Utah’s SEDI framework redefines trust in digital identity today while laying the groundwork for identity as critical public infrastructure in the digital economy.
Introduction
For decades, Identity and Access Management (IAM) has revolved around enterprise-issued accounts, passwords, and role-based permissions, recently augmented by federated login and single sign-on. These models improved convenience, but left enterprises managing vast amounts of user data, carrying the burden of trust, and struggling with interoperability. Utah’s State-Endorsed Digital Identity (SEDI) framework represents a decisive break. By anchoring digital identity in state-issued verifiable credentials, SEDI has the potential to disrupt IAM as we know it.
Enterprises today face familiar pain points: password fatigue, fragmented account systems, reliance on weak identifiers such as Know Your Customer (KYC), and email addresses, which are persistent vulnerabilities to phishing and credential theft. Federated login and single sign-on reduced friction, but the trust model remains fragmented, almost every enterprise issues and manages its own identities. That fragmentation complicates compliance, governance, and fraud prevention.
SEDI’s Root-of-Trust Approach
SEDI flips the model. Instead of each enterprise creating and maintaining user accounts, individuals carry verifiable credentials issued under a state trust framework. These credentials are cryptographically secure, privacy-preserving, and portable. They allow users to prove who they are, or attributes they control without disclosing more than necessary. This credential-first approach reduces enterprise burden while elevating trust and security.
Implications for Enterprises
As one of the authors for Utah’s SEDI approach, there is always the risk of overstating our own case when it comes to the overall benefits to SEDI. However, anyone who has dealt with IAM environments over the past 25 years understands a fundamental change is needed to stop the ever-growing IAM silos. In support of the need for SEDI in the U.S., one can reference the European Union and their similar efforts. The EU is moving forward with their European Digital Identity Wallet (EUDI) with a mandate that all regulated businesses will be required to accept a EUDI credential by July of 2027.
The most transformative aspect of SEDI is its potential to bridge sectors. A citizen’s credential could unlock healthcare records, enable secure banking transactions, and provide access to state services, all while maintaining privacy through pairwise identifiers and selective disclosure. Traditional IAM models stop at organizational boundaries; SEDI’s framework crosses them.
When you consider service/product delivery in every sector, it is clear that the traditional process models create duplication in trust-risk calculations before engaging with a customer. Even the best models face fraud. There are almost daily reports of identity theft and financial losses. Fragmented IAM threatens profitability and public confidence.
The shift to SEDI in all sectors comes with many exciting opportunities. Unless you’re an IAM vendor or credit bureau, establishing trust is simply a cost of doing business. Because there is no state-level trust anchor, all sectors have had to deal with the sunk costs of managing trust while trying to support our organization’s real products. If the trust relationships are solved globally, this burden lifts immediately. All sectors would stop wasting precious overhead on managing accounts and instead focus those efforts on improvements to services/products and of course profitability.
SEDI will upend current trust/risk models, benefiting those who pivot to state-endorsed roots. From a government perspective, SEDI creates stronger assurance levels to lower impersonation and theft risks. According to a GAO report(April 2025), theft is estimated in state administered unemployment insurance programs during the pandemic in the range of $100-$135 billion nationwide. While it is unrealistic to assume SEDI would have prevented all that loss, the total loss would have been lower.
Why can’t fraud drop to zero with SEDI? In any digital credential system people remain the weakest link, defrauded daily through a variety of social engineering attacks (think email phishing). However, SEDI’s framework expressly defines the need to detect obvious attacks such as key compromise, which will help keep the ecosystem safer from bad actors and the unsuspecting credential holder.
Privacy Advantages
The introduction of a government root of trust is challenged by detractors who have legitimate concerns about privacy. SEDI has been designed with a privacy first approach that prohibits technologies in the ecosystem from including capabilities that could covertly or overtly violate individual privacy. Privacy-by-design features ensure users aren’t subject to mass surveillance or cross-service tracking, balancing security and rights.
Identity as Infrastructure: A 2034 Vision
Looking forward, digital identity must be treated as critical infrastructure, like roads or water. Utah’s Economic Vision 2034 envisions secure, portable identity as the next utility. By 2034, instant identity verification will be as vital as electricity.
- The Next Utility: Digital identity underpins competitiveness, accelerating innovation when friction is removed.
- Frictionless and Secure: Decentralized identity and verifiable credentials allow employees and the public to prove identity and background instantly without enterprises storing sensitive data, which makes them a target of cybercrime.
- AI and IAM: Artificial intelligence deployments in enterprises benefit from accurate and verified data. Insights derived from inaccurate or fraudulent data are worth nothing. IAM systems leveraging SEDI credentials will detect and respond faster to IT threats.
- Why It Works: Framing identity as infrastructure elevates it from a technical function to a foundation for Utah’s long-term economic growth strategy. As all states adopt the framework of SEDI, digital reciprocity will allow individuals to better control their data.
Conclusion
SEDI represents more than a technical shift; it redefines IAM and positions identity as infrastructure for the nation’s digital future. By moving from enterprise-managed accounts to state-issued credentials, it creates a more secure, interoperable, and privacy-preserving model. As Utah approaches 2034, digital identity is set to become the state’s next great utility—enabling growth, protecting privacy, and powering the digital economy of tomorrow. Enterprises that adapt early won’t just comply; they’ll lead.