DARTE Berlin 5.0 re Digital Identity Between Privacy and Compliance

11 November 2025 | Soho House Berlin

In collaboration with the European Commission, Project Catalyst, and the Cardano Foundation

The DARTE Berlin 5.0 session brought together over thirty experts from across Europe and beyond to examine one of the most pressing intersections in today’s regulatory and technological debate: digital identity. As Europe prepares to implement the revised eIDAS 2.0 framework and the European Digital Identity Wallet, discussions revolved around the implications for privacy, fundamental rights, and AML/KYC compliance.

The session - the 24th DARTE roundtable since the start of 2024 - was conducted under the Chatham House Rule, encouraging candid exchanges between regulators, industry, and academia.

1. Setting the Stage - The Trade-Off Between Privacy and Control

Opening remarks underscored the tension between user experience and privacy protection. Participants observed that most individuals and corporates prioritise convenience over control of their data - yet regulatory and ethical imperatives demand that privacy remains non-negotiable.

Frederik Gregaard (Cardano Foundation) introduced the notion of a global identity layer compatible with the MiCA-era digital finance ecosystem, posing the question: how can we bridge the trade-off between privacy and regulatory control in a trustworthy way? Regular audits and open standards were identified as preconditions for trust in any future identity infrastructure.

2. Risks of Centralised eID Systems

Florian Daniel (Westernacher) led the first deep-dive on the risks of the European Digital Identity Wallet (EUDI) and comparable systems.While such solutions promise convenience, centralisation could expose citizens to surveillance, data breaches, or even de-banking if access becomes conditional on state-controlled credentials. Examples from India’s Aadhaar, Greece’s social-media identity checks, and the UK’s eID requirements illustrated the slippery slope from digital facilitation to digital dependency.

The group discussed the matrix of use-cases that should guide proportional technical choices - from low-risk, minimal-data “disposable IDs” to high-assurance credentials for critical infrastructures. Consensus formed around the need for unlinkability and fragmentation of identity, where users manage multiple context-specific identities rather than one universal identifier.

The industry was encouraged to explore DIN/ISO-based initiatives to develop an alternative standard for self-determined digital identity, safeguarding both cybersecurity and human rights.

3. Digital IDs on Public Blockchains and the GDPR Dilemma

The second session, introduced by Nicolas Jacquemart (Cardano Foundation), explored how self-sovereign identity (SSI) frameworks could operate on public blockchains without breaching GDPR.

Using the KERI (Key Event Receipt Infrastructure) model, identity interactions are logged through Key Event Logs (KELs), ensuring verifiable identity control without revealing personal data. Debate centred on whether such logs are personal data under the absolute or relative approach to identifiability.

Most participants supported a risk-based interpretation, in line with recent ECJ jurisprudence: if an entity cannot reasonably identify a person, the data may be treated as anonymous.

However, uncertainties persist:

• Can a public blockchain qualify as a “qualified electronic ledger” under eIDAS?

• Are nodes on such blockchains data processors?

• How to reconcile selective disclosure with the public-by-default nature of DLTs?

  
  

The discussion recognised GDPR as “the first crypto regulation” - already embedding concepts that future DLT frameworks could build upon.

4. Digital Identity in AML and KYC

In the third session, Mariana de la Roche on behalf of Irina Gorbach (Crystal Intelligence) examined how digital identity could revolutionise AML / KYC while avoiding a slide into surveillance.Participants compared international precedents - the U.S. Social Security Number, India’s Aadhaar, Estonia’s e-Residency - each offering both empowerment and risk.

The group agreed that identity should serve compliance, not replace it. A responsible AML / KYC identity layer would:

• Rely on federated or decentralised architectures;

• Allow selective, purpose-bound data disclosure;

• Enable revocable, dynamic credentials; and

• Support cryptographic attestations instead of mass data sharing.

Innovative concepts such as “identity on demand” - revealing data only when a transaction is flagged - were discussed as privacy-preserving tools, though current EU law may not yet accommodate them. The participants cautioned that global AML obligations remain over-regulated yet under-effective, urging policymakers to re-evaluate proportionality and ensure GDPR and AMLR evolve hand in hand.

5. Closing Outlook

The DARTE meeting was closed with a call for continued dialogue and pragmatic collaboration. While opinions diverged on the technical path forward, all agreed that Europe’s digital identity future must combine interoperability, accountability, and freedom of choice.

The DARTE Berlin 5.0 session once again confirmed that regulation is only as effective as the understanding that informs it. Through open debate, the community continues to define the contours of privacy-respecting, innovation-enabling digital identity frameworks - one roundtable at a time.

With thanks to all participants from BaFin, the European Commission, Cardano Foundation, N26, Bitpanda, Bitbond, Deloitte, Westernacher, Crystal Intelligence, PrivacyPower, and many more who contributed their expertise to shaping this dialogue.