The $50B authentication tax: who actually pays and how to leave

Solidus Network — Sun, 21 Jun 2026 09:15:16 +0000

The $50B figure for global identity verification spend deserves a buyer-side breakdown, because the number alone is unactionable.

Roughly half ($23-27B) is human KYC spend at fintechs, exchanges, banks, and regulated platforms. Of that, the largest fraction is duplicative re-verification — the same user, verified at multiple platforms, paying multiple per-verification fees. The unit economics: $5-50 per verification, depending on documents required and LoA target, multiplied across the user-platform matrix.

Another $10-12B is enterprise IAM (Auth0, Okta, Ping, Microsoft Entra, others). The recurring per-user subscription fees + the integration consulting + the breach-disclosure costs make this category one of the higher-margin enterprise software categories.

Another $5-7B is identity proofing for credit, healthcare, government services. These flows are typically vendor-integrated (Experian, LexisNexis, others) with per-pull fees.

The remaining $5-10B is the long tail: agent identity, machine identity, certificate authorities, identity-adjacent fraud prevention.

For a buyer at a fintech with 1M monthly active users, the rough breakdown of their slice of this $50B is: KYC re-verification at $0.50-2 per MAU per year ($600K-2.4M); CIAM at $0.30-1 per MAU per year ($360K-1.2M); fraud prevention at $0.40-1 per MAU per year. Annual: $1.5-5M depending on tier.

The architectural exit from this stack: portable Verifiable Credentials. The same KYC credential satisfies the bank, the exchange, the fintech, the payment platform. The same CIAM proof works across SaaS tools. The buyer pays once for issuance, accepts presentations against the issuer's anchored key.

The transition cost is real but bounded. Integration cost: ~$200-500K for a mid-size fintech (SDK integration + compliance review + change management). Operational cost during transition: ~6 months of running both stacks. Net 3-year ROI for the typical fintech: $3-8M in cost reduction.

Three triggers to make the decision now: the EU eIDAS 2.0 mandate forces verifier-side integration by Q4 2026 (you need the wallet acceptance path anyway); the agent-identity stack is consolidating around the same primitive (you'll need it for agent traffic in 2027); the regulatory compliance bar is rising (selective disclosure is GDPR-by-architecture, not GDPR-by-policy).

The buyer side has been slow to see this. The CFOs who run the analysis early will be the ones whose identity stack is one of the lowest in the industry by 2028.

solidus.network

The convergence problem: one credential primitive for humans, agents, and machines

Solidus Network — Sun, 21 Jun 2026 08:53:24 +0000

We mapped more than 500 identity companies.

The pattern across all of them is the same, and it is structural. Each one solves identity for exactly one entity type — your login, your KYC check, your wallet, your agent — inside a silo none of them can leave. Because the silo is the business model. Their revenue requires the credential to stay inside their walls. The moment it ports, the moat is gone.

So identity fragments three ways at once:

Humans get re-verified endlessly. The same passport, re-checked on every platform, stored in every database, exposed in every breach.

AI agents have no shared identity primitive at all. As agents begin to transact in 2026 — booking flights, renewing subscriptions, negotiating refunds, paying bills — there is no standard way to prove who issued an agent, what it is cleared to do, or which human (or organization) is on the other side of that delegation.

Machines face the same gap. Industrial machine-to-machine identity exists in isolated enterprise stacks; nothing portable, nothing standards-native.

This is one problem wearing three masks. And the fix is not a better silo. It is a shared primitive that any of the existing solutions can build on top of.

The convergence thesis

Identity, like networking and TLS before it, will converge on an open layer underneath the products. The question is who builds it.

A credible candidate has to do three things at once. It has to be one open credential primitive — a W3C DID plus a Verifiable Credential, with selective disclosure, signed by issuers a relying party can independently verify. It has to be issuable once and reusable everywhere, across humans and agents and machines, without re-verification per platform. And it has to be anchored in a layer that survives the failure of any single issuer or verifier.

That is the protocol-shaped problem. It is not solved by a SaaS company that owns the credential after issuing it.

Why this hasn't happened yet

Two reasons. First, the standards needed to make it real — W3C DIDs and Verifiable Credentials 2.0 — only reached Recommendation status in 2022. Until then, "open identity" meant "competing whitepapers." The bricks were not baked.

Second, the incentive layer was wrong. Self-sovereign identity projects in the 2018-2022 era (Sovrin, uPort, others) built credible architectures and ran out of runway. Identity protocols are platform-shaped: network effects take years; revenue is gated on adoption you cannot manufacture; smart teams quit before the curve bends.

What changes in 2026 is the convergence of three forces. eIDAS 2.0 mandates EU digital identity wallets for 450 million citizens by December. The agent transaction stack is consolidating around ERC-8004 (an agent identity registry) and x402 (credential-aware payment headers). The W3C standards floor is set.

These don't converge again. The window for the open layer to be built is now.

What Solidus is

We start with the wedge that pays: portable verification for humans, on a chain that anchors identity claims rather than financial transactions. We use the W3C standards as-shipped — did:solidus is a method submitted to the W3C DID Method Registry (under review, not merged, never "registered"). We use SD-JWT VC and BBS+ for selective disclosure, both production-ready, both shipped on our testnet.

The same primitive extends upward as the agent stack and the machine stack mature. We are not building a separate identity protocol for agents and another for machines. The same did:solidus method, the same VC format, the same selective disclosure path.

That is the convergence: one credential primitive, three entity types, every relying party.

What this is not

It is not a replacement for Auth0, Sumsub, Privy, or Skyfire — they each own a slice of the market, and our job is to be the layer underneath them, not the head-to-head competitor. We are betting the layer position is where the leverage is, the way TCP/IP was the leverage position underneath the SaaS stack of the 1990s.

It is not a token-launch event. There is no SLDS allocation before mainnet. The pitch is the protocol and the shipped components, not a speculation mechanism. If you are evaluating this for a token-rotation strategy, this is not that.

It is not a finished product. Eight of nineteen planned surfaces are live on testnet today. The other eleven wait on proof of the first eight, not on capital.

What you can check today

The SDK is on npm — @solidus-network/sdk covers DID method, VC format, BBS+ proofs, chain client, wallet interactions. The repo is open at github.com/solidusnetwork. The W3C DID Method Registry PR is #713. We are a DIF Associate Member, contributing to the Identifiers and BBS+ working groups.

If you build on identity, build on the standards underneath. If the standards underneath need a chain that anchors them honestly, that is the bet.