When governments talk about digital identity, the conversation often focuses on collecting and managing data rather than on building systems that securely enable trust.
How much information is needed? Where should it be stored? Who should have access? How can it be shared between departments or agencies? The underlying assumption is that greater visibility drives outcomes.
In practice, this assumption has led to identity systems that accumulate data faster than they can govern it.
Instead, the real obstacles authorities encounter are not purely about data but rooted in how systems and processes are structured.
Eligibility, age, residency, licensing, sanctions compliance, and access to services—these are related to confirming conditions, not about fundamental identity. Yet systems built for these purposes often default to collecting more data than necessary.
Recognizing this separation highlights why the concept of rails is so crucial.
Good infrastructure does not depend on hoarding resources. It depends on enabling flow. Roads do not need to store vehicles. Payment networks do not need to retain the contents of every transaction forever. They exist to allow interactions to happen reliably, predictably, and safely.
Identity infrastructure should be no different.
Governments need rails so institutions can ask the right questions, receive trustworthy answers, and prove compliance—without becoming custodians of vast identity databases. They need systems that support enforcement without demanding permanent exposure, that allow oversight without surveillance, and that provide proof without possession.
When identity is treated as a dataset to be owned, systems become brittle. Every new requirement adds pressure to centralise further. Every integration increases complexity and risk. Over time, the system becomes harder to govern, harder to secure, and harder to change.
Bringing rails-based thinking into system design shifts these fundamental incentives.
Instead of asking "how do we collect this data?", the question shifts to "how do we verify this claim?" Rather than expanding databases, the focus moves to defining rules and accountability. Institutions can demonstrate compliance through verifiable outcomes rather than by accumulating records.
This approach is not anti-government or anti-regulation. It is pro-governance.
Strong governance depends on systems that can evolve without exposing citizens to unnecessary harm. It depends on limiting what must be stored, defining what must be proven, and making sure that failure does not cascade across society.
The irony is that many governments already understand this principle in other domains. Financial systems, transport networks, and communications infrastructure are all built around rails rather than repositories. Identity has lagged behind, not because the goals are different, but because the architecture has not caught up.
If digital identity is to become a trusted public infrastructure, governments will need to shift from thinking in terms of databases to thinking in terms of capability. From accumulation to enablement. From control to resilience.
More data does not lead to better governance. Better rails do.
And once those rails are in place, institutions can meet their obligations without asking citizens to bear risks they did not choose to assume.