After the CSC Trust Without Borders Summit 2026 in Bogotá, we sat down with John Jolliffe, Provider Management Lead at eID Easy, to talk about what he saw, what he heard, and why the digital trust world feels like it is entering a new phase.
The short version? Trust services may still sound like something happening in the background, somewhere between legal frameworks, technical standards and regulatory committees. But the work being done there will affect how people prove who they are, sign documents, trust digital content, and do business across borders.
And according to John, Bogotá made one thing very clear: this is no longer just a European technical conversation.
It is becoming a global one.
“There was genuine momentum, joy even”
Let’s start with the summit itself. What was the atmosphere like in Bogotá?
“From the first moment, what struck me was the energy,” John says. “There was a genuine sense of momentum, joy even.”
For an event dealing with standards, signatures, identity wallets and trust frameworks, “joy” may not be the first word that comes to mind. But John says the room had the feeling of a conversation that had grown beyond its original boundaries.
“It is clear that this is no longer a European-led technical working group developing a technical specification,” he explains. “It’s now more like a movement that includes regulators, legal experts and academics from different parts of the world, all looking at how to promote digital trust services across the globe.”
That shift matters.
The Cloud Signature Consortium originally started around 10 years ago with a practical technical problem: allowing people in Europe to securely sign documents without needing a USB key. Today, the technical solutions developed through CSC have matured to the point where they are being referenced in legislation around the world.
And the use cases are no longer limited to signing documents.
“They are applicable not just for signing documents, but also code, digital content, personal identity attributes, anything where an identity needs tying to an asset,” John says.
In other words, the conversation has moved from “how do we sign?” to “how do we trust?”
Trust Without Borders sounds simple. It isn’t.
The phrase “Trust Without Borders” is clear, optimistic and easy to like. But in practice, John says, it points to a very hard problem.
“At the simplest level, Trust Without Borders means that anyone, anywhere can trust anything that has been digitally signed, be that a document, code, an identity attribute or digital content, in a different country.”
That would be a huge shift. A company doing business internationally could rely on digital signatures from another jurisdiction. A user could prove an identity attribute without starting from zero each time. A piece of digital content could carry a verifiable link to its origin.
Without that confidence, John says, organisations fall back into old habits.
“People will continue to use paper and we’ll waste time and money pushing 19th century processes.”
The challenge is that trust does not appear by magic. Behind every cross-border digital interaction sits a long list of governance questions. Who supervises certificate authorities? Who certifies their operations? Against which standards? Who maintains lists of approved providers? How are those lists published? How do different regions recognise each other’s systems without forcing everyone into one identical model?
That is where things get interesting.
“Trust Without Borders means allowing different regions to communicate and recognise each other’s approaches while allowing for local conditions,” John says. “And having the confidence to not require absolute harmonisation.”
The boring stuff is the important stuff
One of John’s more memorable lines after the summit was that this work is “behind the scenes and unsexy for most normal people”, but that it will affect everyone.
So how does he explain that to someone outside the industry?
“Most normal people never think about trust services, eID, wallets or assurance levels,” he says. “But we’ve all received notifications warning us that an account may have been compromised and that we should reset our password. And we’re all seeing AI-generated media and wondering what’s real and what’s not. And we’ve probably all stood in line in a government office or embassy trying to get official documents signed or legalised.”
These may feel like separate annoyances, but John sees them as different versions of the same underlying problem: a lack of trust between systems.
When digital trust works properly, the impact is practical. Better account security. Digital content that can carry signals of authenticity. Administrative processes that can move fully online. Less need to appear in person, show a passport, print a form, sign it, scan it, send it, and hope someone accepts it.
Or, to put it more simply: fewer processes that feel like they were designed for another century.
Fragmentation is still the main character
If there was one theme running through John’s reflections, it was fragmentation.
Trust is fragmented across regulatory, technical, legal and commercial lines. That sounds abstract until you look at what it means for a real organisation trying to operate across borders.
“In an ideal world you’d be able to sign a document digitally and it would be legally enforceable in any court in the world,” John says.
But that is not the world we live in.
Legal systems vary. Digital signatures are not automatically recognised across borders. Organisations doing business in multiple jurisdictions often need to work with different trust providers in different markets.
That is the legal side.
Then comes the technical side.
“Are you going to build a technical integration yourself every time you want to operate in a new country? No, you’re probably going to want to use an aggregator like eID Easy to avoid spending days of developer time.”
And even after the legal and technical pieces are solved, there is still the commercial reality. Different providers have different pricing models, different terms and different ways of working.
“That’s where eID Easy comes in,” John says.
This is one of the central points behind eID Easy’s role in the market. Aggregation is not just a technical convenience. It is a way of reducing legal, commercial and operational friction so organisations can actually use trust services in practice.
As John puts it, eID Easy understood early that common technical standards were not enough.
“For businesses to actually use trust services, you needed all the aggregation services beyond the technical standard to make it easy for organisations to just turn it all on and start using it.”
That includes technical integration, but also flattened pricing models, simplified access to provider terms, and a marketplace that makes it easier for customers to adopt multiple services without negotiating every relationship from scratch.
Wallets are exciting. They are also another layer of complexity.
John’s panel in Bogotá focused on digital identity wallets, including EUDI and other models. The discussion showed how much activity there is globally, but also how differently regions are moving.
Poland is already advanced. LATAM has multiple wallet initiatives at different levels of readiness. In the United States, mobile driving licences are rolling out at different speeds in different states.
“There’s a real desire to move ahead and get these services out into the world,” John says. “But there’s regulatory friction and market uncertainty.”
That uncertainty often comes back to the classic adoption problem.
Without relying parties, users have little reason to adopt wallets. Without users, relying parties have little incentive to support them.
“We’re all working to find ways to get out of this chicken and egg situation,” John says.
Still, the excitement is justified. Wallets could make it much easier for individuals and organisations to prove who they are, or prove specific characteristics, without sharing more information than necessary.
“No more document scanning, no more vague ‘click to sign’ agreements that don’t hold legal water,” John says.
But he is careful not to oversell the timeline.
Wallets will take time to roll out. They will take even longer to reach high levels of adoption. And until that happens, businesses will still need to support existing forms of identity verification and signing to avoid losing customers.
“So wallets won’t simply replace the existing eIDAS 1.0 complexity,” John says. “They’ll add another layer on top and we’ll have this hybrid world for many years yet.”
That is where aggregators become even more important.
The world does not need to become European to become trusted
One of the summit moments that stayed with John came from Jean Everson Martina, who highlighted that European standards and governance bring coherence, but also carry institutional assumptions that may not translate neatly to other regions.
John says the point landed because Europe has good reasons to be proud of what it has built, but pride can easily turn into rigidity.
“The EU was the first region to develop a whole system of governance to support digital trust at a trans-national level,” he says. “We’re rightly proud of our approach. Perhaps too proud.”
He has heard it said many times that the rest of the world will have to follow EU standards and harmonise around the European model. But Bogotá was a reminder that other regions are not blank spaces waiting to copy Europe. They have their own institutions, legal traditions, trust models and market realities.
“We’re not the only region to have thought about digital trust,” John says. “Our approach embeds assumptions that don’t directly translate to systems and institutions in other regions.”
The better path, he argues, is not to lower standards, but to be more open about how equivalent outcomes can be reached in different ways.
“We can agree on objectives and high standards, without expecting everything that flows from that to be identical everywhere,” he says. “Some European humility and openness to understanding other approaches will take us further and faster than rigidly insisting on European approaches.”
That may be one of the more important takeaways from the summit. Trust Without Borders does not necessarily mean one global model. It may mean a network of bridges between different models.
Building bridges, technically, legally and commercially
So what does “building bridges” actually look like?
At one level, John says, it is the work of trade delegations, standards experts and legal experts. It means adopting common technical standards where possible, and where that is not possible, finding equivalence between technical standards, legal concepts and institutional rules.
Governments need to feel safe trusting each other’s approaches. Regulators need enough confidence to recognise systems beyond their own borders. Standards bodies need to keep pushing toward interoperability.
But there is also a commercial layer.
“At the commercial level, aggregators like eID Easy build bridges by making adoption and roll out much easier,” John says.
That is the practical side of Trust Without Borders. Not just writing standards or aligning laws, but helping actual providers, platforms and relying parties work together in the market.
For relying parties, the challenge is accepting the identity methods, signature services and, eventually, wallets that their users need. For trust service providers, the challenge is reaching customers who may never have the time, expertise or resources to integrate with them directly.
eID Easy sits between those needs.
“Joining the eID Easy marketplace puts your service in the shop window so you can attract customers that would never have the time or expertise to integrate with you directly, and drive greater volumes which mean more revenue,” John says.
On the customer side, eID Easy helps organisations deal with the complexity of different ID methods and signature services across multiple jurisdictions.
And John is clear that this is not only a multinational problem.
“You don’t have to be a multinational to experience this fragmentation or complexity,” he says. “Sometimes within a single country you can need several different ID schemes or signature providers to be sure of reaching all your users.”
For multinationals, of course, the problem is unavoidable.
What progress should look like
Looking ahead to the next Trust Without Borders Summit, John would like to see more mutual recognition agreements between the EU and other regions, including Mercosur, or bilateral agreements with individual countries. These would allow trust services and digital identity from those regions to be legally used in the EU, and vice versa.
That kind of progress will depend on the technical standards work already underway, particularly around the delivery and supervision of trust services.
But John’s view is not that standards alone will solve fragmentation.
Even with global standards and legal recognition, trust remains local. Users often prefer brands, apps and services they know. Local identity schemes and providers will continue to matter. Fragmentation at the service and user level will not disappear overnight.
That means the job for eID Easy remains clear.
“We want to help our customers navigate all of that and make the pain go away,” John says.
And perhaps that is the most human way to explain the whole thing.
Digital trust may involve standards bodies, governance models, assurance levels, certificate authorities, wallets, legal recognition and cross-border frameworks. But the goal is simple: help people and businesses trust digital interactions without having to understand every layer underneath.
Or, as John put it when asked to describe the summit to a non-industry friend:
“People working on obscure technical and legal things that you hopefully never have to think about, but which will keep the world safe.”
Not bad for the boring stuff.
.png)