Over the past few years, digital identification (eID) has become one of the key directions of digital transformation in Central and Eastern European countries. The task is fairly straightforward: to simplify citizens’ online interaction with the state while simultaneously reducing risks in the digital environment. Each country is moving along its own path and at its own pace, but the shared outcome is already visible—public services have become more accessible, and the baseline level of protection in the digital space has noticeably increased.
From a security perspective, the idea of consolidating digital identity into a single state-run system appears logical. When every bank, ministry, or online service builds its own login mechanism, the number of weak points quickly multiplies. Unified rules—from cryptography to authentication and trust levels—reduce this diversity and make the system more predictable. In addition, the state can afford costly additions that often remains out of reach for the private sector: backup data centers in different regions, regular security audits, and long-term infrastructure support.
At the same time, centralization creates the greatest tension. When one system becomes a universal key to banking, healthcare, taxation, and personal data, any outage—even for a mere hour—immediately impacts felt at scale. The more services depend on eID, the more painful the consequences of each error become. In such an architecture, risk concentration is embedded at the design stage.
Ukraine’s Diia is a clear illustration of this duality. In just a few years, it has grown from a digital showcase of a citizen’s documents into a full-fledged platform for public services, which has genuinely simplified life for millions of people. At the same time, it is no longer merely a convenient application; it has become an element of critical infrastructure. At this point, any serious outage, data leak, or attack no longer presents a mere local inconvenience but launches a domino effect.
In my view, full concentration of digital identity in the hands of the state creates significant long-term risks. This model makes the system vulnerable to political fluctuations, often slows the adoption of new approaches, and demands a constant balance between strict national control and EU requirements for genuine digital sovereignty. This is why the EU is increasingly seeking alternatives. In eIDAS 2.0, the focus is shifting from rigid centralization toward a more distributed model. While such an approach does not eliminate all risks entirely, it makes the system far more resilient and less vulnerable to single points of failure.
Olga is a recognized expert in IT and information security with 19 years of experience. Among other things, she specializes in information security systems design and implementation. Her profound knowledge of IT technologies and principles of building IT infrastructure put her in the position of the Chairperson of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce. Olga is also the CEO of the Ukrainian IT company Silvery LLC.
