DID Market Hit $6.64B But Where Are the Actual Users? Regulatory Reality Check

General
1

The decentralized identity market just crossed $6.64 billion in 2026—up from $3.49 billion last year. That’s 90% growth in twelve months. Governments are mandating digital identity wallets. Over 1,181 public entities across 105 countries are involved in DID projects. Corporate players like PwC Italy and Dentsu are building verifiable-credential infrastructure.

But here’s the question no one seems to be asking at these conferences: who are the actual users?

The Regulatory Push Is Real

Let me be clear—the regulatory drivers are legitimate. The EU Digital Identity Framework requires every member state to issue digital identity wallets to individuals and businesses by 2026. That deadline is now. eIDAS 2.0 isn’t a pilot program anymore; it’s active regulation with real compliance requirements.

I’ve spent the past six months advising clients on eIDAS alignment, and the corporate interest is genuine. Financial institutions see reusable KYC credentials as a way to cut compliance costs while reducing onboarding friction. Healthcare systems want patient-controlled records with verifiable clinical credentials. Cross-border services need portable identity that works across jurisdictions.

These are real use cases solving real problems. But they’re all B2B and B2G—business-to-business and business-to-government implementations.

The Consumer Adoption Gap

Where are the everyday users? Beyond crypto enthusiasts managing their own keys and privacy advocates running nodes, I’m not seeing widespread consumer adoption.

The market reports cite 3,600+ businesses exploring decentralized identity. But “exploring” doesn’t mean “deploying to end users.” Most of these projects are:

  • Enterprise credential systems for employees
  • Government digital ID programs (where adoption is mandatory, not voluntary)
  • Regulated industry compliance tools (finance, healthcare)
  • Academic institutions piloting verifiable diplomas

These are valuable applications. But they’re fundamentally different from the self-sovereign identity vision where individuals control their own credentials with cryptographic keys and choose what to share.

The UX Problem No One Wants to Discuss

Here’s the uncomfortable truth: key management is a disaster for regular users.

If you lose your seed phrase, your identity is irrecoverable. There’s no “forgot password” link. No customer service helpline. No government ID office where you can get a replacement.

I’ve reviewed dozens of DID implementations, and the solutions all involve trade-offs:

  • Social recovery: You trust friends to help recover your keys (reintroduces human trust)
  • Custodial wallets: A company holds your keys (defeats self-sovereignty)
  • Multi-sig arrangements: Complex UX that confuses non-technical users
  • Hardware tokens: Additional cost and physical loss risk

Every solution either compromises self-sovereignty or creates UX friction that kills adoption.

Regulatory Compliance Remains Unclear

From a legal perspective, it’s still not clear how decentralized identity fits into existing frameworks. How does a DID system comply with GDPR’s “right to be forgotten” if credentials are immutably recorded on a blockchain? Who is the “data controller” when users self-manage credentials? What happens when a verifiable credential contains false information—who has liability?

Privacy laws like GDPR and CCPA continue to evolve. I’m working with clients who want to implement DIDs but can’t get clear answers from regulators about compliance requirements. That uncertainty freezes enterprise adoption outside of government-mandated pilots.

The Real Question: Is This Adoption or Hype?

So back to my original question: a $6.64 billion market with 90% annual growth sounds impressive. But is that genuine adoption, or is it:

  • VC funding for startups that haven’t achieved product-market fit?
  • Government pilot programs with mandatory participation?
  • Corporate compliance theater to appear innovative?
  • Market projections based on potential rather than actual users?

I want decentralized identity to succeed. Legal clarity unlocks institutional capital, and compliance enables innovation. But we need to be honest about where we are versus where the hype suggests we should be.

The infrastructure is being built. The regulations are being written. The market size is growing.

But I’m still waiting to see evidence of voluntary consumer adoption beyond crypto Twitter.

Am I being too skeptical? Are there consumer DID use cases I’m missing? Or is this market growth entirely driven by enterprise/government mandates with no grassroots demand?

Would love to hear perspectives from folks actually shipping DID products to real users.

2

Rachel, you’ve nailed the core issue, but I want to dig deeper into why key management is fundamentally broken for decentralized identity—not just hard, but architecturally incompatible with consumer behavior.

The Irrecoverable Account Problem

From a security standpoint, DIDs have the same failure mode as cryptocurrency wallets: lose your keys, lose everything. Except it’s worse for identity.

With crypto, you lose access to funds. With DIDs, you lose your:

  • Medical records
  • Educational credentials
  • Professional certifications
  • Government-issued digital ID
  • Employment history

You can’t just “create a new identity” the way you create a new crypto wallet. Your identity is the credentials bound to those keys.

I’ve analyzed dozens of credential recovery mechanisms, and every single one introduces a security-sovereignty trade-off:

Social Recovery (à la Argent wallet): You designate trusted contacts who can help recover your account through multi-sig approval. Sounds good until you realize:

  • You’re trusting humans with irrevocable power over your identity
  • Social engineering attacks now target your “guardians”
  • If guardians lose access, the recovery system fails
  • Complex UX that confuses non-technical users

Custodial Solutions: Companies hold your keys in escrow or use key-sharding. This defeats the entire point of self-sovereign identity. You’ve just recreated the centralized identity problem with extra cryptographic steps.

Hardware Tokens: YubiKeys and similar devices reduce key exposure but introduce physical loss/theft risk. Plus they cost money and require technical setup that excludes many users.

The Password Manager Analogy Should Terrify Us

Here’s the comparison that keeps me up at night: password managers are objectively superior to human-memorized passwords in every security metric. They’ve been battle-tested for over a decade. Major companies give them away for free.

Adoption rate? Still under 25% of internet users.

Why? Because people don’t want to:

  • Learn new workflows
  • Trust a single point of failure
  • Pay for something they think should be free
  • Deal with master password recovery complexity

If we can’t get people to adopt password managers—which have clear UX benefits and reversible failure modes—how will we get them to adopt DIDs where account loss is permanent and the UX is objectively worse?

Centralized Identity Isn’t Going Anywhere

The harsh reality: Google/Apple/Microsoft have solved key recovery through centralized account systems with:

  • Email/SMS recovery flows
  • Security questions
  • Customer support that can verify identity through alternative means

Users like this system. It’s forgiving. It matches human behavior patterns (we forget things, lose devices, make mistakes).

Decentralized identity demands we change human behavior to match cryptographic requirements. That’s backwards.

The Only Path Forward I See

If DIDs are going to work beyond enterprise mandates, we need:

  1. Hybrid models where institutions (governments, universities, employers) act as credential issuers AND recovery authorities. Not fully self-sovereign, but practical.

  2. Tiered security where high-value credentials (medical, government ID) use stronger—but more complex—key management, while low-value credentials (forum accounts, newsletter signups) use easier recovery.

  3. Transparent trade-offs where users consciously choose between “unrecoverable but truly yours” vs. “recoverable but partially custodial” rather than pretending we can have both.

The market growth Rachel cited? It’s being driven by institutions building mandatory systems. Until we solve key management for average users, consumer adoption will remain a fantasy.

:locked:

3

Okay, both of you are hitting on the technical and regulatory challenges, but let me ask the uncomfortable business question that VCs don’t want to discuss:

Who actually makes money from DIDs, and how?

The $6.64B Market That Doesn’t Make Sense

Rachel mentioned the market hit $6.64B in 2026. But that number is market size projections, not revenue. It includes:

  • VC funding rounds for pre-revenue startups
  • Government pilot budgets (which disappear after pilots)
  • Consulting fees for compliance advising
  • “Market opportunity” calculations based on total addressable market assumptions

I’ve been through 3 startups. I know the difference between “market size” and “sustainable business model.”

The Identity Provider Dilemma

Here’s the problem: reusable credentials destroy the identity verification business model.

Right now, identity verification is a recurring revenue business:

  • You verify with your bank (they pay Jumio/Onfido)
  • You verify with your brokerage (they pay again)
  • You verify with your crypto exchange (they pay again)
  • You verify for international remittance (they pay again)

Same customer, same identity documents, same verification process—4x revenue for the identity provider.

With DIDs and reusable credentials:

  • You verify once
  • Store verifiable credential in your wallet
  • Present it to every service that needs it
  • Identity provider gets paid once for verification that’s used 10x

Why would identity providers cannibalize their recurring revenue business? They won’t. They’ll delay, obstruct, and build “proprietary standards” that aren’t interoperable.

The Chicken-and-Egg Death Spiral

Sophia mentioned password manager adoption at 25%. Here’s what’s worse for DIDs:

  • Users won’t adopt until there are enough services accepting DID credentials
  • Services won’t integrate until there’s a critical mass of users with DID wallets
  • Identity providers won’t issue verifiable credentials until both users and services exist

Classic two-sided marketplace problem, except worse because the legacy system (centralized identity) works fine for most use cases.

I can sign up for Netflix with my Google account in 8 seconds. Why would Netflix or Google voluntarily replace that with a DID system that costs more, requires user education, and solves a problem their users don’t know they have?

Where’s The Actual Revenue?

The only profitable DID use cases I’ve seen are:

1. Enterprise B2B compliance - Companies pay for systems to manage employee credentials, contractor access, supply chain verification. This works because IT departments have budgets and compliance mandates.

2. Government-mandated systems - EU’s eIDAS 2.0 forces member states to build DID infrastructure. But that’s taxpayer-funded, not market-driven.

3. High-value credential issuance - Universities charging alumni to issue verifiable diplomas. But volume is tiny.

None of these are consumer businesses. They’re enterprise and government mandates.

B2C Is DOA Without Subsidy

For consumer DIDs to work, someone has to pay for:

  • Wallet development and maintenance
  • Key recovery infrastructure (if we solve that)
  • Customer support (ironic for “self-sovereign” identity)
  • Marketing to educate users on why they need this

Who pays? Users won’t (they get identity for free now). Services won’t (they have working systems). Identity providers won’t (it cuts their revenue).

So it’s VC-subsidized until the money runs out, just like food delivery apps and scooter rentals.

The Honest Assessment

Rachel asked if she’s being too skeptical. I don’t think so. I think the DID industry is selling a solution to a problem that:

  • Enterprises have (credential management at scale)
  • Governments need (digital ID for citizens)
  • Consumers don’t care about (until there’s a massive data breach affecting them personally)

That $6.64B market? It’s not “consumer adoption”—it’s enterprise software sales and government contracts.

Which is fine! Enterprise SaaS is a great business. But let’s be honest about what we’re building instead of pretending mass consumer adoption is around the corner.

Am I missing something? Is there a viable B2C business model for DIDs that doesn’t rely on government mandates or VC funding?

4

Oh man, this thread is hitting close to home. I literally tried to integrate DIDs into our DApp last quarter and… yeah, it did not go well. Let me share what actually happened.

The Developer Experience Is Rough

So our product lead was super excited about “self-sovereign identity” and “user-controlled credentials.” Sounded great in theory! I dove into the specs thinking it would be like integrating OAuth.

It was not like integrating OAuth.

Here’s what I encountered:

1. Which DID method do we support?

  • did:ethr (Ethereum-based)
  • did:web (web-based, centralized)
  • did:key (purely cryptographic, no ledger)
  • did:ion (Bitcoin-anchored)
  • did:pkh (based on blockchain account)

Each method has different resolution mechanisms, different security properties, different recovery options. We had to pick one, which meant excluding users with wallets supporting other methods.

2. Verifiable Credentials are a spec, not a product

The W3C Verifiable Credentials spec is like… 50 pages of abstract data models. Which is fine for a standard! But as a developer, I need:

  • Working libraries (most are half-maintained)
  • Clear integration examples (sparse)
  • Wallet compatibility (fragmented)
  • Revocation infrastructure (mostly theoretical)

3. The wallet compatibility nightmare

We wanted users to store credentials in a wallet. Cool, which wallet?

  • MetaMask doesn’t natively support VCs
  • Most crypto wallets are focused on tokens, not identity
  • Dedicated identity wallets (Dock, Trinsic) have tiny user bases
  • Enterprise wallets (Microsoft Entra) are enterprise-only

We couldn’t find a wallet with >1M users that fully supported DIDs + VCs.

Compare This to “Sign in with Google”

You know what the “Sign in with Google” integration looks like?

import { GoogleLogin } from '@react-oauth/google';

<GoogleLogin
  onSuccess={credentialResponse => {
    console.log(credentialResponse);
  }}
/>

Done. Works on every browser, every device. Users are already logged into Google. Zero friction.

DID integration? Multi-week spike involving cryptographic key management, wallet connection flows, credential verification, schema validation, and error handling for like 15 edge cases.

I Still Think It’s Worth It (Eventually)

Here’s the thing though—I’m not giving up on DIDs. I just think we’re way earlier than the market hype suggests.

Sophia’s right that key management is broken for consumers. Steve’s right that the business model is unclear. But Rachel’s also right that the regulatory push is real and infrastructure is being built.

I see this playing out like HTTPS adoption:

  • Started with enterprise and high-security use cases (banking, government)
  • Took like 15 years to become default for all websites
  • Required browsers, CAs, and standards bodies to coordinate
  • Eventually became invisible infrastructure users don’t think about

DIDs might follow a similar path: enterprise/government first (5-10 years), then gradual consumer adoption as wallets become standard in OS/browsers (10-20 years), then eventual invisibility where users don’t even know they’re using DIDs.

But we’re in year 3 of that journey, not year 15.

What I Wish Existed

If I could wave a magic wand, here’s what would actually help developers integrate DIDs:

  1. Browser-native DID support - like how browsers manage passwords and autofill
  2. OS-level identity wallets - Apple Wallet and Google Pay already exist, add DID/VC support
  3. Standardized recovery flows - with clear security vs. convenience trade-offs
  4. Real wallet interoperability - not 47 competing standards
  5. Drop-in libraries - as easy as Stripe or Auth0

Until then, DIDs remain a “nice to have” for developers who can’t justify the integration cost versus “Sign in with Google/Apple/GitHub.”

Anyone else tried integrating DIDs recently? Am I doing it wrong, or is it genuinely this fragmented?

5

This is such a valuable discussion. Everyone’s hitting on critical pain points, but I want to shift the lens slightly: where do DIDs create genuine value that justifies the complexity?

As someone who moved from environmental advocacy to tech, I’m allergic to “solutions looking for problems.” I’ve seen too many technologies get hyped without asking whether they actually improve people’s lives.

Real Problems DIDs Could Solve

Let me distinguish between “market size” and “meaningful impact”:

Refugee and displaced persons credentials
When you flee a country, you often can’t bring physical documents proving your education, work history, or professional certifications. DIDs could enable:

  • Verifiable educational credentials that survive border crossings
  • Professional certifications that work internationally
  • Identity that doesn’t depend on a specific nation-state

This is a real problem affecting tens of millions of people. The market size is small (refugees aren’t high-value customers), but the impact is enormous.

Healthcare data portability
Medical records are fragmented across providers, insurance companies, and national borders. Patient-controlled verifiable credentials could:

  • Enable emergency care anywhere with accurate medical history
  • Reduce duplicate tests and procedures
  • Give patients genuine control over who accesses their data

The EU’s data portability regulations create real demand here, not just hype.

Land rights and property ownership
In countries with weak property rights systems, blockchain-based land registries with verifiable ownership credentials could:

  • Prevent corrupt officials from seizing property
  • Enable property to serve as collateral for loans
  • Provide legal evidence of ownership across regime changes

This is where “immutable records” genuinely matters.

The Uncomfortable Question: Do These Use Cases Need Blockchain?

Here’s where I get skeptical: many DID pitches describe problems that could be solved with:

  • Better APIs between existing systems
  • Open standards for data exchange (like FHIR for healthcare)
  • Political will to create interoperability

Do we need blockchain for verifiable diplomas? Or do we need universities to issue digital certificates with cryptographic signatures (which doesn’t require distributed ledgers)?

Steve’s right that “reusable credentials” don’t require blockchain—they just require issuers to sign credentials and verifiers to check signatures. The “decentralized” part mostly matters when you don’t trust a central authority.

Where DIDs Make Sense vs. Where They’re Forced

DIDs genuinely help when:

  • Central authorities are untrustworthy (authoritarian governments, corrupt officials)
  • Cross-border portability is critical (refugees, international professionals)
  • Long-term immutability matters more than convenience (land rights, critical medical data)

DIDs are probably overkill for:

  • Forum account logins (centralized systems work fine)
  • Newsletter signups (who cares about self-sovereignty here?)
  • Most e-commerce (you already trust Amazon/Shopify)

The $6.64B Reality Check

Rachel asked whether the market growth is adoption or hype. Based on what everyone’s shared here:

  • Hype component: VC funding, government pilots, consulting fees for systems that won’t scale
  • Real component: Enterprise credential management, regulated industries with compliance mandates
  • Missing component: Consumer demand driving grassroots adoption

The market size is real, but it’s measuring infrastructure investment and government mandates, not voluntary user adoption.

What Would Change My Mind

I’d be convinced consumer DIDs are ready for primetime if I saw:

  1. Actual users (not pilots) choosing DIDs over traditional logins when given a free choice
  2. Services integrating DIDs because users demanded it, not because of grants
  3. Recovery solutions that regular people can use without losing access
  4. Business models that don’t require permanent VC subsidy or government mandates

Until then, I think DIDs are:

  • Valuable for specific high-impact use cases (refugees, healthcare, land rights)
  • Useful for enterprise credential management
  • Overhyped for general consumer adoption

The question isn’t “will DIDs succeed?” It’s “which specific problems genuinely need decentralized identity versus which ones are just following hype?”

Let’s focus on the former and stop pretending every login needs blockchain.