SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Person unlocking phone glowing digital id face scan security
#
Data Protection
#
Encryption
#
Biometrics

Daon outlines five digital identity shifts for 2026

Mon, 29th Dec 2025
Author image
By Catherine Knowles, News Editor

Cybersecurity and biometrics provider Daon has set out five trends it expects will redefine digital identity in 2026, including the spread of government-backed digital wallets, new approaches to defending against deepfakes, and the formal recognition of AI systems as actors within identity frameworks.

The company said digital identity had entered a phase of rapid change. Regulators in the US, EU and UK have increased their focus on digital IDs, decentralised credentials and selective disclosure. Enterprises are also facing more sophisticated fraud techniques, driven in part by advances in synthetic media and generative AI.

Identity systems were originally designed around one-off verification events. Daon said they now sit within environments shaped by autonomous software agents, reusable credentials, deepfake-enabled fraud and authentication on personal devices rather than central servers.

"Trust is shifting from proving who you are once to proving it continuously, privately, and proportionally," said Ralph Rodriguez, Chief Product Officer, Daon. "We're entering a world where AI systems must authenticate just like humans, where deepfake defense becomes a shared KPI, and where privacy-by-architecture becomes an operational requirement rather than a design preference."

Rodriguez said organisations that adapt their assurance models across multiple layers and channels are more likely to cope with the shift.

Digital ID wallets

Daon expects digital identity wallets backed by governments and formal trust frameworks to move from pilot status into broader deployment in 2026. These wallets hold digital versions of official credentials and sit under governance regimes that define liability and testing standards.

In Europe, the European Digital Identity regulation and the eIDAS framework are set to underpin this rollout. Member states are expected to offer an EU Digital Identity Wallet by the end of 2026, with regulated assurance levels and cross-border interoperability written into the design of the system.

Commercial wallet platforms are also expanding their role in identity. Apple Wallet and Google Wallet already support state-issued digital IDs in a growing number of jurisdictions. The US Transportation Security Administration accepts mobile driving licences from participating states at checkpoints, and a significant share of the US population now lives in states where mobile IDs are live or in development.

Daon said adoption remains uneven across regions, although acceptance is increasing as airlines, airports, government agencies and other high-assurance environments add digital wallets to their identity processes.

Deepfake fraud focus

The second prediction addresses the rise of deepfake and injection attacks on biometric systems. Daon expects responsibility for defending against synthetic media to spread beyond specialist technical teams. Fraud, security and product groups will share targets and metrics around deepfake-related risk.

The company forecasts that many buyers of identity technology will set baseline requirements around biometric presentation attack detection, anti-injection measures and independent laboratory validation. Procurement processes are likely to ask for formal test results and attestations that link performance to real-world fraud reduction, lower false approvals and preservation of user trust.

AI as identity actors

Daon said non-human identities, including agentic AI systems, are expanding quickly across enterprise networks. It cited independent 2025 studies reporting roughly 44% year-on-year growth in non-human identities and a rise in machine-to-human ratios from around 80:1 to 144:1 in some environments.

The prediction for 2026 is that enterprises will treat autonomous and agentic systems as full participants in the identity lifecycle. These systems would be registered, authenticated, authorised and monitored under formal policies, with containment processes defined in case of compromise or misbehaviour.

This model has led Daon to describe a "Know-Your-Agent" approach. It said identity and access management tools will need to record who or what is acting, on whose behalf, and under which constraints, supported by clear audit trails.

On-device biometrics

The fourth prediction centres on moving biometrics and related checks away from centralised servers and into end-user devices. The company expects liveness detection, age assurance and higher-assurance verification to run more often at the network edge.

Daon said progress in techniques such as zero-knowledge proofs, federated learning and sensor attestation now enables biometric checks on personal devices while reducing movement of raw biometric data. On-device processing can bind verification to a specific capture environment and lower the risk of replay or injection. Local storage of biometric templates supports data-minimisation approaches.

The company expects these on-device checks to align with proof-of-possession flows and hardware-backed sensor attestations. It said federated learning and zero-knowledge techniques allow systems to validate claims without sharing underlying biometric templates with servers.

Workforce monitoring

The fifth trend concerns how employers verify staff identity. Daon expects continued pressure on pre-hire verification because of deepfake applicants and impersonation. It said the more significant change in 2026 will come after hiring as employers adopt continuous workforce assurance.

Under this model, organisations link the verified employee to daily system access using biometrics, device posture and network context. This seeks to address account-takeover risks inside the enterprise, including scenarios where remote workers' accounts are used by others, or where attackers target helpdesks and privilege escalation processes.

Daon expects identity assurance in this context to shift from a point-in-time event at onboarding into an ongoing process. It said this can reduce insider risk, support regulatory audits and underpin confidence in hybrid and distributed work patterns.

Post-quantum groundwork

The company also set out an additional forecast on the impact of quantum computing on identity infrastructure. It said quantum systems do not yet present an operational fraud vector, but current identity architectures depend on cryptography that will take years to upgrade.

Daon expects 2026 activity to focus on mapping cryptographic dependencies and planning phased upgrades, rather than wholesale replacement. Identity systems such as certificate hierarchies, hardware security modules, enrolment protocols and device attestation will require what the company described as crypto-agile foundations ahead of full post-quantum deployment.

"Quantum ultimately strengthens the defensive side of identity; 2026 is when forward-leaning enterprises start the long transition," said Rodriguez.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Deepfake boom fuels relentless wave of celebrity scams
Visionplatform.ai adds AI agents to Milestone XProtect
Ofcom probes X over Grok deepfake sexual imagery risk
European privacy teams warn of cuts amid rising risks
Phishing services drive 389% surge in account breaches

Top stories

Executive-level CISO titles surge amid rising scope strain
UK unveils Software Security Ambassadors to push new code
Dun & Bradstreet outlines seven key compliance trends
Asimily boosts Cisco ISE with new device microsegmentation
Cyb3r Operations raises $5.4m to tackle cyber risk