Digital trust is no longer implicit; it must be governed, earned

Trust used to be an invisible layer in digital systems. Users logged in, data flowed, credentials were accepted, largely without question. That era is ending. As digital ecosystems become more complex and more autonomous, trust is no longer something institutions can assume. It has become something they must actively design, maintain and justify.

According to SURF’s Tech Trends 2026 report, digital trust is shifting from a technical prerequisite to a strategic concern for education and research. It touches everything from identity and authentication to data sharing, cross-border collaboration and institutional credibility. Without trust, digital transformation stalls, or worse, backfires.

Identity as the new foundation of trust

At the heart of this transformation lies digital identity. The European Union is reshaping this domain through eIDAS 2.0 and the rollout of the European Digital Identity (EUDI) Wallet, which by 2027 should be available to every EU citizen. These wallets will store verifiable credentials: diplomas, certificates, licences and authorisations that can be cryptographically proven and selectively shared.

For education and research, the implications are profound. Diplomas and micro-credentials become portable across borders. Student mobility, admissions and lifelong learning pathways can be streamlined. Fraud becomes harder, verification faster.

But the shift also redistributes responsibility. Institutions move from being sole custodians of credentials to becoming issuers and validators in decentralised trust networks. That demands new governance models, technical standards and legal clarity. Trust is no longer enforced hierarchically; it is negotiated across ecosystems.

From data extraction to self-sovereignty

A second major trend is the rise of Self-Sovereign Identity (SSI). Driven by growing concern over data misuse by platforms, brokers and even governments, SSI aims to give individuals control over their own identity data. Instead of handing over full datasets, users disclose only what is strictly necessary, and only when they choose to.

In education, this creates new opportunities and dilemmas. Students gain autonomy over how their credentials are shared with employers, institutions or partners. At the same time, institutions must rethink enrolment, assessment and certification processes to balance privacy with accountability.

The report is explicit: oversimplified systems risk nudging users into unintended data sharing, while overly complex systems undermine usability and inclusion. Designing for trust means designing for informed choice, not just technical compliance.

Organisational wallets: trust between institutions

Trust is not only personal. As collaboration intensifies across borders, institutions themselves need reliable digital identities. This is where organisational wallets come in. The upcoming European Business Wallet initiative aims to provide legal entities with verifiable, role-based digital identities.

For universities and research institutes, this could significantly reduce friction. Phishing risks decline. Contracting, consortium building and grant applications accelerate. Verified institutional credentials protect intellectual property and minimize administrative overhead.

Yet organisational identity is more complex than personal identity. Managing credential lifecycles, role changes and legal responsibilities requires robust internal governance. Trust between institutions becomes programmable, but only if organisations are ready to manage it responsibly.

Trust reaches beyond identity: product passports and transparency

Digital trust is also expanding into unexpected domains. One example highlighted by SURF is the rise of Digital Product Passports (DPPs), mandated by new EU sustainability legislation. These passports disclose a product’s origin, composition and environmental impact.

While primarily aimed at industry, DPPs are increasingly relevant for education and research institutions as large-scale buyers and campus operators. They enable more transparent procurement, better sustainability reporting and new research opportunities around supply chains and lifecycle analysis.

Here, trust connects digital identity, data integrity and societal values. Transparency becomes verifiable, not declarative.

From hierarchical to distributed trust frameworks

Perhaps the most fundamental shift described in the report is architectural. Traditional trust frameworks in education are hierarchical: accredited institutions issue credentials, and others rely on that authority. Emerging standards such as OpenID Federation enable distributed trust models, where multiple parties can establish trust relationships without a single central authority.

This does not eliminate the need for accreditation or oversight. On the contrary, high-stakes processes still require strong guarantees. But it does allow for more flexible, interoperable and cross-sector collaboration, essential in a world of micro-credentials, lifelong learning and international research consortia.

Trust as a strategic capability

Across all these developments, SURF makes one thing clear: digital trust is not a plug-in feature. It is a strategic capability. It requires alignment between technology, policy, law and institutional culture.

For education and research, the challenge is to ensure that trust mechanisms strengthen, rather than erode, public values such as autonomy, inclusivity and fairness. Trust that is imposed without transparency will not last. And trust that is well-designed can scale.

In a digital world where identities multiply, data travels instantly and systems increasingly act on our behalf, trust becomes the quiet infrastructure that holds everything together. The institutions that recognise this early will be best positioned to collaborate, innovate and remain credible in the years ahead.