In China, online scams and schemes are everywhere. With around 1,800 breached accounts per minute, users there suffer more than anywhere else. Scams in China cost their victims billions every year; disproportionately affect public services such as hospitals and state-run banks; and are often tied to so-called pig butchering syndicates at the Chinese-Myanmar border that combine online scams with human trafficking and forced labor.
To curb such fraud, the Ministry of Public Security (MPS), the Cyberspace Administration of China (CAC), and four other ministries presented the Digital ID Measures on July 15, 2025. With frequent reference to China’s anti-telecom-fraud toolkit (including the recently updated Anti-Telecom and Online Fraud Law), the new system will reduce plaintext identity exchanges and enable targeted re-verification of suspicious accounts. Ostensibly, the party-state wants to take over the verification process from private platforms.
This text argues that China’s push toward state-control in this emerging field means that Europe should be more proactive to ensure that data-privacy approaches to ID systems stay relevant and competitive.
China Faces Obstacles to Its Roll-Out Strategy
Functionally, China’s Digital ID system acts like a new intermediary between users and platforms, verifying the identity of the former to the latter via a central state-run database. Users obtain a pseudonymous “Online Number” and an encrypted “Online Certificate” (stored on a device). Online platforms receive only a verification result rather than an ID in plaintext. Platforms like RedNote or Shein will become relying parties (RPs), giving up their own authentication process and relying on the verification results of the state-run wallet. This mechanism, referred to as “usable but not visible” (可用不可见) in the Measures, ensures that platforms get to know very little about their users, other than a verified ID status. As fewer plaintext personal data is exchanged, authorities argue, the attack surface for data leaks and fraud is minimized.
In theory, such minimum knowledge design is sound security practice. In fact, using the new IDs for authentication undeniably provides more agency over one’s data, at least as far as interactions with private platforms are concerned. At the same time – and despite MPS claims that the system lacks the ability to track users – Digital ID’s interactions are always state-resolvable and loopholes in the Measures directly undermine privacy and data confidentiality. Thus, NGOs warn, authorities have carved out an implicit yet ubiquitous real name transparency that could provide unprecedented insights into individual online behavior and lead to cross-platform surveillance and censorship.
Whether fraud prevention was always just a pretext remains to be seen. Yet, there are certainly obstacles on the way to nationwide adoption.
First, China’s recent experience with the sovereign digital currency eCNY shows that state-built solutions can struggle against incumbent platforms when they offer no new benefits. Despite continued state marketing and subsidies, uptake of the currency continues to lag behind private solutions by AliPay and WeChat Pay, which remain firmly in charge of China’s online payments. In fact, the eCNY has not left the pilot stage since 2019. China’s Digital ID system, with around 6 million active users (less than 0.5 percent of its population), may suffer a similar fate. Consequently, some officials are calling for digital IDs to become mandatory.
Second, the new Digital ID will compete in a well-established ecosystem of online verification and identification systems, including others developed by the state. Most notably (and confusingly), the Ministry of Public Security and one of its affiliates (中盾安信) built the Cyber Trust Identity (CTID). Launched in 2018, this initiative was already handling around 15 million verifications per day by 2020. The CTID and the new Digital ID even cater to similar public service use cases, such as ticket purchases. Beyond these two initiatives, China has also launched the blockchain-based system RealDID, and ministries run their own government logins. Users, public services, and companies may struggle to adapt to yet another system.
Lastly, the new ID in its current design could hamper China’s ambitious plans for its digital economy. In 2019, President Xi Jinping started talking about data as the fifth economic “factor of production.” He envisioned breaking data silos, incentivizing data sharing, and building markets for data commodification and trading – an agenda now stewarded by the new National Data Bureau. However, for platforms, China’s Digital ID moves in the opposite direction. Verifications that are “usable but not visible” mean that platforms get a “pass/fail” response without any additional plaintext information. In fact, platforms must not request plaintext identity info if the Digital ID was the basis of verification. This can give new users quasi anonymity vis-à-vis the platform, but it also limits the platform’s ability to monetize data through brokers and data markets that China seeks to activate.
Europe Focuses on Privacy-First Online Identities
Despite adoption challenges, cross-border expansion of the Digital ID along the “Digital Silk Road” is progressing. Shanghai authorities have started various pilots of cross-border digital-identity mutual recognition, including the China-Singapore-Hong Kong pilot. Malaysia, infamous for governmentdata leaks, has become an important cooperation partner in many of these efforts. Private projects, such as Zetrix, offer cross-border verification bridges for Chinese IDs and lobby for interoperability in the Asia Pacific. This momentum could soon shape regional policy: ASEAN finance ministers have recently commissioned a study on “Interoperable Digital ID as a Catalyst for Financial Inclusion,” and a regional digital-economy agreement that is currently under negotiation could give it a legal home.
Meanwhile, Brussels initiated a legislative process in May 2024 to introduce the EU-wide online identification system known as “European Digital Identity” (or under its somewhat clumsy abbreviation “EUDI”). There are noteworthy similarities and differences to China’s Digital ID (see table below) that indicate potential future contestations in the international standardization process.
They are similar in so far as adoption is voluntary and private sector methods remain viable (as of this writing). Also, they both aim to make public services more accessible and efficient. At the same time, both are thin on cross-border interoperability. China’s measures, for example, explicitly limit user enrollment to holders of identity documents recognized by its government – despite regional pilots. In addition, any provision of personal data or verification results to overseas entities requires security clearance by the MPS.
One noteworthy difference pertains to the (de)centrality of the overall system. In China’s case, the MPS provides a wallet-like app that handles ID checks for platforms against a centrally run database. The EU legislation, on the other hand, foresees a framework that only regulates – while member states are responsible for implementation. There will not be an app provided by the European Union. EUDI foresees technical standards and a certification process for third-party wallet providers and relying parties. Further, it ensures that users can oversee the disclosure of their personal information (following the principles of so-called Self-Sovereign Identities). It will be up to the member states to oversee compliance.
Recommendations for Europe and the Role of Germany
European lawmakers should consider two important implications of new online identification systems such as China’s new digital ID.
First, Germany and other EU member states should ensure tight oversight of wallet providers and, crucially, of relying parties (RPs) – such as AliExpress, TikTok, X, or Insta – that request data from wallets. Under the EUDI setup, RPs must enter national registries. However, additional certificates that encode the data they may ask for are optional – a gap that critics say enables over-identification. If vetting is weak, a platform joining as a RP could over-collect, profile users, or export data to their jurisdiction. The German government should coordinate the activities of its Federal Ministry for Digital and Transport (BMDV, the national rollout lead) with its Bundesnetzagentur (BnetzA) and Federal Office for Information Security (BSI) to ensure tight RP vetting, make registers transparent, and allow quick removal if misuse occurs.
Second, since ID wallets could soon become a techno-legal infrastructure for accessing services, signing contracts, and making payments, the European Commission should explore how to shape international interoperability between online identification systems. While the EU framework mandates interoperability inside the European Union, there is no mechanism to recognize or reject a third-country identification system. The EU should structure a pathway for cross-border identification, for example by expanding its ongoing pilots on trust services. It should test a “third-country identification” toolbox – including certification for trusted issuing entities (defining who are reliable sources of identity documents) and data-disclosure conditions (defining when and how personal identification data may be shared).
China’s Digital ID may face obstacles to domestic adoption, but its trajectory already influences regional norms for online identification. Europe cannot afford to remain reactive. By actively shaping interoperability frameworks, tightening oversight of wallet providers and relying parties, and developing a structured pathway for recognizing or rejecting third-country IDs, the EU can position itself as a standard-setter. Crucially, the European Union’s decentralized and regulatory model – in which participating states implement within a common framework – offers strategic flexibility. This design makes it easier to embed strong privacy guarantees, adapt to diverse legal contexts, and export a rights-based approach to international debates on online identity.
