Foundation will continue to engage with ITU-T and the broader international community as digital identity deployments scale globally and AI systems become more autonomous. The Foundation’s work is open to participation through working groups, community groups, and conformance programmes. 

Those wishing to engage are encouraged to get in touch: help@oidf.org  

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 - the FAPI standard for interoperable, high security - has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.