It’s official: as of 1 June 2026, the Belgian identification app itsme is available in the Netherlands. itsme acquired iDIN in late 2025 and now appears as an option within the familiar iDIN selection screen at organizations such as a.s.r., PostNL, BKR, and PSV. The two systems will run side by side for now, but iDIN will disappear entirely by late 2027 or early 2028. The bank-based login that millions of Dutch people know will cease to exist.
In Belgium, itsme has seen widespread adoption: over 80% of adults use it, with more than a million identifications per day. The service meets the highest assurance level of the European eIDAS rules and connects to the EU Digital Identity Wallet. On paper, that’s impressive.
But the move from iDIN to itsme raises a fundamental question that goes beyond technology or convenience: what values do we want at the foundation of our digital identity? Before we all migrate, it’s worth pausing to consider exactly what we’re trading away, and what we’re getting in return.
What changes on 1 June?
iDIN was a typically Dutch solution: bank-driven, domestic, and rooted in the iDEAL infrastructure. With itsme’s arrival, control over this critical infrastructure shifts to a foreign, commercial platform.
For the user, itsme works like this: you link your identity once using your passport or ID card combined with a selfie, reading the NFC chip in your document. After that, you confirm actions with a PIN, fingerprint, or face scan. User-friendly, no doubt about it.
The question isn’t whether itsme works. The question is what happens to your data behind the scenes, and who ultimately controls it.
itsme and iDIN have more in common than you’d think
It’s tempting to see itsme as a modern, fresh replacement for the aging iDIN. And in several respects itsme is indeed an improvement: it no longer depends on your bank, and it uses strong document verification. But on the two points that matter most for privacy, itsme and iDIN are strikingly similar:
1. It remains a closed, commercial system. Just like iDIN, itsme is a proprietary service. The source code isn’t public, its operation isn’t independently auditable, and you have to take the privacy and security promises on faith. A black box is a black box, whether it’s Dutch or Belgian.
2. It remains centralized. itsme is a big tech cloud-hosted system with central data storage. That creates exactly the kind of data hotspots we should want to avoid in the wake of breaches like the one at Odido. A central identity provider processing a million identifications a day can, in principle, see where and when you log in. That’s a trove of behavioral data, and an attractive target.
In other words: switching to itsme doesn’t solve iDIN’s real weaknesses, namely the lack of data minimization and the centralized approach. It merely relocates them, while handing Dutch control over to a foreign party in the process.
Why Yivi is a fundamentally different alternative
Yivi starts from a fundamentally different premise. Not “how do we identify someone as reliably as possible from one central system,” but “how do we give people control over their own data, without central storage and without anyone able to look over their shoulder.” That difference lives in the architecture, not the marketing.
Selective disclosure: share only what’s needed
Where both iDIN and itsme in practice share a fixed package of personal data during identification, Yivi lets you prove exactly the one fact that’s required. Over 18? Share just that, not your birth date, name, and address. Verifying your address? Share your postal code, not your full address. This is data minimization in practice, and exactly what the GDPR and eIDAS 2.0 prescribe.
Decentralized: your data, on your device
With Yivi, your credentials live in your own wallet on your own phone, not in a cloud data center. There’s no central database logging every identification, and no data hotspot that can be hacked or subpoenaed. Large-scale data breaches become structurally impossible: there simply is no central pile of sensitive data to steal.
No tracking, no intermediary looking over your shoulder
As a central provider, itsme can in principle see where and when you identify yourself. Yivi uses cryptographic protocols where no central party needs to be involved in each transaction. Your credential issuer doesn’t see where or when you use a credential. Surveillance and profiling aren’t held back by policy; they’re made technically impossible by design.
Open source and open standards
Yivi is fully open source. The code is public, auditable by anyone, and continuously reviewed by the community and security researchers. Yivi is also built on open international standards such as OpenID4VP, OpenID4VCI, and SD-JWT VC, the same standards used worldwide for the EU Digital Identity Wallet. No vendor lock-in, no secret algorithms.
Digital sovereignty
itsme shifts control over a piece of Dutch digital infrastructure to a foreign commercial platform, hosted on big tech cloud infrastructure. Systems running on US cloud providers are also subject to the US CLOUD Act, which allows data to be compelled beyond the reach of European judicial oversight. Yivi’s architecture sidesteps this entirely: there’s no central cloud to subpoena, because your data lives on your own device.
itsme versus Yivi at a glance
| itsme (iDIN successor) | Yivi | |
|---|---|---|
| Ownership | Belgian, commercial | Open source, public values |
| Architecture | Centralized, cloud-hosted | Decentralized, on your own device |
| Transparency | Closed, proprietary | Fully auditable source code |
| Data minimization | Fixed data sets | Per-attribute selective disclosure |
| Tracking | Central provider can observe | No central logging possible |
| Breach risk | Central data hotspot | No central store to steal |
| Standards | Proprietary ecosystem | Open standards (OpenID4VP, SD-JWT VC) |
The window from now until 2028
iDIN won’t disappear overnight. Until late 2027 or early 2028, iDIN and itsme will run side by side. That gives organizations currently relying on iDIN an important window: you don’t have to automatically jump to the first available replacement.
This is the moment to choose deliberately. Those who start experimenting now with attribute-based credentials and selective disclosure will be ready for eIDAS 2.0 and will build on foundations that respect privacy and sovereignty. Those who wait and migrate to itsme on autopilot trade one closed system for another, and miss the chance for something genuinely better.
The question isn’t whether iDIN will have a successor. It already does. The question is whether we choose a successor that truly aligns with European values of privacy, openness, and self-determination.
Learn more or get started
- Compare Yivi and iDIN in detail: yivi.app/yivi_vs_idin
- Read our earlier analysis on the end of iDIN: The end of iDIN
- Understand what Yivi is: docs.yivi.app/what-is-yivi
- For developers: yivi.app/for_developers
- Download the Yivi app: available on iOS and Android
- Get in touch: questions about implementing Yivi? Contact us
iDIN’s successor is now at the door. Let’s not open the first door we see, but the right one.