The European Identity and Cloud Conference, affectionately known as EIC, has a fixed place in my calendar every year. After five days in 2026, I once again know why: it is a think tank for current topics, a source of inspiration, a networking event and entertainment all at once. Here are my impressions from EIC 2026.

The official kick-off for EIC took place on May 19, 2026. But one day earlier, we were already able to make a major contribution to a lively, beer-fueled start – with our IdentiBeer. Around 150 familiar faces and new contacts joined the opening event. One thing became clear: the IdentiBeer community is growing. In Germany, we have already gained new hosts in several regions. Dr. Lisa Zimmermann (Fressnapf Tiernahrungs GmbH), Thomas Müller-Martin (Omada) and Christian Schauff (Aqenda GmbH) will invite the community in western Germany in the future. Daniela De Lippe will take over the organization in Bremen. In Berlin, responsibility will be in the hands of Katja Olkorova and Brandi Zavala.

I am delighted and proud that the events initiated by Espen Bago have found such strong resonance within the identity security community. The fact that we can make these meetups even more special with home-brewed beer is simply wonderful. The small but bearable downside: at first, people tend to see me as the IdentiBeer guy – only at second glance do they also recognize my many years of expertise in the field.

By the way, before the official IdentiBeer event, there was another meeting held under the Chatham House Rule. In other words, the discussion and the insights gained from it may be used, but participants’ identities must remain confidential. Of course, we respect the etiquette and will say only this much: everything revolved around the future of identity management. One or two insights even made it onto the EIC stage later on – naturally without mentioning the meeting itself. So, pssssst 😉.

The doors of EIC 2026 opened, and things got underway immediately with the first workshops. In the first round, the “Non-Human & AI Identity Workshop” and the “OpenID Workshop,” both with guided discussions, sounded particularly exciting. Of course, I could not split myself in two, but I was told that the first panel focused mainly on modern identity architectures, which are becoming urgently necessary in light of the increasing use of AI. The second workshop provided an overview of OpenID topics, including AuthZEN and the use of eduGAIN.

Networking was once again a key focus on the first day. At the IDPro Meet-ups, the community came together to take a shared look at the market. How has the identity industry changed? How are roles evolving? And where can the IDPro Community provide support in the future? Ninety minutes of concentrated expertise and open exchange: for me, as the self-proclaimed organizer of the “unofficial IDPro® IdentiBeer Event,” it was a great start to EIC 2026.

In the afternoon, I had firmly planned to attend the discussion “Consent’s Journey from Annoying to Meaningful: Can Tech actually eliminate Cookie Consent Boxes?” with Martin Kuppinger (KuppingerCole Analysts), Eve Maler (Venn Factory) and Max Schrems (noyb.eu). They looked back at digital consent from both a technical and legal perspective: How has it evolved so far? And they also looked ahead: What changes can we expect in the coming year?

Nat Sakimura (OpenID Foundation) presented a wonderful new concept for the community during his keynote “When Software Becomes Staff: Governance, Security & Safety for Agentic AI”: the Ultimate Bot Owner (UBO). This is the identity security counterpart to the Ultimate Beneficial Owner, a concept from the financial world which states that corporate responsibility does not end with a shell company but extends beyond it. Nat Sakimura would like to see a similar logic applied to autonomous AI agents. After all, humans must remain in control at all times.

One thing I particularly appreciate about EIC is that it gives me impulses for our own work. This year, for example, Florin Coptil (Robert Bosch GmbH) did just that with his presentation “EU Business Wallets – Shaping the Future of Digital Identity in Europe.” He took a closer look at the EUDI Wallet (European Digital Identity Wallet) as a digital wallet on the smartphone and drew parallels to the Business Wallet. The idea is that companies should be able to prove that employees really are employees of the organization and that products are indeed their own products. For me, this idea can be taken further toward industry. With a Business Wallet, the physical world (digital nameplate) can be connected with the digital world of the Asset Administration Shell (AAS). More on that perhaps soon on this channel.

Away from the stage, things even got heated at times. In his keynote “When Models Run the Business: Risk, Trust, and the New AI Identity Economy,” Bryant D. Nielson (Quantum Core Institute Inc.) put forward a controversial view: AI will wipe out the working world as we know it. According to him, autonomous AI will lead to mass unemployment. I had to push back on that with my own opinion.

Elizabeth Garber (Humanitech Consulting) provided the crowning finale. In her keynote “Identity and a Changed United States,” she addressed the problems that arise when government organizations can more easily surveil citizens through the misuse of digital technologies or digital identities. It was a moving outlook toward a surveillance state à la 1984, and one that, unusually for a tech event, ended in standing ovations – rightly so!

The next day, 9:50 a.m., and I already had a smile on my face. In his keynote “AI @ cidaas: From Vibe Coding to Agent Identity – Rethinking Authentication in the Age of AI,” Sandrick Widmann (cidaas) positively highlighted the role of umbrella.associates GmbH in the field of authorization. For us, as a small partner from the Hessian provinces compared to the big vendors, that was a huge recognition.

The next great moment followed around lunchtime with my own talk, “Solving the Developing Country Identity Dilemma [Introductory].” It is always an honor to speak in front of my valued colleagues. But it is also wonderful to present on such an important topic. My focus was on the need for more identity infrastructure in developing countries. Here, a clear distinction must be made between my talk and Elizabeth Garber’s talk, which called for less control in already developed countries. These are two completely different pairs of shoes. Thank you to Darran Rolls for professionally moderating our session.

After another packed day, the after-work party came at just the right time. My highlight on the Spree: Martin Kuppinger was very approachable on a boat and later also available for direct exchange at the bar.

Day 3 started with a little self-promotion. In his keynote “When Authorisation Fails At Cloud Speed: Why Identity Needs A Control Plane, Not Just Login,”  Alex Wilson (StrongDM) mentioned a joint project. A bank in Frankfurt am Main had spent more than a year struggling to implement the project with a competitor. Together with StrongDM, we managed to complete it successfully in three months. The focus: an assessment of the current state (cloud, automation, agents, AI workflows) and, building on that, the strategic development of existing IAM and PAM frameworks.

At EIC, you meet idols. My IdentiBeer Berlin co-organizer Martin Sandren (IKEA), whose LinkedIn posts I enjoy reading regularly because they are not only enlightening but above all amusing, gave a talk on “AI for IAM in practice [Introductory].” I was especially pleased that he not only addressed the changes brought about by AI, but was also interested in offering real solutions for implementation.

Change is one of the key terms in our industry. That is why I was pleased to discuss the evolution of Zero Trust over the past ten years together with Katryna Dow (Meeco), Allan Foster (Identity Evangelist) and John Tolbert (KuppingerCole Analysts). Our conclusion: in practice, Zero Trust fails less because of individual technologies and more because identity, infrastructure, policies and organizational responsibility are not sufficiently interconnected.

Things became somewhat more serious, but no less important, in the presentation “Breaking Glass: Restoring my Digital Life” by Dean H. Saxe (Remitly). He looked at the topic of digital estate management. Especially in times of biometric login methods, one question is becoming increasingly important: how can access to the accounts of deceased people be obtained in order to manage their estate according to their wishes? One of his impulses was this: it is worth taking care of your own digital estate early on, so that surviving relatives do not receive “greetings from beyond” and do not have to worry about non-cancellable digital subscriptions while grieving.

We spend almost all our time talking about accounts, access, logins and the like. Andrew Hindle (Hindle Consulting) therefore asked: why do we have accounts at all? In his session “Rethinking Accounts for a Continuous Age [Advanced],” he made clear that accounts are a construct from earlier times, created to assign scarce computing time, storage and access to central mainframes to individual users. In a continuous, event-driven identity world, however, the question arises whether permanent user accounts are still the right starting point. I agree with him: no, they are not! What we need instead are dynamic, context-dependent and short-lived identities that better fit modern security requirements.

The third day also had a great evening program in store: axe throwing! And what can I say? My strong tennis affinity, with precise arm movements and strokes, did not help me here. Quite the opposite: at Woodcutter on Alexanderplatz, I was soundly beaten by Jim Macdonald from the Identity at the Center Podcast. And his wife was even better… It was fun all the same, and I would like to thank Chiel and Christian from Elimity for the invitation.

More transparency and intelligence against blind spots in identity security – that is what Henrique Teixeira (Saviynt) advocated in his talk “The State of Identity-Centric Security in 2026.” For him, an absolute must-have in every company is AI governance. An important point that executives in particular will need to internalize more strongly and implement effectively in the future.

A wealth of expertise, deep-dive presentations – that is EIC. But not only that. With his keynote “From Grown Legacy IDM to a future ready IAM Target Architecture,” Michael Synowczik (LANXESS) delivered an incredibly valuable introductory talk. Practical and with a strong focus on the basics, he spoke about replacing SAP Identity Management, explained what can go wrong and showed how it should be done. Thank you for that!

The highlight of the day was provided by my colleague Roland Baum (umbrella.associates GmbH), who joined Dr. Heiko Klarl (Nexis), Dr. Phillip Messerschmidt (KuppingerCole Analysts) and Patrick Teichmann (KuppingerCole Analysts) in a discussion on “Master in Authorization Models: xBAC etc al.” The clear message: companies need to rethink authorization. Modern models such as xBAC help make access decisions more fine-grained, context-based and traceable. This can streamline internal processes, reduce security risks and at the same time create better user experiences for both internal and external user groups.

It was a full week with many impressions, in-depth conversations and countless networking moments. I was particularly pleased by the positive response to the IdentiBeer event on the eve of EIC and the prospect that these meetups will be expanded across Germany in the future.

If I may voice one point of criticism: Agentic AI was omnipresent, which was hardly surprising. Unfortunately, however, the topic was discussed in a very marketing-heavy way. We have all understood that Agentic AI will keep us busy today and tomorrow. But too often, the discussions lacked hands-on recommendations. Now it is much more important to roll up our sleeves in practice. So let’s get to work!