Gataca logo
Gataca Studio
Gataca Wallet
Gataca Vouch
All Use Cases & Industries

Industries

Public Sector
iGaming
Media & Content
Banking
Higher Education

Use Cases

Client Onboarding
User Authentication
Age Verification
Physical Access Control
Credentials Issuance
About
Careers
Contact Us
Become a Partner
Blog
Certifications
eIDAS 2.0
Demo
Open menu

Blog

4 min read

2025: The year digital identity started to become infrastructure

December 30, 2025

2025: The year digital identity started to become infrastructure

For many years, digital identity has occupied a rather awkward position in the technology stack: clearly important, mentioned in every strategy, but rarely treated as something structural. It existed mainly as a requirement, a compliance process, a necessary source of friction. Something you had to “deal with” in order to move forward.

That framing is still present in many places, but 2025 feels like the year in which it finally started to break.

Not loudly or dramatically, but in a deeper and more structural way.

Within identity-focused niches, 2025 has been the year in which identity consolidated as infrastructure. Outside of them, it has been the year in which it clearly started to become one.

That distinction matters, because it marks the transition from a specialised domain into something that is about to become horizontal.

From a point solution to a transversal layer

Traditionally, identity played a very specific role: verifying a person at a specific moment. Are they over 18? Is this document valid? Does this account belong to a real person?

It was a bounded function inside a larger flow.

What is now emerging is a different view: identity is not just a verification step, but a transversal layer that cuts across business processes, risk management, user experience and regulatory compliance.

It does not appear once; it appears many times.
It is not only used at the beginning; it accompanies the entire lifecycle of the relationship with a user.

That is what brings it closer to what we traditionally call infrastructure: something that is invisible when it works, but without which nothing really works.

The real shift is not technological, it is operational

From the outside, it may look like this is still about cryptography, standards and regulation. But the deeper shift is operational.

Identity systems are starting to treat identity not as a static artefact, but as something living:

  • Something that is issued, but also used, observed, revoked and renewed.
  • Something that generates signals, not only proofs.
  • Something that is governed, not only validated.

That forces a redesign of processes that used to be manual, slow or implicit into explicit, observable, auditable and scalable systems.

Not because the technology suddenly exists (it has for some time) but because the operating context now requires it.

The pressure of context: regulation, risk and scale

Three forces have aligned more clearly this year:

  1. Regulation, with eIDAS 2.0 making identity a formal component of Europe’s digital framework.
  2. Risk, with the growth of fraud, automated abuse and the difficulty of distinguishing legitimate from malicious behaviour.
  3. Scale, with digital products operating across multiple countries, sectors and regulatory regimes simultaneously.

In that context, treating identity as a one-off “check” is no longer sufficient.

And that makes the infrastructure view not just attractive but increasingly unavoidable.

Identity is still seen as a cost (but that perception is shifting)

For a long time, and still in many organisations, identity has been perceived mainly as a cost: something you have to implement to comply, to reduce legal risk, to avoid fines.

That remains true.

But a parallel narrative is gaining credibility: that a well-designed identity layer can reduce friction, improve conversion, enable access to regulated markets faster, and lower operational costs downstream.

It is not yet the dominant view, but it is no longer marginal.

And that change in perception is what usually precedes adoption.

An opportunity that is becoming tangible

For the first time, it is not only possible to imagine identity as infrastructure; it is becoming technically, economically and operationally feasible to build it that way.

Not because the market has fully embraced it yet, but because the foundations are now in place: standards, regulation, interoperability and production-grade systems.

That does not guarantee success. But it means the transition is no longer speculative.

It is underway.

From pilots to production

A clear signal of this shift is that, in some sectors, the pilot phase is over.

In our case, in areas such as iGaming and Media (especially age verification) we have moved from controlled experiments to production systems operating at scale, with millions of transactions per day.

That changes the nature of the problem entirely.

It is no longer about proving that something can work, but about proving that it can be:

  • Reliable
  • Scalable
  • Governable
  • Sustainable

And that transition, from experimentation to operational maturity, is precisely what turns a technology into infrastructure.

The role of AI: amplifying the need for identity

At the same time, most technology investment is flowing into AI.

That does not reduce the importance of identity. It amplifies it.

AI increases the scale of automation, fraud, impersonation and synthetic behaviour, and therefore increases the need for robust identity, trust and governance layers.

Not as a magical solution, but as a structural counterweight.

Looking ahead to 2026

2025 has not been the year in which identity fully became infrastructure everywhere.

But it has been the year in which it clearly started to be treated as such.

With regulatory deadlines approaching and adoption accelerating, 2026 is likely to be the year in which this shift becomes visible beyond the identity ecosystem — in mainstream products, platforms and markets.

For the first time in a long time, that future feels not only plausible, but increasingly likely.