Paola Markart
Apr 30, 2025
Each month, we interview a leading personality in the identity industry to explore the latest trends, innovations and insights. This time, we spoke with Lukas Han, Senior Software Engineer at Hopae, to discuss the future of digital identity.
As businesses increasingly operate across borders and adopt more digital tools, identity verification has become both a technical challenge and a strategic advantage. In this Interview Lukas shares how mobile driver’s licenses (mDLs), decentralized identity (DID) and privacy-first innovations are paving the way for global interoperability and trust.
Lukas, can you tell us about your background, what you do now and what led you to work in the digital identity space?
I originally joined Hopae as a backend developer, working on user management and login solutions for our SaaS clients. But the deeper we got into digital identity, the more I realized its potential — especially through decentralized identity, or DID. My first major project in this space was contributing to the SD-JWT initiative, which is part of the Open Wallet Foundation. One of the outcomes of that project is our open source library, SD-JWT-JS, a module for wallet development, which has now surpassed 2.9 million downloads on NPM.
Line chart showing total NPM downloads since April 2024
This project opened my eyes to the broader impact of digital identity infrastructure, especially in Europe with initiatives like eIDAS 2.0 and helped me understand how vital trust frameworks and interoperability are, especially if we want identity systems to work across borders and industries.
Connecting the dots: How mDLs fit into the decentralized identity ecosystem
How do mobile driver’s licenses (mDLs) and decentralized identifiers (DIDs) differ, and how can they complement each other in building a global digital identity ecosystem?
mDLs, or mobile driver’s licenses, are part of a broader effort to digitize and standardize credentials like eIDs and licenses. While they aren’t strictly decentralized in nature, they align with many of the same goals as decentralized identity systems: interoperability, user control and trust through verifiable credentials.
DIDs, by contrast are designed to function independently of any central issuer. They store verification materials in public registries or ledgers, so anyone can validate credentials independently. mDLs, on the other hand, are structured and regulated by governments, but they contribute to the same digital identity ecosystem by offering verifiable credentials that can in theory work across jurisdictions.
So while mDLs and DIDs serve slightly different roles, together they can help businesses and institutions build systems that are both user-centric and scalable globally.
We know that mobile driver’s licenses (mDLs) are becoming a major part of digital identity systems. Can you walk us through the ISO 18013 standards — particularly ISO 18013-5 and ISO 18013-7 — and explain why they’re so important for businesses looking to offer secure, interoperable identity verification both in-person and remotely?
The ISO 18013 standards define how mobile driver’s licenses work. ISO 18013-5 focuses on short-range communication, like showing your ID to a police officer or at airport security. It defines the structure of the data and how it’s securely transferred from your phone to another device nearby.
ISO 18013-7, on the other hand, is about remote verification over the internet — a game changer for businesses. Think car rentals, hotel check-ins or age verification for digital services. This standard enables people to use their government-issued credentials from anywhere in the world, in a secure and privacy-respecting way.
Overview of the ISO 18013 standard
These standards matter because they lay the foundation for interoperable digital identity and businesses don’t have to build different systems for each country’s eID but rather they can rely on these global standards.
So, when it comes to these mDL standards how do you see them shaping the future of identity verification from a business perspective?
The potential here is huge. I’m thinking fintech, car rentals, travel — really, any industry that needs to verify customer identities seamlessly across borders.
If we achieve broad adoption of mDLs and the supporting standards, companies will only need to integrate one verification system to work with credentials issued worldwide. That’s a big deal. It reduces, administrative burden improves user experience and helps companies stay compliant with regional privacy laws.
"No business wants to accidentally overshare customer data or risk a data leak. That’s why the standards we’re building for verification should rely on trust and privacy”
Trust & privacy have become a huge talking point around digital credentials. What are some of the biggest privacy challenges you see with mDLs, and how are zmDLs helping to address them?
The biggest challenge is that while credentials are standardized, verification isn’t. A business in Italy might not be able to verify a license from Korea because they don’t have access to the issuer’s trust information. That gap creates both interoperability and privacy risks. Plus, sharing too much data — like your full name when only your age is needed — increases exposure.
This is where standards like zmDLs (zero-knowledge mobile driver’s licenses) and SD-JWTs (Selective Disclosure JSON Web Tokens) come into play. zmDLs apply zero-knowledge proofs to enable minimal disclosure — allowing users to prove specific facts (like being over 18) without revealing any additional personal information. Similarly, SD-JWTs support selective disclosure by letting users share only the parts of their credential that are required for a given interaction, while keeping everything else cryptographically hidden.
From a business perspective, that’s critical. It helps companies comply with privacy laws like GDPR, reduces liability, and builds user trust.
The road ahead: Building scalable IDV solutions for global use
Looking ahead, what’s your personal mission for the future of digital identity — and what major use cases do you see for business and industries?
My mission is to make digital identity technologies more accessible and developer-friendly. Standards are hard to read and even harder to implement. I want to simplify that so more developers and businesses can join the ecosystem without needing years of specialized knowledge.
In terms of use cases, I see the biggest opportunities in:
Travel & air mobility: Seamless check-ins and borderless identity checks
Global e-commerce & fintech: Onboarding users quickly, securely, and compliantly
Mobility services: Car rentals and ride shares that rely on verified licenses
Online platforms: Age or identity verification on apps like dating, marketplaces or even social media
Ultimately, this is about creating solutions where people can verify who they are without giving away too much and businesses can trust that data without building a new system every time.
