The explosive recovery of air traffic and the pressure to maximize airport efficiency demand a rethink of how passengers are identified. IATA estimates that international traffic grew 13.6% in 2024 vs. 2023 and will continue doubling passenger volumes by 2040. But infrastructure cannot expand indefinitely — the only real solution is to drastically reduce waiting times through digital identity. In this paradigm shift, the industry is betting on “paperless” models that allow travelers to verify their eligibility before arriving at the airport, using digital credentials. Global initiatives such as IATA One ID and the use of verifiable credentials (VC) based on W3C standards aim to give every traveler a reusable digital identity under their own control.
Key insight: Traffic growth cannot be absorbed with more infrastructure → digital identity is the only real lever.
What is IATA One ID and why does it matter for aviation?
IATA defines One ID as a new global interoperable ecosystem for a contactless, seamless journey. Under this model, a passenger will “soon be ready to fly” before reaching the airport: they obtain and share permissions (visas, authorizations, etc.) with the airline in advance, and then simply present their biometric face at checkpoints. One ID rests on two key pillars: Admissibility Digitization (obtaining and verifying immigration permits digitally) and Contactless Travel (using biometrics to pass through checkpoints without showing physical documents).
For travelers, this means fewer queues and reduced risk: they can check their travel requirements (visas, vaccinations…) in advance and then move through security or immigration by showing only their face. Airlines, in turn, delegate much of the document review to digital systems, reducing inadmissible passengers and operational costs. Overall, IATA projects less terminal congestion, stronger border security, and greater data control by the passenger (who gives informed consent before sharing their credentials).
| Pillar | What it entails | Impact |
|---|---|---|
| Admissibility Digitization | Pre-validation of visas and requirements | Less friction before travel |
| Contactless Travel | Use of biometrics at checkpoints | Elimination of physical documents |
From identity verification to a reusable digital identity
Traditionally, the travel process is fragmented into stages (booking, check-in, security, immigration, boarding) that repeat similar steps and generate queues. The new model proposes the opposite: a contactless and interoperable experience, in which the passenger reuses a single verified digital identity instead of showing their passport five times. This is only possible if authorities and companies trust standardized digital credentials.
In practice, travelers would store their official documents (e.g., passport, visa, eVisas or ICAO Digital Travel Credential) in a digital wallet as verifiable credentials. With those pre-packaged credentials, the passenger can electronically prove their eligibility at each step automatically, avoiding repetitive verification. According to IATA, this architecture will allow VCs to be persistent and reusable across future trips, eliminating redundant formalities. In short, instead of a conventional check-in at each leg, the traveler arrives at systems already equipped with their authorized digital identity, minimizing airport friction.
| Traditional Model | New Model |
|---|---|
| Repeated verification | Reusable identity |
| Physical documents | Digital credentials |
| Fragmented processes | Continuous flow |
| High friction | Seamless experience |
Verifiable credentials and digital wallets in travel
W3C verifiable credentials (VC) are the technical foundation of this approach. A VC is a digital version of a physical document (passport, visa, boarding pass, vaccination certificate, etc.) that contains the main claims (holder attributes) and is cryptographically signed by the issuer. These credentials are stored in a digital wallet controlled by the passenger. When presenting them, the traveler can share only the necessary attributes (e.g., date of birth or visa validity), proving their authenticity and integrity without revealing extra information.
This mechanism offers greater security: the data is verifiable (cannot be forged) and respects user privacy through techniques like selective disclosure. IATA promotes an “open trust framework” based on the W3C VC model, facilitating global interoperability. In this open scheme, no prior relationship between issuer and verifier is required: any airline or authority can trust a credential as long as it recognizes the signature and the standard.
The digital wallet acts as the center of identity control: the user requests credentials from trusted issuers (governments, airlines, banks, etc.) and presents them when required by travel services (airlines, security, customs). In summary, wallets and VCs allow the passenger to manage their documents securely and “spend” only the minimum necessary information at each checkpoint, optimizing both the experience and data protection.
The challenge of cross-border interoperability
The dream of paperless travel will only become reality if systems work across countries. IATA insists that a global, open trust framework must exist in which airlines, airports, governments, and providers share standards. However, as KuppingerCole warns, in the absence of a global authority equivalent to ICAO (for physical passports), achieving international adoption of digital credentials remains a challenge.
Each region is advancing on its own: in practice there are initiatives like SITA’s open digital ecosystem — which connects airlines, airports, and governments without direct integrations — or India’s DigiYatra program, which already issues VC credentials linked to electronic tickets for domestic travel. These examples show progress is possible, but also underscore the need for agreed standards. Without common technical and governance norms, incompatible systems will proliferate. Meanwhile, regulatory initiatives like eIDAS 2.0 aim to at least standardize the European context and serve as a model for harmonizing rules in other regions.
eIDAS 2.0 and global regulatory harmonization
Europe has positioned itself at the forefront of digital identity. The eIDAS 2.0 regulation introduces the EU Digital Identity Wallet (EUDI Wallet) and requires all Member States to recognize it for online services, including those related to travel. In practice, this means a European citizen will be able to present their digital credentials (ePassport, digital visas, vaccination certificates, etc.) in any Member State without additional formalities.
Although digital travel credentials are not yet mandatory under the regulation, the European Commission considers them a key use case for the digital wallet. Thus, eIDAS 2.0 establishes a harmonized framework that accelerates interoperability within Europe. However, global adoption of this model is still in its early stages. While the EU drives common acceptance (even requiring cross-border validation of wallets), the absence of a similar scheme in other regions means that, for now, digital travel will be smoother between eIDAS-aligned countries than in broader international contexts. The long-term goal is for other countries to adopt similar standards (or align with ICAO) so that digital identity becomes as universal as the physical passport.
Key challenges: privacy, infrastructure, and adoption
Data privacy: current projects must ensure the passenger retains control over their information. IATA stresses that travelers must give informed consent for each credential shared. European data protection authorities (EDPB) insist on applying “privacy by design”: storing biometric templates under passenger control, using data minimization, and retaining information for the minimum necessary time. In practice, One ID systems must incorporate independent security audits and strictly comply with GDPR.
- Technology infrastructure: new, flexible systems are required. For example, biometric use at borders must support different models (1:1 verification or 1:N identification depending on local regulation). Normative data sources (such as TIMATIC for visas) must also be connected to digital check-in platforms. Many specifications are still in development: IATA currently has alpha schemas for passport, visa, and digital visas, but these do not fully support advanced cryptographic features (selective disclosure or zero-knowledge proofs). Technical standards will need to continue expanding for VCs to be reliably shared and verified between any travel actor.
- User and industry adoption: acceptance will depend on the experience. According to KuppingerCole, without simple interfaces and transparency, passengers will distrust a digitized system. Pilot solutions show that usability is key: systems must incorporate clear consent, understandable messages, and auditable processes. Airlines and airports must also be willing to collaborate with global entities (IATA, ICAO, ETSI) to harmonize standards. Without that willingness, fragmented solutions will continue to coexist. Finally, regulatory uncertainty (changes in EES, ETIAS, national frameworks) requires designing platforms adaptable to regulatory evolution, minimizing legal risk.
How should airlines and other stakeholders prepare?
In this context, airlines, airports, and authorities must get ahead of the transition. In practice this means aligning with IATA recommendations and emerging regulations. For example, adopting the verifiable credentials model today: providing passengers with VCs for e-passport or e-visas with a compatible digital wallet (e.g., integrating a solution like Teseo ID Wallet). It is also crucial to participate in industry working groups (e.g., IATA’s Customer Experience & Facilitation WG) to influence standards and ensure future compatibility.
From an operational standpoint, companies must plan a flexible architecture: integrate biometrics at checkpoints, connect to sectoral One ID directories (Contactless Travel Directory) to validate identities, and link with government immigration databases.
Regulatorily, those operating in Europe must prepare for eIDAS 2.0: for example, ensuring their systems accept certified digital wallets and consulting requirements in community resources. It is also advisable to foster a “privacy-first” culture: design enrollment and verification processes that request only essential attributes, maintain consent records, and apply end-to-end encryption. This is not only a legal requirement (GDPR), but also a trust factor for passengers.
In summary, airlines and their technology providers should: (1) invest in multibiometric identity platforms and digital wallets; (2) collaborate with industry partners for proof-of-concept projects (fully digital projects with several interconnected credentials already exist); and (3) educate teams on new regulations and standards (eIDAS 2.0, ICAO DTC, W3C VC). Only then will they be ready to embrace this new paradigm: one in which reusable digital identity enables seamless air travel fully compliant with current regulations.
Discover how to enable reusable digital identity in the aviation sectorFrequently Asked Questions
There is no single threshold, but the mandatory starting point is having biometric infrastructure at checkpoints (boarding, check-in) and an API connection to IATA’s Contactless Travel Directory. Airlines already operating with modern DCS (Departure Control System) systems have an advantage, as the integration of digital wallets and VCs can be done in layers. The greatest cost is not hardware but process adaptation and team training.
One ID connects with sources like TIMATIC to automatically validate admissibility requirements before the flight. This reduces the airline’s operational responsibility in manual verification, but does not eliminate it: the airline remains responsible to the border authority if it boards an inadmissible passenger. The key is that systems must be updated in real time as regulations change (EES, ETIAS), requiring decoupled architectures and active maintenance contracts with providers.
Yes, and this is the recommended approach. Models like DigiYatra (India) or SITA pilots demonstrate that deployment on specific routes or markets is possible before scaling. A practical strategy: start with VCs for boarding passes and loyalty data (lower regulatory friction), validate the user experience, and then scale toward official travel documents when the local regulatory framework permits it.
The main ones are three: (1) legal basis for processing — consent must be explicit and informed for each biometric use; (2) minimization and retention — biometric templates cannot be kept beyond the time strictly necessary for the operation; and (3) international transfers — particularly problematic on routes to destinations without an adequacy decision. Non-compliance can result in fines of up to 4% of global turnover. The operational recommendation is a privacy audit before any large-scale biometric deployment.