“I think, therefore I am.” It is a beautiful quote, but the French philosopher René Descartes may have made things a little too simple here. Because the real question we face everywhere—whether in online banking, while traveling, or when changing jobs—is this: Who am I, and how can I prove it?

Identity systems and identity management are therefore among the defining issues of our time—and they come with a number of challenges. Here is an overview.

It is an interesting topic, but you would rather listen than read? Perfect timing: Sebastian recently joined the podcast Identity at the Center and spoke with host Jim McDonald about identity-related topics.

Listen on YouTube: Unpacking Bias and AI in Identity Systems with Sebastian Rohr[TT2] 

For us, it is second nature: at birth, we receive our first proof of identity—our birth certificate. And that matters, because identity is much more than a name on a document. It makes us recognizable, verifiable, and trustworthy. In Germany, we still rely entirely on physical credentials such as ID cards, passports, and driver’s licenses. But going forward, identity systems will continue to evolve and increasingly move into the digital realm.

That world plays by different rules: data replaces documents, algorithms perform verification, and proving who someone “really” is suddenly becomes a technological and legal balancing act. Between convenience and control, security and privacy, a field of tension is emerging that affects governments, businesses, and citizens alike.

New technologies are opening up possibilities that go far beyond traditional authentication. Methods such as video identification, biometric recognition, and self-sovereign identity (SSI) make it possible to verify identities securely while still allowing individuals to retain control over their own data.

The idea behind this is simple: users manage their identity credentials themselves—in a digital wallet, much like a physical wallet, only cryptographically secured. This makes it possible, for example, to prove someone’s age without disclosing their exact date of birth. Or to verify a qualification without having to submit every certificate in full.

As promising as these opportunities may sound, they also need to be examined critically. Biometric methods are often seen as a key technology for modern identity systems—but they are not universally reliable. Fingerprints, iris scans, and facial recognition can produce results of varying accuracy depending on ethnicity, age, gender, or even geographic conditions.

There is also the linguistic dimension. Countries with their own writing systems—such as those in Southeast Asia or the Arabic-speaking world—face the challenge that names, characters, and transliterations can be interpreted differently. On paper, international interoperability sounds like progress. In practice, however, it can lead to misidentification, unequal treatment, and exclusion.

Of course, no discussion today seems complete without artificial intelligence. And for Identity and Access Management (IAM) in businesses, AI also offers promising possibilities. It can help detect anomalies and suspicious access patterns, as well as support the dynamic assignment of permissions. Algorithms can analyze behavior and identify patterns. This makes it possible, for example, to block unusual logins and protect sensitive systems. IAM becomes more adaptive, more capable of learning, and more preventive.

But there is still a very real “but.” AI can, in seconds, list which permissions specific employees hold, compare how permissions differ between individuals, and even reduce those permissions where appropriate with a single command. But one key question remains: how does AI know that the person issuing that command is actually authorized to do so? In the near future, we will therefore also need to think seriously about defining clear limits for AI.

The discussion around meaningful identity systems is only just beginning. The shift toward digital alternatives can offer a wide range of advantages for society. But it also demands new forms of governance. Identity is becoming a sensitive digital asset—one that must be protected, managed, and used responsibly by governments, businesses, and individuals alike.