Understand the Status Quo

An analysis of the current identity landscape is a valuable exercise for countries planning new identification systems and those hoping to optimize existing systems. To maximize the utility of identification in the medium- and long-term, it is important to first take a holistic view of existing ID systems and stakeholders within the identity ecosystem and assess their strengths and weaknesses, particularly regarding system coverage, quality, and the enabling legal framework.

ID4D has developed multiple tools to assist in this type of exercise, including an ID4D Diagnostic for an ecosystem-wide overview, and the ID Enabling Environment Assessment (IDEEA) for a comprehensive analysis of the policies, laws, and regulations that enable the ID system and provide key safeguards. These tools are flexible and designed to be adapted based on the country context.

In addition to desk reviews and consultations with government stakeholders, diagnostics of the status quo should also include the perspectives of end-users as well as various government and private-sector institutions who rely on these systems. In particular, it is recommended that countries consult with individuals to understand their particular experiences and challenges with the existing ID system (see forthcoming toolkit for end-user research).

1. Take stock of the identity ecosystem and stakeholders

The current landscape of ID systems—aka, the identity ecosystem—has important implications for the design of future systems or reforms. To begin, countries should make a full accounting of existing registries and credentials, as well as the agencies that provide them and their core users. As shown in Table 3, this should include:

  • Foundational registries and credentials

  • Functional registries and credentials used in various sectors (e.g., social protection, voter registration, tax administration, passports, driver’s licenses, etc.)

  • Non-governmental ID systems provided by other actors

  • Current ID providers and their roles in each of these systems

  • Supporting and enabling agencies

Table 3. Identity ecosystem stock-taking

System Providers Users Supporters/Enablers


  • National ID
  • Civil register
  • Population register, etc.
  • Ministry of Interior
  • Ministry of Justice
  • Ministry of Health
  • Local governments, etc.
  • Other agencies
  • Private sector
  • Donors
  • Individuals


  • Regulator/ oversight body
  • Ministry of finance
  • Ministry in charge of Digital Government
  • Ministry in charge of digital infrastructure, including broadband connectivity
  • Agency in charge of Cybersecurity technology
  • Civil society
  • Donors and other development partners


  • Voter registry
  • Social assistance registries
  • Taxpayer registry
  • Passport
  • Driver’s license
  • Land registry
  • Property registry, etc.


  • Electoral commission
  • Ministry of Social Affairs
  • Revenue Department
  • Immigration Department
  • Transportation Department
  • Ministry of Interior
  • Etc.


  • Financial sector IDs
  • SIM card registry
  • Credit registry
  • Donor program registries, etc.


  • Banks
  • Mobile operators
  • Credit agencies
  • Donors and Int’l Organizations

Source: ID4D Diagnostic Guidelines

In addition to identifying the various stakeholders who should be involved in the planning process, the characteristics of the existing identity ecosystem will be important inputs into key decisions. This includes the number of ID systems, as well as the capacity of various stakeholders. To effectively manage an ID system, identity providers must have sufficient human, technical, and fiscal resources, as well as substantial political support within the government and from other relevant stakeholders.

Table 4. Design implications of existing ID ecosystem and stakeholders

Ecosystem characteristic Implications for Key Decisions

Existence of core foundational systems

(e.g., civil registers and national IDs)

Administration: In a “greenfield” project where there is no national ID system and/or the system is very weak, countries can either assign the new ID system to an existing agency, or create a new agency to implement the new ID system. Where countries already have foundational systems, it may be less desirable, or more politically infeasible to create new agencies for this purpose. Countries may wish to add the responsibility for an ID system to the agency responsible for civil registration.

Registration: Where foundational ID systems exist but countries wish to improve or extend these systems to new populations, they must choose whether to leverage existing hardware, software, and/or data (e.g., initializing the new ID system by cleaning and updating old data, or using the old system as a source of evidence identity proofing in the new system), or whether to invest in new systems and collect data from scratch. These choices should be heavily informed by the coverage and quality of these systems, described below.

Credentials and Authentication: Where there are strong foundational ID systems with non-digital credentials (e.g., a legacy paper national ID card), countries can consider providing digital ID credentials centrally (i.e., by the foundational ID providers) or through a partnership or federated arrangement with other public and private sector entities.

Number of functional ID databases and credentials

Interoperability: Where there are already many operational ID systems for different sectors—e.g., tax, social protection, voting, etc.—countries can consider different options for integration and/or interoperability depending on the level of quality and trust in these systems.

Resource deficits for existing ID authority, in terms of staff or financing, or unclear or overlapping mandates with other entities that limit capacity

Legal Framework: Determine if updates are needed to the legal framework in order to better empower the ID authority and/or to clarify responsibilities.

Administration: Consider creating new, autonomous agency to manage the ID system, new business models, and/or partnerships with other government agencies or with the private sector to fulfill some roles and responsibilities, such as for registration.

2. Determine coverage and gaps in the existing systems

In addition to looking at the overall composition of the identity ecosystem, an assessment of the status quo should include an evaluation of the rate and gaps in coverage of foundational systems and key functional systems. This involves an examination not only of the number of people covered, but also an analysis of specific groups that may be disproportionately excluded from existing ID systems. In many countries, for example, we often see differential rates in coverage for the following groups (and their intersections):

  • Women and girls

  • Orphans and vulnerable children

  • Poor people

  • Rural dwellers

  • Ethnolinguistic minorities

  • Migrants and refugees

  • Stateless populations or populations at risk of statelessness

  • The elderly

  • Persons with disabilities

  • Non-nationals

As shown in Table 5, these characteristics have important implications for the design of new ID systems and the improvement of existing system.

Table 5. Design implications of status quo ID coverage

Coverage characteristic Implications for Key Decisions
Low coverage for CR, ID, or similar foundational systems either overall or for specific groups

Legal Framework: Identify any legal or procedural barriers to civil registration and ID and amend laws and procedures accordingly

Interoperability: Investments should be made to improve CR systems system in order to ensure identification from birth for the “flow” of newborns.


  • Extend eligible population to previously uncovered groups (e.g., children, non-nationals)

  • Implement registration strategies that make enrollment easy and convenient and mitigate direct and indirect costs to registration, such as fees, travel time, transportation costs, lost wages, middlemen, etc.

  • Implement targeted registration campaigns for excluded, under-covered, and other marginalized groups

  • Identity proofing for the ID should not rely solely on possession of birth certificates or should include appropriate alternative methods (e.g., introducers) to ensure universal registration

Public Engagement:

  • Incorporate people-centric design approaches into the decision-making process for designing and implementing the ID system

  • Continuous consultation with end-users and civil society to understand existing difficulties and desired improvements

  • Implement strong information and awareness campaigns

  • Adopt user-friendly grievance redress systems

3. Assess the trustworthiness of the system

As with coverage, the trustworthiness of existing ID systems—i.e., whether or not they provide reliable sources of identity information and authentication, adequately protect personal data, and are trusted and used by people—has implications for how these systems could be improved and/or leveraged by new ID projects. In this context, a number of characteristics are particularly important and should be evaluated by people familiar with the system:

  • Uniqueness—the rate at which databases are free of duplicate identity records—i.e., the same person enrolled multiple times, under the same or different names—and credentials are unique to the individual (i.e., one person cannot have multiple of the same credentials, and/or multiple people cannot have the same credential). Uniqueness is important for some—but not all use cases.

  • Accuracy—the rate of data entry errors, missing fields, or out-of-date attributes contained in identity records and/or credentials. Inaccurate data not only decreases the reliability and trustworthiness of the system for relying parties, it also has the potential to negatively affect people who are treated unjustly due to incorrect or out-of-date information.

  • Security—the physical and cybersecurity of systems and data, and the resilience of databases, data transmissions, credentials, authentication mechanisms, and other systems to attempts at theft, hacking, fraud, spoofing, and cyber and other attacks, unauthorized access or disclosure, and misuse, as well as natural disasters, flooding, etc. Where security of the ID system is weak, this creates significant risks to privacy and data protection.

  • Confidence of the population—whether or not people have confidence in the system and trust it with the collection and use of their data. The ability of people to have oversight and control over their data and how it is used, and their level of trust in the system overall are fundamental for the success of the system—if people do not trust or value identity systems, they are unlikely to use them.

Table 6. Design implications of the robustness of existing ID systems

Robustness characteristic Implications for Key Decisions

Low uniqueness and accuracy of existing foundational ID registries

Registration: If using existing data as a source for the new/improved system, it must be cleaned, deduplicated, and updated. This may require additional data collection and outreach efforts for data that the system does not already contain, or to replace low-quality data that is flagged or rejected during the migration. For example, biographic deduplication could help reduce the number of duplicates, depending on the quality of the data and other factors (e.g., the prevalence of dates of birth listed as “1 January”).

Interoperability: Potential linkages between CR and ID to increase data accuracy

Low uniqueness and accuracy of functional ID registries

Interoperability: Data exchange or queries against a unique, accurate foundational system can potentially help clean up functional ID databases (e.g., removing duplicates and ghosts).
Low security of existing identity databases, applications, and credentials

Privacy and Security: Bring old or new systems into alignment with best-practice standards for data protection and privacy and adopt privacy and security measures throughout the lifecycle as the default setting.

Registration: Consider the implications of insecure existing credentials for the identity proofing process in the new or upgraded system (i.e., will they provide a high enough level of assurance?)

Credentials and Authentication: Adopt credentials with appropriate security features that protect personal data.

Low confidence among the population

Public Engagement: Practitioner’s should work to build trust in the new system through proactive and meaningful public consultations and communication campaigns.

Privacy and Security: A data protection impact assessment may be required to address new privacy needs and to re-consider how legacy and new systems can better protect people’s data and build the confidence of the population.