Enhancing National Digital Identity Systems: A Framework for Institutional and Technical Harm Prevention Inspired by Microsoft’s Harms Modeling

The rapid adoption of National Digital Identity systems (NDIDs) across the globe underscores their role in ensuring the human right to identity. Despite the transformation potential given by digitization, these systems introduce significant challenges, particularly concerning their safety and potential misuse. When not adequately safeguarded, these technologies can expose individuals and populations to privacy risks as well as violations of their rights. These risks often originate from design and institutional flaws embedded in identity management infrastructures. Existing studies on NDIDs related harms often focus narrowly on technical design issues while neglecting the broader institutional infrastructures that enable such harms. To fill this gap, this paper extends the collection of harms for analysis through a qualitative methodology approach of the existing harm-related literature. Our findings suggest that 80% of NDID-related harms are the product of suboptimal institutions and poor governance models, and that 47.5% of all impacted stakeholders are considered High Risk. By proposing a more accurate harm assessment model, this paper provides academia and the industry with a significant contribution that allows for identifying the possibility of NDID-related harms at an embryonic state and building the necessary infrastructure to prevent them.