Much of the public conversation around digital identity eventually runs into the same roadblock: Web3.
Decentralised technologies are often portrayed as risky, immature, or inherently untrustworthy. They are associated with speculation, volatility, and bad actors. In regulatory debates, they are frequently treated as constraints rather than understood.
This way of thinking misses the main point: Our identity challenges are not caused by Web3, but by the way we design identity systems.
The challenges we face with digital identity today did not arise from decentralised systems, but from decades of centralised architecture, data accumulation, and platform-driven design. Overexposure, surveillance, and large-scale breaches result from identity systems built around control and aggregation—not from Web3 failures.
At its core, decentralised technology asks a new question. What happens if we do not need a single authority to hold everyone's data? What if trust is distributed? What if systems verify claims without storing identities? These are architectural, not ideological, questions.
Unfortunately, much of the criticism aimed at Web3 confuses tools with outcomes. Decentralisation is seen as lawlessness; anonymity, as irresponsibility. In reality, decentralised systems can be more auditable, transparent, and constrained than many centralised ones, depending on their design and governance.
A centralised system may store millions of identities through a single interface. This can look orderly, but it concentrates risk, power, and failure. A decentralised system lets individuals hold credentials, reveal only what's needed, and avoid persistent identifiers. By design, it decreases exposure. Governance is not eliminated; its methods change.
This distinction matters because the goals policymakers care about do not require centralisation. Age verification does not require a central database. Eligibility checks do not require disclosure of identity. Compliance does not require permanent records of who did what, when, and where.
These goals require proof, not possession.
Web3 technologies enable separating those concepts. To prove something without revealing everything. To participate without being permanently tracked. To design systems in which trust is earned through cryptography and structure rather than enforced through surveillance.
Decentralised identity systems should not exist outside the law. In fact, to succeed, they must include regulation, accountability, and failure planning. Rejecting decentralisation outright in the name of safety is not a serious policy position.
If digital identity systems are failing, it's not because they're too decentralised—they're not decentralised enough.
The future of identity is not contingent on labeling technologies as Web2 or Web3, but on whether we keep building systems that accumulate risk or commit to designing architectures that reduce it.
Web3 is not a silver bullet. But rejecting it outright simply guarantees we keep repeating the same mistakes, on a larger scale and with greater consequences.