India's national digital identity system is widely regarded as an outstanding success.
It is large, ambitious, and unprecedented. Hundreds of millions were enrolled. Identity turned into easier to verify. Access to services was streamlined. Operationally, it demonstrated that a centralised digital identity system could be deployed across a large population.
But scale alone is not the same as success.
When identity systems run nationally, design choices have bigger consequences. A manageable risk in a small pilot becomes systemic with hundreds of millions. India's lessons matter here. This is not a critique of intent, but a warning about architecture.
Over time, large volumes of identity data linked to India's systems were exposed through breaches, leaks, and unauthorised access. In many cases, this data was not the result of a single dramatic hack but rather a series of smaller failures: poorly secured endpoints, third-party integrations, local operators, and unintended data flows. The system itself did not need to be "broken" for harm to occur. Its scale ensured that vulnerabilities would eventually be exploited.
For individuals, the impact was severe. Identity information linked to key services created new opportunities for fraud, exclusion, and identity theft. When something went wrong, the burden of resolution often fell on the citizen, not the institution. Once compromised, identity could not simply be replaced.
What is most important to understand is that these outcomes were not anomalous. They were foreseeable.
A centralised identity system operating at a national scale inevitably becomes critical infrastructure. It attracts attackers. It invites misuse. It creates incentives for data aggregation far beyond its original purpose. Even with strong intentions and genuine public-benefit goals, the system's framework guarantees that failure modes will emerge over time.
This is where other countries must be careful.
The temptation is to focus on what worked operationally and overlook structural failures. Enrolment numbers, efficiency gains, and service integration stand out. It is easy to conclude that the model should be copied elsewhere. But copying outcomes without copying lessons is how mistakes spread.
The key lesson from India is not that digital identity is inherently dangerous. It is that centralisation at this scale concentrates risk in ways that are difficult to govern, easy to exploit, and nearly impossible to unwind. Once identity becomes a core layer for accessing services, opting out becomes unrealistic. Mistakes become permanent.
For governments exploring digital identity today, ask, "Can we build this?" and also, "What happens when it fails?" Who absorbs the harm? Who carries the risk? Who controls the system when it grows beyond its original mandate?
India shows that identity infrastructure must prepare for failure, limit data, and focus on resilience.
If we ignore those lessons, we risk repeating them at an even greater scale.
And when identity is involved, repeating mistakes does not just cost money or credibility; it can cost lives. It affects people's lives, often in ways they cannot easily recover from.