Home > Resources > papers > KVRSCLT26-EUDIF-Harms

On the (Privacy) Harms of the European Digital Identity Framework (Knabenhans, Veitch, Raynal, Stadler, Chatel, Lueks, Troncoso 2026)

URL: https://eprint.iacr.org/2026/867.pdf

Summary

Uses cryptographic modeling to formally capture the information leakage inherent to the European Digital Identity Framework (EUDIF) and its applications. Introduces a harm analysis methodology using harm trees to trace how this leakage — along with design constraints and deployment context — leads to concrete harms for individuals and society. Concludes that while PETs can reduce information flows, they cannot mitigate harms that are fundamental to deploying digital identity at scale.

Related resources

• Taxonomy for Privacy-Preserving Electronic Identities (Gasser, Humbert, Elghareeb 2025) (paper, 2025)
• Secure and Privacy-Preserving Credentials for E-ID PoC (Gasser, Humbert, Elghareeb 2025) (paper, 2025)