Traditional physical access systems have one important caveat: they don’t actually ‘know’ who just walked in. In fact, most only verify that something was presented at the reader: a badge, a card, a PIN, a fingerprint. The system then assumes the person holding it is the person that was registered in the system. But what if that assumption is wrong? Enter verified identity.
A badge proves that a badge was used. A PIN proves a PIN was entered. Neither proves anything about the person holding it. If you hand your office pass to a friend, the building lets them in. If a driver's terminal credentials end up in someone else's hands, the gate opens without a second thought. The system records an entry, but it can't tell you whose.
In regulated and high-security environments, that’s highly problematic. Port operators, for example, have to comply with ISPS, the maritime security framework that requires verified identification of every driver entering a facility. Gaming regulators want hard evidence that the player at the kiosk is the player on the account. Retailers face strict checks on alcohol and tobacco sales. And football clubs are under mounting pressure to know exactly who is in their stadiums.
But the need for identity is not limited to regulated environments. In many everyday situations, there is no strict obligation to verify someone’s identity, yet there is still a clear need for convenience and smooth interactions. Think of accessing a workplace, collecting a parcel, or entering a location where a physical ID check would be disproportionate. In those cases, the challenge is less about compliance and more about making interactions simple, fast and reliable without relying on physical ID or adding unnecessary friction.
The obvious solutions is to bind the credential to a body. Hence the rise of fingerprint and face-based access systems over the last decade. Fingerprints do prove, well, that the right finger is at the reader. Let’s assume for a moment that that finger is attached to the right person: even then, the trouble is everything around that check.
One of the main challenges is GDPR compliance. Biometric templates are generally treated as special category data under Article 9. In Belgium, privacy authorities often favour architectures where the biometric template remains under the user's control (for example on a card or personal device), particularly in high-security environments. This can reintroduce credential issuance costs, although mobile and wallet-based alternatives are increasingly available.
Verified identity flips the logic. The reader doesn't ask "is this the credential we issued?" It asks "is this the person we registered, and can they prove it right now?" That shift has practical consequences in deployments already running today.
At the Port of Limburg, drivers entering the site authenticate at the gate with itsme. The setup is simple: the driver authenticates with itsme using their phone number, the system matches their identity with the port’s community system, and the barrier opens.
The workforce includes many non-Belgian drivers from across Europe. Exactly the audience operators worried wouldn't adopt a mobile flow. Adoption was high and availability was high.
At Telloport's municipal lockers, citizens use itsme to unlock smart compartments and collect documents or parcels. The Aalter pilot recorded 100% verified access and 4.7 out of 5 user satisfaction. For the operator, the appeal is straightforward: no staff at the locker, no badge to lose, no doubt about who collected the item.
In parallel, itsme is piloting identity-driven access across different types of access points with Dioss Smart Solutions as integration partner. These range from doors to kiosks and other self-service touchpoints. The focus is on entry points such as entrances to corporate buildings, administrative sites or service locations, where organizations want a simple way to verify who is present, whether for visitors, customers or employees.
In practice, the flow is straightforward: the user initiates the access request at the door, confirms their identity via itsme on their phone, and once validated, access is granted. This avoids the need for physical badges, ID cards or manual checks. It also keeps the interaction simple and familiar for the user.
When a facility manager is asked who entered the building on Tuesday at 14:00, "badge #4471" is no longer a sufficient answer. When a stadium is asked to confirm a banned supporter wasn't inside, the ticket scanner can't help. And when organisations need certainty about who was actually present, systems based on transferable credentials often don’t provide a clear answer.
A verified identity, anchored at eIDAS High and tied to the person rather than the credential, answers the question being asked. That's the gap. And it's the gap that's worth closing now, before the next audit cycle does it for you.