Guest article by Juan Pablo García Cairello, Digital Signature and Identification Manager at AGESIC, Uruguay; and Technical Advisor of the Electronic Certification Unit, Uruguay

In 2023, G20 leaders defined Digital Public Infrastructure (DPI) as “a set of shared, secure, and interoperable digital systems, built on open technologies, to provide equitable access to public and/or private services at a societal scale”[1]. DPI is considered an accelerator for achieving the 17 Sustainable Development Goals (SDGs) adopted by all United Nations member countries in 2015 as part of the 2030 Agenda for Sustainable Development.

The development of DPI, which is comprised of fundamental digital technologies, systems, standards, and services based on three pillars: digital identification, data interoperability, and payment methods, is a critical factor in improving people’s quality of life.

During the pandemic, many people who needed to resolve their needs in Uruguay, such as foreign property or business owners, were unable to come to the country in person. If they attempted to provide services digitally, they lacked reliable Uruguayan digital IDs or methods to validate their identity. This highlighted the need to evolve the use of digital IDs to the way traditional ones have been used for many decades. Instead of requiring a foreigner to obtain an account with a Uruguayan ID provider, they should be able to use a reliable digital ID from their country for Uruguayan digital services. Based on this situation, a plan was developed to move forward in this direction, under the concepts that govern the Digital Public Infrastructure.

The Uruguayan Digital ID Ecosystem

For several years, various digital services on the Internet have begun integrating ID providers, delegating user identification to them. Similarly, large hubs of user credentials have begun positioning themselves as digital ID providers. Today, it is possible to access Spotify, Booking, and many other digital portals and services using an account (ID) from Google, Apple, LinkedIn, or Facebook, among others. This trend simplifies and reduces risks in the digital world.

Some countries are developing unified digital ID services, some known as “single account” services, under the vision of a national digital ID system. In Uruguay and Brazil, inspired by the regulatory framework and best practices promoted by the European Union and NIST (United States), progress has been made toward a national digital ID ecosystem. This is how digital ID brokers emerged in the region, particularly ID Uruguay[2].

A digital ID broker is a platform that positions itself between digital systems and digital ID providers suitable for its ecosystem. The following diagram illustrates this situation in a simplified form:

View Diagram

A citizen who needs to access a digital service in the ecosystem chooses an ID provider through the broker, digitally identifies themselves with their provider, and returns to the service, accessing their personal information. The services delegate the digital identification (or authentication) of individuals to the providers integrated with the broker. In this way, an individual’s digital ID is unique throughout the ecosystem, as is the case with traditional IDs. Furthermore, the broker acts as a Single Sign-On, meaning it maintains the active session for all integrated services, avoiding the user having to identify themselves for each service.

In Uruguay, the broker ID Uruguay has been operating since 2018 and currently has four digital ID providers regulated by the Electronic Certification Unit (UCE)[3], which manage three levels of trust or security in digital ID[4]:

  • Basic: A user registered online, validated their account from their email, and the system performed some simple checks, but there is no guarantee that the person is who they claim to be since their identity has not been validated. When they identify with themselves digitally, they use their username and a strong password.
  • Intermediate: A user who initially registered as a basic user and validated their identity through an authorized means (in person, via video call using facial biometrics, or using a digital signature). When they identify with themselves digitally, they use their username, a strong password, and a second authentication factor.
  • Advanced: A user who registered with a provider in person and had their fingerprint biometrically validated against the public registry. The registration expires, so it must be renewed periodically. When they identify with themselves digitally, they do so use a digital certificate recognized by the National Public Key Infrastructure, using the advanced electronic signature for digital identification. This level, according to Uruguayan regulations, is considered equivalent to in-person access.

Currently, more than 190 services, portals, public agencies, and digital systems, both for citizens and for internal government management, are integrated into ID Uruguay. On average, more than 90,000 identifications were performed daily on business days (Uruguay has a population of 3.5 million). For the past year, the use of the advanced level has surpassed the basic level, achieving greater security and trust in digital identification across the entire ecosystem.

The ID Uruguay ecosystem has grown rapidly in recent years. In 2021, 6 million authentications were performed through ID Uruguay. By 2022, it had grown by more than 50%, reaching more than 9 million authentications; and in the last year (2024), 17 million digital authentications were performed. Of those 17 million, 30% used the advanced level, providing complete trust for both parties.

First integration experiences in the region

With the support of the e-Government Network in Latin America and the Caribbean (Red Gealc)[5], work began on the first pilot experiences for integrating digital IDs in the region. In 2023, ID Uruguay was integrated with Autenticar, an Argentine digital ID broker developed for this purpose, at the testing level. Work immediately began with Brazil, which has a broker with the same standards as ID Uruguay called GOV.br[6] but with a higher volume of use, 4,500 integrated digital services and 300 million accesses per month.

We experienced a process of collaboration, debate, and learning among the teams in the three countries and concluded that, if we integrated broker against broker, each broker would consider the other as a group of ID providers. A broker not only generates a national digital ID ecosystem but is also a key element that ensures the standardization of identification at the regional level. In October 2024, a historic milestone was achieved: the first digital ID integration in Latin America and the Caribbean went into production with the integration of ID Uruguay with GOV.br[7]. This allowed Brazilians to access 40 digital services in Uruguay using their trusted Brazilian digital IDs. This is just as it has been in the physical world for many decades when Brazilians come to Uruguay in person with their ID or passport to perform procedures or services but taking advantage of all the benefits of the digital world.

The experiences with Autenticar in testing and with GOV.br in production have demonstrated that the digital ID broker is a fundamental element in enabling cross-border digital ID within a “building block” framework on digital government platforms, thus advancing in a standardized way the development of the digital ID pillar in the DPI.

This co-creation process between the countries allowed not only to achieve the first case of cross-border digital ID, but also to design and validate the standard to promote cross-border digital ID throughout the region. The support of the organizations and the collaborative environment between the teams from the different countries involved were very important.

In addition to enabling cross-border digital ID, the broker generates several important advantages by developing a national digital ID ecosystem:

  • It enables the possibility of having multiple public and private digital ID providers in a country, fostering innovation and achieving greater coverage.
  • Integrating the broker with intelligent cybersecurity services allows for strengthening all digital IDs across the entire ecosystem, reducing risks, increasing efficiency, and optimizing investment in security.
  • It produces a large volume of reliable statistical information, which can be used for decision-making or the generation of open data.
  • It separates the national ecosystem from the international one and can perform the necessary data transformations and verifications between both worlds.
  • Enabling new innovative digital ID methods for use in digital services such as decentralized IDs or verifiable credentials through Open ID Connect for Verifiable Credentials (OIDC4VC)[8] would simply require integrating them into the broker.

Model for scaling in a standardized, sustainable, and secure way towards the development of digital identification as a pillar of DPI

Based on this experience, we worked with the member countries of the GEALC Network to specify a model broker. With support from the Inter-American Development Bank (IDB)[9] and the Organization of American States (OAS)[10] (since the network’s inception), and recently from the World Bank[11] and Co-Develop[12] , a project was designed and funding secured for its development. This initiative has sparked the interest of a broad community of leading global organizations involved in the development of DPIs, such as the Center for Digital Public Infrastructure (CDPI)[13] , the Digital Public Goods Alliance[14] (which aims to accredit the model broker once developed), and 50 in 5[15] , among others.

Development is currently underway, and a minimum viable product (MVP) for a digital ID broker is expected by the end of the year. This project to develop the model broker poses several challenges in the region:

  • Develop a broker MVP to begin implementations in pilot countries. These implementations represent a significant challenge in each country, which is building a national digital ID ecosystem, including a regulatory framework, infrastructure, and governance.
  • In parallel, use cases are being agreed upon, i.e., services of interest to foreigners using foreign IDs in each country. In this regard, progress is being made to include different sectors such as foreign trade, tax administration, immigration, and tourism, among others.
  • Achieve implementation of the model broker in some countries by the end of this year and integrate it with ID Uruguay and GOV.br for some relevant use cases.

Future Vision

During 2026, the broker will seek to evolve and, above all, increase the number of countries using it, generating a national digital identification ecosystem and integrating it with the rest to enable cross-border digital identification.

The integration of more secure and easy-to-use identification methods will also be sought, such as the use of verifiable credentials through OIDC4VC, or password less methods (such as FIDO2[16]), under the concept of “continuous authentication,” given that the “username and password” model created several decades ago is becoming obsolete and vulnerable to various types of attacks (phishing, leaks, brute force, dictionary, malware, etc.).

From the GEALC Network as the coordinator, with all the involved actors, once the broker is developed, work must begin on governance and continue integrating countries. To scale more sustainably to all countries in Latin America and the Caribbean, it will be necessary to evolve toward a “broker hub,” with each country joining the hub only once. It is necessary to open spaces for technical and regulatory debate to determine the governance and architecture of the hub, as well as whether a distributed or centralized model is being sought.

The model broker is being approached as a digital public good (DPG) to be used by various countries. This DPG developed by the Gealc Network can be used by countries wishing to develop a digital identification ecosystem and, through various organizations such as those mentioned above, can be taken to other continents to analyze the possibility of adopting similar ecosystems.

Impact

The most important aspect of this entire plan to achieve cross-border digital identification in Latin America and the Caribbean is to always keep in mind the desired impact. It is important to keep in mind that what we want to achieve is what has already been happening with traditional identification for decades but taking advantage of all the benefits offered by ICTs. A person from any country should be able to access a digital service from another country using a reliable digital ID from their country of origin. This simple act enables nothing more and nothing less than all digital services in the region to be provided remotely, from other countries, achieving considerable progress in the development of digital public infrastructure.

Sectors such as foreign trade, tourism, transportation, education, immigration, and tax administration would greatly facilitate access for foreigners in a secure and simple manner. In turn, people could meet their needs with services from other countries from their homes at minimal cost, in a very simple and reliable way. While there is still a long way to go, the fact that large, recognized organizations and, above all, outstanding professionals from different countries with diverse visions and capabilities have joined forces makes the journey truly easier, more enjoyable, and more attractive to address the challenge of advancing in a sustainable and standardized way the “Digital Identification” pillar of Digital Public Infrastructure in Latin America and the Caribbean.

______________________

[1] G20, UNDP: https://www.undp.org/india/press-releases/g20-digital-ministers-recognize-digital-public-infrastructure-accelerator-sdgs

[2] ID Uruguay: https://www.gub.uy/agencia-gobierno-electronico-sociedad-informacion-conocimiento/id-uruguay

[3] UCE portal: https://www.gub.uy/unidad-certificacion-electronica/

[4] Digital Identification Policy: https://www.gub.uy/unidad-certificacion-electronica/comunicacion/publicaciones/politica-identificacion-digital

[5] Red Gealc Portal: https://www.redgealc.org/

[6] GOV.br: https://sso.acesso.gov.br/

[7] First regional integration of cross-border digital IDs: https://www.gub.uy/unidad-certificacion-electronica/comunicacion/noticias

[8] OpenID for Verifiable Credentials: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html

[9] Inter-American Development Banck (IDB): https://www.iadb.org/en

[10] Organization of American States: https://www.oas.org/en/

[11] World Bank: https://www.worldbank.org/ext/en/home

[12] Co-develop: https://www.codevelop.fund/

[13] Centre for Digital Public Infraestructue: https://cdpi.dev/

[14] Digtal Public Goods Alliance: https://www.digitalpublicgoods.net/

[15] 50 in 5: https://50in5.net/

[16] FIDO Authentication, a password less version: https://fidoalliance.org/fido2/