Financial
WHY THE MIDDLE EAST’S DIGITAL IDENTITY INFRASTRUCTURE NEEDS A DEEPER TRUST LAYER
Stefan Deiss, CEO and Co-Founder, The Hashgraph Group
The Middle East has moved faster on digital identity than almost any other region in the world. The UAE Pass now connects residents to more than 5,000 government and private services. Saudi Arabia’s Absher platform has issued over 28 million unified digital IDs. Dubai has gone fully paperless across 45 government entities.
But these systems were built for a world where the main challenge was convenience: getting citizens online, reducing paperwork, speeding up access to services. The threats they were designed to handle were stolen passwords, forged documents and basic impersonation.
What they were not built for is an environment where artificial intelligence can generate a convincing human face in seconds, clone a voice from a few minutes of audio, and inject a synthetic video feed into a verification check in real time.
What distributed ledger technology actually adds
Most digital identity systems today are centralised. Your credentials sit in a government or enterprise database, and every time your identity needs to be checked, the system queries that database. Sometimes that means scanning your face against a stored biometric template. Sometimes it means pulling up your document records and cross-referencing them. Either way, the process depends on one central store of information being secure, accurate and available.
The model works until it doesn’t. A single database holding millions of identities is a high-value target. An attacker who gets in does not compromise one person. They compromise everyone. And the tools available to attackers are improving fast.
The GCC fraud detection market has reached $1.2 billion. Deepfake attacks on identity systems are surging globally. In May, the Saudi Data and Artificial Intelligence Authority published updated deepfake guidelines that explicitly recommend blockchain-based provenance systems to establish traceable records of original content. The guidelines identify identity impersonation through cloned voices and facial simulations as a major risk, and single out finance, politics and identity verification as sectors requiring priority monitoring.
This is the context in which distributed ledger technology becomes relevant. Decentralised identity flips the conventional model. Instead of credentials sitting in someone else’s database, you hold them yourself, in a digital wallet on your device. When you need to prove something, you present only the specific credential required. The verification is recorded on a distributed ledger, a shared record maintained across a network of independent computers rather than controlled by any single organisation. Nobody owns it, can alter it, and shut it down.
Then there are zero-knowledge proofs. This is a way of proving something is true without revealing the underlying information. You could prove you are over 18 without showing your date of birth. You could prove you hold a valid professional licence without disclosing your name or address. The verifier gets the confirmation they need. You keep everything else private.
There is no single database to breach. The individual controls what information is shared and with whom. And every verification event is recorded permanently, creating an audit trail that regulators, enterprises and individuals can each trust independently.
In Sharjah, decentralised identity infrastructure has been integrated across a smart city ecosystem, making it one of the first urban environments in the world where residents, buildings and services interact through digital credentials rather than centralised databases.
The physical presence problem
There is a further gap that even well-designed digital identity systems do not currently address: physical presence.
Identity verification today confirms who someone claims to be remotely. It checks documents, runs facial recognition, performs biometric matching. What it cannot confirm is that a real human being is actually sitting in front of the screen. A synthetic face, a cloned voice and an injected video feed can sail through remote checks that were designed for an era when faking a human was genuinely difficult. That era is over.
The technology to close this gap exists. Ultra-wideband radar, the same short-range spatial sensing found in consumer devices, can detect physical presence with sub-10-centimetre accuracy. It can pick up vital signs such as breathing and heartbeat as a liveness check. When that presence event is cryptographically bound to a decentralised identity credential and recorded on a distributed ledger, the result is a tamperproof record proving a specific individual was physically present at a given location at a given time, verifiable by any authorised party without exposing personal data.
The applications stretch across sectors. In transport, a traveller approaching a gate at an airport or train station could be verified instantly: identity confirmed, physical presence proven, the event recorded permanently. The same logic applies to stadiums, conferences, concert venues and any gated environment where ticket fraud is a problem.
Why the Middle East is the right place for this conversation
The UAE government has announced its intention to transition 50 per cent of federal sectors and services to agentic AI within two years. When AI agents begin autonomously processing licences, permits, compliance checks and cross-border transactions, the question of who authorised what, and whether a human was genuinely involved at the point of decision, becomes critical. Without a verifiable link between a physical person and a digital action, agentic AI systems become vulnerable to impersonation at a scale that manual fraud teams cannot monitor.
The region also has structural advantages that most other markets do not. Governments in the Gulf are bringing policy, investment and technology deployment together under unified national strategies. Saudi Arabia’s Vision 2030, the UAE’s digital economy strategy targeting 20 per cent of non-oil GDP by 2030, and the broader push toward smart city infrastructure all create an environment where new identity infrastructure can move from concept to deployment far faster than in markets weighed down by legacy systems and fragmented regulation.
What comes next
The digital identity systems the Middle East has built over the past decade are genuine achievements. But they were designed for a world where the person on the other end of a verification check was assumed to be real. That assumption is becoming less reliable every quarter.
The next generation of identity infrastructure needs to do three things. It needs to remove single points of compromise by decentralising how credentials are stored and verified. It needs to give individuals control over their own data through zero-knowledge proofs and selective disclosure. And it needs to prove physical presence at the moment of verification, closing the gap that synthetic media is already exploiting.
About the Author:
Stefan Deiss is Co-Founder and CEO of The Hashgraph Group (THG), a Swiss-based Web3 and AI technology engineering company specialising in enterprise solutions built on the Hedera network.
Stefan brings over two decades of experience in technology and business transformation. He spent 11 years at Orange Business Services before moving to Zurich Insurance Group, and went on to found his own consulting firm in 2013. In 2016, he co-founded The Hashgraph Group, which today operates globally with offices across Switzerland, Abu Dhabi, Hong Kong, and beyond.
Under his leadership, THG has developed a suite of enterprise products including TrackTrace for EU Digital Product Passport compliance, IDTrust for decentralised digital identity, and EcoGuard for sustainability and carbon markets. He is also co-inventor of CITI (Continuous Identity Trust Infrastructure), a patent-pending cryptographic framework that binds physical presence to digital identity.