Wrappers, Not Records
The World Bank has standardised the digital wallet. Its record names the person a credential describes, and has no field for the person a decision is about.
There is a pairing buried in the World Bankโs new digital wallet series that deserves to be read twice. On one side, the issuer of a credential โguarantees the accuracy of the information included.โ On the other, the burden of disputing that record falls on the person it describes: at the highest assurance level the signature carries โa presumption of legal validity,โ and at every level below it โthe burden of proof shifts to the party contesting the signature.โ Together they are the liability design of the coming identity layer: the institution warrants the record, and however the assurance dial is set, the person the record binds carries the burden of proving it wrong.
This is not a hostile reading of an obscure annex. The 2026 Digital Wallet Policy Note Series, from the Bankโs Digital and AI Vice Presidency under the DPI Trust Fund, is the most invested attempt yet to standardise how governments should build, certify, and govern wallet-based identity: a white paper, a short explainer, and a run of policy notes, of which Digital Wallets: A New Paradigm lays the conceptual foundation and Digital Wallets: Trust Frameworks supplies the five-layer governance model this essay examines. It names its models plainly: Indiaโs Aadhaar e-KYC trust framework as a precedent worth replicating, the EUโs eIDAS wallet as the de facto template, commercial wallets certifiable on top. It is careful, comprehensive, and often candid about its own paradigmโs weaknesses. And it is written to travel: this is the substrate a large part of the worldโs identity, payments, and data sharing will sit on, at the Bankโs financing scale.
The fastest way to understand a specification is to count who gets which verbs, so I read the series with a tally sheet open. Across the two architecture notes, eighteen and a half thousand words of careful design writing, the corrective lexicon (redress, grievance, appeal, recourse, contestation, correction) appears exactly zero times. Not rarely. Zero. Revocation, the issuerโs corrective verb, appears eleven times in the principal note alone. The phrase โaffected partiesโ appears once in the trust-frameworks noteโs eighty-six thousand characters, and the occurrence is instructive: it sits in the liability discussion, naming the people to whom remedies flow after institutions have allocated risk among themselves. Standing to start anything is not on the page. A zero at that length is not oversight. It is scoping, applied with precision.
Credit, precisely
The wallet paradigm makes one genuine advance over every identity generation before it, and it should be credited before it is criticised. For the first time in a mainstream protocol family, the person the credential is about becomes a required signatory inside the transaction. Nothing is disclosed until the holder actively creates the presentation; the series calls this proactive, ex ante control over data disclosure, and it is real. The series even makes a quietly important modelling move: where the W3C data model collapses everything into a single โHolderโ, the Bankโs own footnote decomposes that role into the user and the wallet application, because the abstraction was hiding a distinction that matters for governance.
Measure the advance, though, and it is exactly one verb wide and one person deep.
One verb wide: the person can decline to show. They cannot appeal what showing decides, compel anyone to re-examine the decision a field produced, or carry a correction from one verifier to the next. Disclose made it across the counter; contest, correct, and answer-back did not. And the deployed verb changes the status of the missing ones. A live, population-scale, subject-side signature inside high-assurance infrastructure is an existence proof, and once it exists, the absence of the other verbs stops being a feasibility question and becomes a choice about which verbs were worth specifying.
One person deep: the advance holds where the person affected by a disclosure is the holder performing it, and evaporates the moment those two roles separate. The child under a guardian-operated wallet, the payee on the other side of a transfer, the counterparty a representation credential is exercised against, the applicant denied at an offline checkpoint. The schema admits no role for them. The represented party enters as the credentialโs subject and exits the transaction record entirely. Whoever the decision lands on, when they are not the person holding the phone, is nowhere in the artefact. There is a name for the party the schema drops here: the decision subject, the person a decision is about. It is not the credentialโs subject (the person a credential describes), nor the data subject (the person whose data is processed), though it may coincide with either; it is defined by the decision and its consequence, not by the credential or the processing. Where the two roles are the same person, the walletโs one verb reaches them. Where they separate, the decision subject has no seat in the record at all.
Wrappers, not records
The series governs through five layers: strategy, technology, scheme rules, compliance, agreements. Trace where the person the system decides about actually lives in those layers and a single pattern emerges. They appear in Layer 5, the agreements layer, as a recipient of remedies after fraud. They appear in Layer 4 as complaint telemetry, a volume metric the compliance function watches. They hold no capability at Layers 2 and 3, where the credentials, presentations, and scheme rules actually live: no credential-data correction, no appeal against a verification denial, no subject-initiated revocation, no duty to notify them of a breach. Data sovereignty gets the same treatment, a Layer-5 agreement with no Layer-2 expression. Correction exists in the corpus as โcorrective-action plansโ, and they are filed against non-conforming participants, never against a record or a decision.
Call the pattern what it is: every governance-relevant party and action is placed in a wrapper around the system rather than in the record the system produces. Legal addressability without record addressability. If something goes wrong, there is a contract, a complaints channel, a compliance regime. What there is not, anywhere in the schema, is a way for the record of a decision to name the person it was about, or a way for that person to act against it.
The measurement layer wraps the same way. The programme these notes belong to reports its results as reach: eighty countries reached since 2015, a hundred and seventy-six million people using new or enhanced services in the last year alone, enrolment milestones by the tens of millions. And it can count outcomes when it chooses to: the same results record the gender gap in national ID closing fifteen per cent in Ethiopia, six thousand six hundred work permits issued to refugees there through the national digital ID rather than a parallel registry, benefit processing in the Philippines cut from four days to one. Error rates, contested decisions, reversals, time-to-correction: no such metric exists anywhere in the results schema.
I wrote once that dashboards inherit the plannerโs blindness, counting what flows towards the centre; this is that blindness at funding scale. Whether anyone wrongly recorded ever got it fixed is not a number the programme asks for, so it is not a number anyone building to the programme will produce. Specifications are written for the parties who will be at the table when something must be specified, and what gets specified is what someone at that table is paying attention to. The correction column has no one seated.
The Bank knows the words
The Bank knows what the alternative looks like, because it has published it. The same Vice Presidency, under the same trust fund and the same project number, issued Building Statelessness-Sensitive ID Systems in May, and it specifies complete contest machinery for identity decisions: documented reasons available to the individual, an automatic second reviewer triggered by system flags, an independent grievance mechanism, courts, trained officials, and paralegals as the channel that actually works, twelve hundred cases opened through it in Kenya in eighteen months, hundreds of them ending in identity documents. Everything the wallet schema lacks is specified there in full; the corrective vocabulary the architecture notes hold at zero is present, fully formed, in the one document about the population digital identity excludes. The words appear when the excluded are the deliverable, and nowhere else. So the honest description of the wallet series is the harder one: the institution can specify exit and contest, does so fully, and the specification sits in the one document the wallet schema cannot inherit from.
The agent clause
There is a small collision buried in the seriesโ shortest note: its only use of the word โagentโ is the human kind, the mobile-money agent who helps people cash in at a shop counter. Between that sentence and the roadmap, the word changed sides. The human agent stood beside you at the counter. The new one stands inside the wallet, saying yes for you, to institutions that will file the yes as yours. And its treatment is where the paradigmโs one advance starts consuming itself.
The arc runs inside a single note. Ex ante control is established as the paradigmโs differentiating property. Consent fatigue is then conceded as that propertyโs failure mode at scale, which is honest. And the proposed remedy is AI agents that reduce consent fatigue โby automating routine decisionsโ, with regulatory reform toward simplified consent and dynamic revocation offered alongside. All three move within two verbs, disclose and revoke; none adds contest. Follow the sequence: the one governance property this generation added, the human signature inside the transaction, is scheduled for automation, which converts the ex ante signature back into configured ex post review, with nothing specified for the case where the routine choice is wrong. The corpus then governs the automating party nowhere, because agents live in the โuser interface and application layersโ that the standardsโ scope explicitly excludes.
The scheme rules make the consequence concrete. Layer 3 requires the wallet to authenticate to a trust level โat least as high as the highest trust credential held within that walletโ. An agent holding a wallet session therefore either breaks the rule or inherits the walletโs highest-trust authority wholesale. There is no scoped middle, and the layer where a scoped middle would live is the one the standards decline to cover. I wrote in May that a delegated mandate keeps acting because everything around it still carries the shape of a legitimate operation; the wallet blueprint has now standardised the shape. And recall where the burden of proof sits at any assurance level: on the party contesting the signature. The signature the agent produced. Contested by the person it answered for. Burden on them.
Beneath the agent clause, the substrate is deleting its own stop rule. The series concedes that credential revocation has โnot yet a clear consensus or standardized approachโ. The 2025 W3C JOSE/COSE update standardises self-contained credentials with no online revocation pointers, by design, for offline verifiability. A credential layer shedding its killswitch with standards blessing is the reason a sentence from the exit essay is not hypothetical here: every clean expiry is followed by a clean reissue the person had no part in authorising. An agent-layer stop rule cannot inherit from a substrate that is deleting its own.
Every protocol opens a market
The Bank did not invent this omission; it inherited it from the primitives the wallet is built on. A verifiable credential names a subject, the party it describes, and moves that credential between three roles the standard defines precisely: an issuer who attests, a holder who presents, a verifier who checks. A decentralised identifier names a subject and a controller, the entity identified and the key that speaks for it. A credential wallet holds those credentials and presents them; its verb is to show. Across all three the roles are complete for describing a person and moving their attestations, and not one of them is the decision subject: the party a decision is about, which the model carries no field for, even as it carries a field for the party a credential describes.
Each of those primitives opened a market, and every market took its shape from the roles the protocol drew. The credential and identity standards opened a market for issuing and checking who someone is that is already measured in the tens of billions and growing at a mid-teens rate, organised entirely around issuers, holders, and verifiers. The same design is now being carried from credentials to assets: put a land title, a fund, a deposit, or a carbon credit onto a programmable ledger and you have a market that bank-grade forecasts size anywhere from around two trillion dollars to sixteen trillion by 2030, the eightfold gap between them a matter of definition rather than disagreement. And the token those forecasts describe records the asset, the owner, and the logic that moves it, and nothing more. Line the layers up, from the credential to the wallet to the ledger, and the role model never changes: issuer, holder, verifier; owner and transfer. Not one of them is the party a decision lands on.
So the empty column the architecture notes leave is not the Bankโs alone; it is the column the whole stack beneath them was written without, now priced in the trillions. And the agent this series schedules to automate a personโs consent is the same agent that will move a tokenised title while they sleep, on a ledger built to be permanent, where a wrong entry becomes a fact that cannot be unmade. The consequence that used to be reversible turns final at the exact moment the record still cannot name the person it falls on.
The missing verb, as requirements
The exit essay argued this normatively. The wallet series is prescriptive, and it never asks the exit question of its own schema. So here is the question asked in the schemaโs own grammar, as three requirements a wallet standard could adopt tomorrow, not as philosophy.
Decay by default. Every credential, binding, and delegated session carries a terminal event the subject can see, and reissue is a new act, never a silent one. The series already admits its ex post logs โcan be difficult for users to interpret or act upon, reducing their practical impactโ. The repair for an illegible log is not abolishing the ex post category by automating consent; it is a record whose lifecycle events are visible to the person they bind. No silent regeneration is a schema property, testable at certification.
The record names the party it binds. When the person a presentation or decision concerns is not the holder performing it, the record carries a reference to them: a pseudonymous, purpose-bound handle, never a plaintext identifier. The privacy objection is pre-answered by the Bankโs own statelessness guidance, which recommends recording nothing visible and routing entitlement checks through governed back-end attributes. Addressability is not visibility. The role must be invocable by the party against the record, not legible on the artefact. And where an agent operated the wallet, the record marks that origination, because a verifier currently receives a presentation cryptographically identical to a human one and treats it as evidence a human saw and approved the disclosure.
Invocable by the subject, against the record. A challenge path that terminates at the record and its issuer, not at a complaints wrapper. The granting side of this mechanism already exists in the standards process: the identity community has spent this season building approval endpoints, reconsideration flows, and denial escalations for the party who launches an agent. The symmetric path for the party a decision lands on is the missing half, and it is smaller than the half already built.
None of this requires a new paradigm. The containers exist, signed statements and receipts standardised this June; the granting-side mechanisms exist; the decomposition precedent is the Bankโs own footnote. The first two requirements are concrete enough to write as protocol, and that is where I am taking them: two minimal, descriptive claims for the standards process, one naming the decision subject, one marking who operated. Neither grants anyone anything. They make the record honest about who it concerns, which is the precondition for every remedy the agreements layer promises.
The question to carry
For a procurement officer, a certification body, or a parliament adopting this blueprint, the test compresses to three verbs. When the system decides something about a person, can they query the record that decided, contest it to someone obliged to evaluate and answer, and rely on the outcome holding at the next counter, or do all three paths terminate in the complaints annex? A system that can be inspected but not contested is an open loop, and the wallet series, read whole, is an open loop with an excellent legal department. The Bank has guaranteed the recordโs accuracy and handed the burden of disproof to the person the record binds. Until the record can name that person, the guarantee has a beneficiary, and it is not them.
Layer 8 examines the decisions hidden inside technology.
Sources, all from the World Bankโs Digital and AI Vice Presidency under the DPI Trust Fund (project P505739):
Digital Wallets: A New Paradigm, the flagship conceptual note (Open Knowledge edition).
Digital Wallets 101: A Short Explainer of Digital Wallets and Verifiable Credentials, released alongside the flagship note.
Digital Wallets: Trust Frameworks โ Governing the Ecosystem, the five-layer governance note this essay examines (July 2026; coverage).
Building Statelessness-Sensitive ID Systems, the contest-machinery note (ID4D with UNHCR, May 2026).
Vocabulary counts were verified against the official text renditions, and the results figures against the Global DPI Program results page, on 11 July 2026.
Previous instalments: Exit Is the Primary Agentic Right; The Sovereignty Test Europe Hasnโt Finished Yet; Dashboards Were the Last Central Planner.



