From compliance to infrastructure: itsme at Identity Week

753D2583-4288-4CA1-ACF2-0877DA6FDAF1

itsme appeared at Identity Week Europe 2026 with two sessions across two days: Roderick Arts, Country Manager for the Netherlands, on the cost of identity fragmentation, and Karlien Vekemans, Head of Corporate Development, on what running digital identity at scale tells us and where Europe is heading. We selected six takeaways from both stages.

1. Identity fragmentation is a tax 

When a customer signs up with you today, you probably verify them from scratch. So does their bank, their insurer, and their energy provider. There is no shared layer that lets you trust what someone else has already verified. As a result, the cost gets paid four times, the friction gets absorbed four times, and the verified identity that already exists somewhere goes unused. That cost sits across five buckets: abandoned onboarding, duplicated verification, fraud amplification, support overload, and integration debt. The reason it goes unmeasured is that each bucket belongs to a different department. Nobody owns the total. But that number is very real.

2. Customers aren’t getting what they want

We commissioned a study with Nielsen IQ covering 4,000 consumers across Belgium and the Netherlands, split across banking, insurance, telecom, and energy. The study measured two things for each sector: how mature identity touchpoints are today, and how much consumers care about having those moments work well. In the Netherlands, the overall maturity score is 64 out of 100. The importance score is 75. That eleven-point gap, repeated across millions of interactions per year, is the fragmentation tax made measurable. The sharpest gap is in onboarding: NL banking contract signing scores 34, against a sector average of 64. And 39% of Dutch banking consumers say an external identity app should already be the default. They are not asking for something new. They are asking the industry to catch up.

3. The answer is infrastructure

A point solution fixes one touchpoint. Infrastructure means every new service, every new channel, every new regulatory requirement inherits from something that already works. The integration cost does not reset with each project. Fraud signals accumulate across providers rather than staying siloed. Compliance becomes a property of the platform rather than a project to re-run every time a regulation changes. Over 80% of Belgian adults use itsme daily across banking, government services, insurance, and contract signing. That level of adoption does not come from solving one problem well. It comes from being built as shared infrastructure from the start.

4. Consent is key

The technical standards – eIDAS, Level of Assurance High, QTSP – are necessary but not sufficient. Clarity on roles is what makes adoption stick: who issues credentials, who validates them, who is accountable when something goes wrong. User control is not a privacy-by-design talking point. It is the reason people use itsme voluntarily rather than just tolerating it. Every transaction starts with explicit consent. Every shared data point has a stated purpose.

5. The term 'Wallet' is confusing (but we got you)

Europe is not moving toward one identity solution. Banks, postal operators, healthcare institutions, e-commerce platforms, and global tech companies are all building wallet-adjacent products. Each holds a different slice of identity. The word “wallet” has become a catch-all covering at least four different things: a user app, a legal status under eIDAS 2, a set of technical functions, and sector-specific solutions. One word, four meanings. No wonder which expectations are so often misaligned. The more productive question is not “are you a wallet?” It is: what problem are you solving, and what capabilities do you need to solve it?

6. The weakest link will be exploited

At itsme, we have no ambition to become the official EUDI Wallet of a member state. We operate in the space above the compliance floor, where regulated industries need capabilities a public wallet is not designed to deliver: contextual fraud prevention, sector-specific compliance, qualified electronic signatures, orchestration across wallet implementations, and nextAuth for high-frequency authentication embedded directly in client applications.

There is also a structural risk in the mandatory acceptance model: when EUDIW goes live, banks will have to accept every wallet from every member state, regardless of how rigorously that state runs its certification process. Fraudsters will target the weakest wallet in the set, and banks will absorb the liability. A private operational layer that sees patterns across the whole ecosystem is the only structural answer to that. Belgium has been running this model for nearly a decade. The Netherlands is next.

Recordings coming soon. Watch this space for the full sessions from both days.