If we are not defined by our documents, what exactly is identity? The answer may reshape how we think about governance in the digital age.
For decades, we have assumed that identity is something we carry in our wallets or increasingly, in our mobile phones, a passport, an Aadhaar card, a PAN card, a voter identity card or a driving licence. Perhaps that assumption itself is flawed.
A passport does not make me who I am. Neither does Aadhaar. Nor PAN. Each merely certifies that an authorised institution has, through a lawful process, established certain facts about me. The document is not the source of trust. It is evidence that trust has already been established. That distinction is profound.
Identity is not created by documents. Documents exist because institutions have already established identity. Every human being lives one continuous life. Yet every institution encounters only a fragment of it. The Registrar records our birth. Schools record our education.
Universities certify our qualifications. The Passport Office verifies our travel identity. The Income Tax Department establishes our tax identity. Banks establish financial relationships. Hospitals maintain healthcare records. Property registrars establish ownership. Each institution performs its statutory function independently.
Collectively, they create trust. Individually, they create only fragments. Perhaps that is where our understanding of identity has remained trapped in the paper age. We have spent decades trying to keep documents synchronised.
Perhaps we should have been trying to keep trust synchronised instead. The distinction matters because documents merely describe attributes. Identity represents legal continuity. Trust represents institutional confidence in that continuity.
Almost every attribute associated with a human being change over time. Names change. Women often adopt a different surname after marriage. Initials appear and disappear. Different government departments record names differently. The same name may be transliterated in several ways across Indian languages.
A typographical error or an expanded initial can unintentionally create an entirely new identity within a digital database. Addresses change even more frequently. People relocate. Villages become municipalities. Districts are reorganised. Roads are renamed.
States themselves have changed their official names over time. Orissa became Odisha. Pondicherry became Puducherry. Bombay became Mumbai. Madras became Chennai. Bangalore became Bengaluru.
The place remains. The description changes. The same is true of people.
Students become professionals. Professionals become entrepreneurs. Marriage changes family relationships. Employment changes. Qualifications increase. Property is acquired and sold. Healthcare records evolve. Pension replaces salary. Every stage changes the attributes associated with an individual.
The individual does not change. Yet our digital systems often struggle to distinguish between identity and the attributes that describe it.
It could be a missing initial, a spelling variation, an outdated address. Or a mismatch between two databases. It could also be as trivial as a different date format but each would trigger another verification. And yet another document. Another declaration. Another attempt to prove that the same person is still the same person. Identity should not fracture because an attribute evolves.
Nor should trust.
The consequences extend well beyond administrative inconvenience. Repeated verification consumes enormous institutional resources. Citizens repeatedly submit documents already verified elsewhere. Banks undertake periodic KYC. Students repeatedly upload certificates.
Pensioners periodically prove they are alive. Property transactions demand another round of verification. Insurance claims begin with another collection of documents.
Every institution behaves rationally. Collectively, however, they create an economy where trust is repeatedly reconstructed instead of responsibly reused. And Artificial Intelligence makes this challenge even more significant.
Documents can now be fabricated with remarkable realism. Voices can be cloned. Faces can be synthesised. Synthetic identities combine genuine and fabricated information to deceive traditional verification systems.
The more we depend upon exchanging documents alone, the weaker trust becomes and this raises an obvious question. If trust already exists within our institutions, why must citizens recreate it every time they interact with another institution?
India has already demonstrated that another approach is possible. The Reserve Bank of India’s Account Aggregator framework quietly established an important principle. Banks do not exchange trust by copying one another’s databases.
With the customer’s explicit consent, they rely upon authenticated information generated by another regulated institution. Trust travels without ownership of data changing hands. That is far more significant than a banking innovation. It demonstrates that trusted institutions can rely upon one another’s verified assertions without asking citizens to recreate trust from the beginning every single time.
Yet, five years after its introduction, the model remains largely confined to the financial sector. The limitation is not technological. The deeper challenge lies elsewhere.
Banking operates within a mature regulatory ecosystem with clearly identified institutions, standardised data, established liability and well-defined supervisory structures. Identity, education, employment, healthcare, property and numerous other sectors operate under different statutes, different authorities, different standards and different governance arrangements.
Before trust can travel across sectors, we must answer a more fundamental question.
What exactly is the trusted identity that every institution is expected to rely upon?
Trust is never created by technology. Technology merely preserves, transmits and verifies trust that has already been established through law, due process and accountable institutions. That is why a digital identity cannot exist independently of the institutional processes that stand behind it.
The digital layer carries trust. It does not create it. Technology can exchange information. Only governance can exchange trust. That is why the answer is neither another identity card nor another centralised database.
A digital identity does not create trust. Trust creates a digital identity.
India’s challenge is therefore not to create trust. India already creates trust every day through thousands of lawful institutional processes. The challenge is enabling one authorised institution to rely, wherever legally permissible, upon the verified assertion of another without requiring the citizen to repeatedly rebuild that trust.
That is the foundation of a digital economy. It is also the foundation of digital sovereignty.
In the years ahead, this challenge will extend well beyond human beings. Autonomous vehicles, connected devices, industrial robots, drones and AI agents will all require trusted identities. The question will no longer be simply who they are. It will be whether their identities can be trusted. India has earned global recognition for building Digital Public Infrastructure.
The next stage of nation building may be to build a National Digital Trust Framework, one that enables trust, once lawfully established, to travel securely across institutions without compromising privacy, accountability or citizen rights.
The Account Aggregator framework has shown that such trust exchange is possible. Why, then, has that idea remained largely confined to banking? The answer lies not in technology but in governance, law and the absence of a common trust architecture across the wider economy.
India’s next challenge is therefore not building another digital platform, but building the institutional trust architecture that allows existing platforms to work together. That is the conversation India must now begin. And it is the subject of the next article in this series.
(The author is Lt. General (Retd.); Views expressed are personal)


