Weekly Highlights

The State of Identity – January 24, 2025

01/24/25
Yura Nunes

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.

🪄Innovation and New Technology Developments

UK Government Launches Mobile Driver’s License and Digital Wallet, Sparking Confusion in Digital Identity Ecosystem

The UK government has introduced a mobile driver’s license (mDL) and digital wallet on the Gov.uk platform for private and public sector use. This move has caused confusion within the digital identity framework, particularly regarding its overlap with the Digital Identity and Attributes Trust Framework (DIATF). Only government-issued digital documents will be stored in the wallet, which may compete with 52 certified digital identity service providers (IDSPs). Concerns have arisen about misalignment between public announcements and internal communications, complicating expectations for the wallet’s integration. (Source)

Stargate Initiative Aims to Advance U.S. AI Leadership Amid Privacy and Security Concerns

The Stargate initiative, announced by President Trump, seeks to bolster U.S. leadership in AI through partnerships with OpenAI, SoftBank, and Oracle, along with plans for nationwide data centers. This comes after the repeal of Biden’s 2023 AI safety executive order, raising concerns among privacy advocates and security experts about transparency and ethical AI use. While promising advancements and job creation, Stargate must navigate challenges related to data privacy, cybersecurity, and equitable access, with critics warning of risks from centralized data infrastructure and increased geopolitical tensions. (Source)

Spanish PM Proposes Linking Social Media Accounts to EU Digital Identity for Accountability, Sparking Privacy Debate

Spanish Prime Minister Pedro Sánchez has proposed linking social media accounts in the EU to EU Digital Identity (EUDI) Wallets to eliminate anonymity and reduce online toxicity. He argues that anonymity concentrates power and likens it to driving without a license. Sánchez believes this connection could enhance accountability and protect children, but it conflicts with European data protection authorities’ privacy recommendations. He also advocates for algorithmic transparency and stronger enforcement of the Digital Services Act, comparing social media platforms’ responsibilities to those of restaurant owners. (Source)

Turkey’s Blockchain-Driven Digital Identity Expansion Enhances Security and Privacy

Turkey plans to enhance its national digital identity system by integrating blockchain technology for improved security and privacy. Since its 2017 launch, over 83 million residents have received digital ID cards for essential services such as healthcare and voting. Led by TUBITAK, the initiative combines biometrics and blockchain, while the private sector explores synergies with AI. Turkey is also advancing its digital transformation strategy, utilizing AI, IoT, and Big Data for regulatory compliance and innovation. (Source)

Azerbaijan Launches Digital Development Concept for Secure E-Government and Digital ID Adoption

Azerbaijan has initiated the “Digital Development Concept” to create a digital government ecosystem and implement digital IDs for citizens. Led by the Ministry of Digital Development and Transport, the initiative aims to digitize public administration, promote digital entrepreneurship, and improve digital literacy. It includes secure digital identity verification to streamline access to services. Plans involve drafting legal frameworks, training ICT specialists, and piloting solutions, targeting one million digital ID users by the end of 2026, with full implementation expected between 2025 and 2027. (Source)

Afghanistan Expands Digital ID Distribution and Plans National Census to Improve Population Data

Afghanistan’s National Information and Statistics Authority (NSIA) plans to expand the issuance of e-Tazkiras, the digital ID, by opening more centers at the district level to complement the existing 73 facilities. Over 15 million e-Tazkiras have been issued, with 9 million to males and nearly 6 million to females. Mobile teams are also targeting underserved areas to address distribution challenges since the Taliban’s takeover in 2021. Additionally, the NSIA is working with the UN Population Fund (UNFPA) to plan a national census for accurate population data, currently estimated at 44.5 million. (Source)

💰 Investments and Partnerships

Keyless Secures $2M for North American Expansion and Deepfake Defense with Zero-Knowledge Biometrics™ Technology

Keyless, a biometric authentication company, raised an additional $2M in funding, bringing its total to $10M, led by Rialto Ventures and Experian Ventures. The funds will support North American expansion and innovations against deepfake technology, particularly in financial services. Keyless, led by CEO offers Zero-Knowledge Biometrics™ technology, enabling secure, privacy-preserving multi-factor authentication without storing biometric data. (Source).

Mitiga Raises $30M to Expand AI-Powered Cloud Security Platform Across North America and Europe

Mitiga, a New York/Israel-based startup focused on threat detection and response for cloud and SaaS environments, raised $30 million in a Series B funding round led by SYN Ventures, totaling $75 million in funding. With support from investors like ClearSky and Atlantic Bridge, Mitiga will expand in North America and Europe, enhance its AI-powered platform, and build strategic partnerships. Its technology features a forensic data lake, automated breach readiness assessments, and incident response tools to help businesses improve response times and resilience against cyberattacks. (Source)

Databricks Secures $10B in Series J Funding, Boosting Valuation to $62B Amid Growing AI Investments

Databricks has raised $10 billion in Series J equity financing, bringing its valuation to $62 billion, along with $5.25 billion in debt financing from JPMorgan Chase and Goldman Sachs. The San Francisco-based data analytics platform has raised a total of $19 billion over 12 years and plays a key role in AI by standardizing data for machine learning. Notable investors in this round include Meta and Qatar’s sovereign wealth fund, highlighting increased corporate interest in AI. (Source)

Metropolis Acquires Oosto in $125M Deal to Enhance AI-Driven Parking Systems Amid Challenges for AI Startups

Metropolis, an AI-powered parking platform, has acquired Oosto (formerly AnyVision), a computer vision company, in a $125 million all-stock deal, significantly below Oosto’s $380 million funding. The acquisition includes Oosto’s intellectual property and team, with its CEO and CTO joining Metropolis. Oosto had faced challenges such as controversial surveillance use, losing Microsoft as an investor, and struggling to pivot to enterprise applications. Metropolis aims to integrate Oosto’s technology to enhance its AI-driven parking systems, highlighting the evolving landscape for AI startups and their challenges with valuation and sustainable revenue. (Source)

⚖️ Policy and Regulatory

NIST Updates Digital Identity Guidelines to Enhance Security, Accessibility, and Inclusivity

The U.S. National Institute of Standards and Technology (NIST) has released an updated draft of its Digital Identity Guidelines to improve secure access to services and address fraud risks. Incorporating feedback from various stakeholders, the guidelines focus on balancing modern digital identity solutions like passkeys and user-controlled digital wallets with traditional methods. They also emphasize inclusivity by offering alternatives for those lacking digital tools, such as in-person identity proofing. NIST invites public comments on the draft to enhance security and accessibility in identity verification. (Source)

PowerSchool Data Breach Exposes Decades of Toronto Student Records

A recent data breach of PowerSchool has exposed 40 years of student records from the Toronto District School Board (TDSB), affecting students enrolled from September 1985 to December 2024. The breach included names, addresses, dates of birth, and phone numbers, with data from 2017 onward also containing parents’ contact information. The TDSB used PowerSchool to manage requests for former student records. PowerSchool stated that hackers claimed the stolen data has been deleted, but this has not been publicly verified. (Source)

FTC updates COPPA to strengthen children’s online privacy with stricter data rules and expanded protections

The FTC has updated the Children’s Online Privacy Protection Act (COPPA) to strengthen online privacy for children. Key changes include mandatory parental opt-in for third-party advertising, expanded definitions of personal information, including biometrics and government IDs, and stricter data retention limits. The FTC also enhanced transparency in Safe Harbor programs. While the updates are widely supported, some, including FTC Commissioner Andrew Ferguson, raised concerns about compliance costs and competition impacts. Organizations have one year to comply with the new rules. (Source)

EU enforces Digital Operational Resilience Act to strengthen IT security and resilience in the financial sector

On January 17, 2025, the EU’s Digital Operational Resilience Act (DORA) became effective, aimed at enhancing IT security and operational resilience in the financial sector. It applies to both traditional entities, like banks and insurers, and non-traditional ones such as crypto-asset service providers and crowdfunding platforms. DORA mandates comprehensive requirements for risk management, third-party risk, incident reporting, and resilience testing. Financial entities must maintain registers of ICT service providers, notify authorities of major incidents within 4 hours, inform clients of financial impacts, and conduct post-incident reviews. They also need to implement strong ICT risk management frameworks and regularly assess third-party risks. Critical ICT service providers face direct obligations, while all must comply via contractual provisions with financial entities. DORA is a significant move towards ensuring the EU financial sector can withstand and recover from severe operational disruptions. (Source)

TikTok service providers face billion-dollar penalties amid U.S. ban despite Trump’s non-binding assurances

TikTok’s service providers, such as Oracle and app stores like Apple and Google, face billions in penalties for potentially violating a U.S. ban due to ByteDance’s Chinese ownership. President-elect Donald Trump promised companies they wouldn’t incur fines for supporting TikTok before his inauguration, but legal experts say these assurances are not legally binding. The ban, which mandates TikTok’s divestiture, could impose $5,000 fines per user, totaling $850 billion for service providers. While Trump might attempt to certify a deal for a 90-day extension, it’s uncertain he can do so after the ban takes effect. Experts caution that companies banking on Trump’s promises risk shareholder lawsuits and significant liabilities. Congressional action to delay the ban would be the safest route, but that remains uncertain. For now, companies find themselves in a precarious legal situation. (Source)

Biden Signs Executive Order to Bolster U.S. Cybersecurity with AI and Quantum-Resistant Measures

In his final week in office, President Joe Biden signed an executive order aimed at enhancing U.S. cybersecurity by securing federal agencies, contractors, and critical infrastructure. The order sets stricter requirements for software vendors and establishes compliance standards through NIST. It addresses identity theft, integrates quantum-resistant algorithms, and uses AI to enhance security in sectors like energy. While the incoming administration may modify the order, experts commend its bipartisan potential and encourage its continuation to tackle evolving cyber threats. (Source)

Supreme Court Backs TikTok Sale Mandate Over National Security Concerns

The Supreme Court upheld a law requiring TikTok’s Chinese owner, ByteDance, to sell the platform or face a U.S. ban, dismissing TikTok’s free speech argument due to national security concerns. The Biden administration won’t enforce the law immediately, creating uncertainty. Former President Trump has suggested negotiating a resolution, possibly giving ByteDance more time to find a buyer. If enforced, the law could affect content creators, driving users to platforms like Instagram Reels and YouTube Shorts. (Source)

Singapore to Enforce Age Verification and Online Safety Measures for App Stores by 2025

Starting in April 2025, Singapore will enforce a new Code of Practice for Online Safety requiring app stores to implement age verification measures. This regulation will block users under 18 from accessing adult apps like Tinder and restrict those under 12 from downloading social media apps like Instagram and TikTok. Biometric methods, such as facial scans, are recommended for compliance, and non-compliant platforms may be blocked. App stores must also monitor harmful content, allow users to flag issues, and provide annual safety reports.(Source)

🔗 More from Liminal

New Research Available

Access the Market & Buyer’s Guide for Third-Party Risk Management in Link for insights to strengthen compliance and tackle emerging risks as the TPRM market nears $19.9 billion by 2030.

Access Market & Competitive Intelligence

Our award-winning Link™ platform empowers you to monitor trends, access benchmark research reports, explore use cases, and more.

Liminal CEO Summit 2025

Interested in attending? Request an invite to our 4th annual exclusive CEO event, which will be held in Laguna Beach, California.

Share this Article