Digital Identity, AI Agents and Accountability
I spent two days at Identity Week Europe in Amsterdam this year. For once I didn't take any photos, but I did take plenty of notes.
Identity systems built for people are now being asked to govern AI agents, remote verification and increasingly sophisticated attacks. As identity moves from physical to remote, and from human to autonomous, organisations need a clear way to answer who authorised an action, who owns the risk, and who is responsible when something goes wrong.
Panel Session: Travel, Biometrics, and Borders track
Panellists: Nick van Straten (KLM) · Florent Tournois (French Ministry of the Interior) · Lisette Looren de Jong · Stephan Schipmann (Mülhbauer ID Services)
The technology is largely there. Airlines are already using AI to help verify travel documents. Biometric boarding exists. Digital identity wallets are no longer a future concept.
The discussion focused less on the technology itself and more on what is slowing adoption. Regulation, data sharing and public trust came up far more often than technical capability.
Nick van Straten, Programme Director for Biometrics and Digital Identity at KLM, highlighted how AI is already helping identify issues in travel documents that would otherwise require manual review.
He also pointed to the friction created by aspects of the EU AI Act, where requirements designed to reduce risk can add complexity to processes that technology is capable of simplifying.
Different approaches were evident across the panel.
Florent Tournois, Director of Identity, Trust Services and Production at the French Ministry of the Interior, noted that France does not want AI embedded inside digital identity wallets — and that a different type of credential may be needed specifically to allow AI to recognise individuals more easily in certain situations.
The Netherlands, represented by Lisette Looren de Jong, still maintains a strong human element within all border control processes.
Stephan Schipmann noted that other regions are moving more quickly, and that Europe risks being left behind. Schipmann was direct on Europe's position: other regions are already moving ahead with passenger risk analysis and seamless border technology, and the concern is that Europe risks falling behind through a combination of regulatory caution and lack of coordination.
A recurring theme was the absence of a standardised consent mechanism that would allow passenger data to be shared across border systems in advance.
Stephan Schipmann observed that something akin to a GDPR-style consent framework specifically for border use does not yet exist — and questioned why it has not been built. Without it, the seamless travel vision will remain partial.
He also acknowledged that risk analysis of passengers is something many people find unsettling, and that public understanding and acceptance is still a challenge.
Session: Cybersecurity and IAM track
Speaker: Gentjana Muca, Product Owner, Security Champion, co-founder and CEO of Cyber Morfosis, Swisscom
This was the session I have thought about most since the event. Gentjana Muca's argument, made clearly, is that we are entering a third distinct era of identity — and traditional IAM architecture is not equipped for it.
Traditional identity and access management was built around people. The assumptions underpinning it made sense: one person, one identity, a human-initiated login, a predictable session duration, a stable and known context, MFA to verify intent, least-privilege access.
Those assumptions no longer hold.
A single employee can now spawn hundreds of AI sub-agents operating around the clock. They authenticate continuously, switch context mid-task, and cannot receive a push notification.
One person could have more than 112 distinct agent identities in active operation. The question 'who are you?' is no longer sufficient.
Organisations also need to be able to answer:
Who created the agent?
What goal is it currently pursuing?
Who delegated the task, and for how long?
What actions can it perform?
What decisions can it make autonomously?
How is accountability maintained?
Every agent credential is a potential target.
The most critical threats are prompt injection and agent impersonation, with supply chain attacks also flagged as high risk.
The implication is that continuous verification — not once per login, but on every single action — is the new baseline requirement.
Panel Session: Travel, Biometrics, and Borders track
Panelists: Jay Meier (FaceTec) · John Van Riemen (NL National Police) · Graham Camm (UK Home Office)
The biometrics panel covered how quickly identity threats are evolving. The consistent thread was that the threat model has changed, and purchasing and governance decisions need to reflect that.
The shift from 2D sensor data to 3D face modelling has significantly raised the bar against presentation attacks.
Jay Meier noted that the minimum camera resolution requirement for this technology is 0.3 megapixels — meaning it is backwards compatible with hardware designed ten years ago, which matters for emerging markets where newer devices are less accessible.
However, the leading threat has moved on.
Rather than attempting to deceive the camera with a photo or replay video, attackers are now using deepfake injection — inserting synthetic content directly into the data stream and bypassing the sensor entirely.
This is a fundamentally different problem.
Jay Meier's point on this was clear: a face is three-dimensional, and if a system is not testing for 3D it is missing the most powerful signal available. Deepfake injection is 2D — which means 3D liveness detection is precisely the capability that exposes it.
Independent testing laboratories have improved transparency around liveness detection capabilities. However, the panel raised concerns about the integrity of that testing — some vendors only submit their systems using the highest-end cameras available, and labs are not always required to disclose the equipment used.
Understanding how a system was tested, and against which attack scenarios, matters as much as the result itself.
Graham Camm of the UK Home Office highlighted that as identity verification moves away from physical case workers — with their entire chain of command and accountability structure — towards remote digital systems, responsibility quietly shifts from frontline staff to the IT department.
Most organisations have not yet noticed that handover, let alone organised themselves around it.
From a purchasing perspective, this means procurement of these capabilities needs to be a joint exercise between technical and business teams. Camm drew a parallel with cybersecurity: understanding who the adversaries are, what they might attempt, how quickly suspicious activity could be identified and contained, and how vulnerabilities would be closed.
John Van Riemen of the Dutch National Police described how digital criminality is evolving in the Netherlands.
Fraud cases already exist where elderly citizens are called by someone claiming to be police, and deepfake video is increasingly being introduced. Business fraud via deepfake impersonation of a CFO or director is also on the rise.
The challenge is a difficult one: making identity systems easy and predictable for legitimate users also makes them easier for bad actors. Some randomisation — asking for a different biometric each time, such as a hand, foot or face — is one approach being considered.
Van Riemen also noted that even where digital identity systems confirm an identity, they cannot confirm that the documents used to establish that identity were genuine in the first place.
Panelists: Oliver Lauer (DSGV) · Florina Neag (e.on Energie Romania) · Eng Soon Liau (IMDA)
Moderator: Annet Steenbergen
This keynote panel looked ahead to where digital identity is heading by 2030 — examining whether the industry is moving towards global interoperability or deeper fragmentation, who ultimately controls identity, and what resilience structures are still missing.
The questions raised — around trust, ownership, and the next major shock to the system — set the tone for much of the wider conversation at the event.
These sessions left me with more questions than answers — which probably means it was time well spent.
The identity industry is dealing with several compounding pressures simultaneously:
Regulation that has not kept pace with the technology it is meant to govern; threats evolving faster than defences; and a fundamental reckoning around what identity even means when the entity being authenticated is not human.
What struck me most was how often the conversation came back to accountability.
Who is responsible when an AI agent causes harm?
Who owns the risk when a remote verification system is compromised?
Who authorised the scope of what an agent was allowed to do?
If your organisation is building out capability in any of these areas — whether that's agent identity, biometric verification, IAM governance or remote identity systems — we'd be glad to talk about what the right team looks like.
Connect with me, Charlotte Christensen, directly or speak to the Montash Cyber team.