PART 1 OF 2
As Europe moves from digital identity pilots to operational deployment, the conversation is shifting from architecture to execution. Identity Week Europe 2026 provides a valuable snapshot of this transition, bringing together the organisations building the foundations of Europe’s emerging trust infrastructure.
In this two-part TQS Identity Week series, we examine the Trust Stack through the lens of identity, trust services, cryptography, issuance infrastructure, sovereignty and hardware roots of trust. Part One explores the challenge of moving from architecture to operation, where technical capability meets real-world deployment.
This article includes perspectives from IN Groupe and Tinexta InfoCert, both exhibiting at Identity Week Europe 2026.
The structure of the trust stack is no longer difficult to describe. The layers are visible, the roles increasingly defined, and the companies involved are positioning themselves with greater precision. What remains less certain is how those layers behave when combined into operational systems. Architecture tolerates abstraction but deployment does not.
Across Europe, identity platforms are scaling, trust services are being embedded into regulated workflows, and wallet frameworks are moving from pilot to early implementation. The expectation is coherence. The reality is more uneven. Systems that appear stable in isolation begin to reveal friction where they intersect, and it is within those intersections that the trust stack is now being tested.
Integration Is the Constraint
The trust stack does not fail at the level of individual capability. Identity works. Cryptography works. Trust services function as designed. Issuance infrastructure delivers credentials at scale. Hardware anchors identity within devices. Each layer, taken on its own terms, performs. The constraint emerges when these layers are required to operate together.
An identity issued through a national infrastructure must be recognised within a service environment governed by different regulatory assumptions. A trust service designed for legal enforceability must integrate with application environments optimised for speed and user experience. Cryptographic systems built for long-term resilience must coexist with legacy implementations that cannot be replaced overnight. Hardware-based trust must align with software-defined identity models that were never designed to depend on it.
These are not edge cases. They are the operational conditions under which the trust stack now exists.
The Layers Under Pressure
The transition from architecture to operation introduces pressure at every layer. What was previously defined as a role becomes defined by performance under constraint.
At the adoption layer, platforms such as itsme demonstrate that scale is achievable. The challenge is no longer onboarding users, but extending identity into broader contexts without fragmenting trust. As identity moves into wallet-based ecosystems, adoption must be sustained while the scope of use expands. The risk is not failure of scale, but dilution of consistency.
At the enforcement layer, organisations such as Tinexta Infocert operate where legal and technical systems converge. Trust services must function across jurisdictions while maintaining evidential integrity. As identity systems scale, these services become points of validation that cannot afford inconsistency. The shift from compliance to enforceability is complete; the challenge is maintaining that enforceability under operational load.
This challenge becomes increasingly visible as trust services move from controlled environments into high-frequency operational workflows. Signatures, certificates, seals and time-stamps are well understood technologies, yet their value ultimately depends upon whether they retain their evidential integrity when embedded across multiple systems, organisations and regulatory environments. The question is no longer whether trust services function in isolation, but whether they remain enforceable when operating at scale.
“We treat enforceability not as a property you declare, but as one you have to sustain under load.”
Tinexta InfoCert
The observation is significant because it reflects a broader shift occurring throughout the trust stack. Trust is moving from static compliance frameworks into dynamic operational environments where consistency must be maintained continuously rather than demonstrated periodically.
At the cryptographic layer, companies such as Cryptomathic face a different form of pressure. The transition toward post-quantum readiness is not a discrete event. It is a prolonged period of coexistence between established and emerging cryptographic models. Composite approaches introduce resilience, but also complexity. Managing that complexity across systems that were not designed to accommodate it is now a central concern.
At the issuance layer, providers such as Mühlbauer operate where theory meets continuity. Identity is not issued once. It is renewed, revoked, updated, and re-integrated over time. Deployment reveals the requirement for systems that can sustain identity across its lifecycle, not simply deliver it at a point in time.
At the sovereign layer, organisations such as IN Groupe are navigating a more structural challenge. National identity frameworks must align with European interoperability requirements while retaining domestic control. The tension between sovereignty and standardisation is not resolved through architecture. It is managed through operation, often imperfectly.
As European identity frameworks move from pilot programmes into production environments, attention is increasingly shifting beyond the secure issuance of credentials themselves. The challenge lies in connecting sovereign identity systems to the services, transactions and workflows that depend upon them. Highly regulated sectors are beginning to ingest cross-border credentials under eIDAS 2.0, exposing new operational dependencies between national trust frameworks and real-world service delivery.
“The definitive battleground for digital trust is no longer issuing a secure root credential. It is orchestrating the intermediary broker layer.”
IN Groupe
That observation highlights where control is beginning to concentrate. Success increasingly depends upon the ability to stabilise the intermediary layers that connect sovereign identity systems with digital services while absorbing growing cryptographic, regulatory and operational complexity. The organisations capable of managing these intersections are increasingly moving beyond participation and towards operational control of the ecosystem itself.
At the base of the stack, the hardware layer introduces constraints that are both physical and temporal. Companies such as NXP Semiconductors provide the root of trust upon which higher layers depend. Hardware must remain stable over long lifecycles while supporting evolving security requirements. As identity extends toward the edge, into devices and distributed environments, the limitations of hardware become defining factors rather than background conditions.
Where the Stack Holds and Where It Fragments
The trust stack holds where alignment exists across layers. It holds when identity models are recognised across systems, when trust services are accepted across jurisdictions, when cryptographic implementations are consistent, and when infrastructure is designed for continuity.
It begins to fragment where those conditions are absent because fragmentation rarely appears as failure. It appears as friction. Delays in onboarding. Incompatibilities between systems. Increased reliance on intermediaries. Workarounds that bypass intended architectures. These are not anomalies. They are indicators of a stack that has not yet stabilised.What is emerging is not a binary state of success or failure, but a gradient of operational maturity. Some systems are approaching coherence. Others remain dependent on translation layers and manual intervention. The difference is not theoretical capability, but the degree to which layers have been aligned in practice.
Control Shifts at the Interfaces
As the trust stack moves into operation, control shifts toward those who can connect layers, or who anchor a layer so critical that others depend on it.
This is where positioning becomes strategic. It is no longer sufficient to occupy a role within the stack. The ability to define how that role interacts with adjacent layers determines how it is valued. Companies that can operate across boundaries, or enforce consistency at a critical point within the stack, move from participants to operators.
This shift is already visible. Identity platforms extending into transaction layers. Trust services embedding deeper into application workflows. Cryptographic providers shaping long-term system design. Infrastructure providers influencing how identity is issued and maintained. Hardware providers defining the limits of what can be trusted at the edge.
Identity Week will surface these dynamics, but it will not resolve them. The structure is visible. The operation is still evolving.
TQS Insight
The trust stack is no longer a design problem; it is an operational one. The challenge is not defining the layers, but making them function together under real-world conditions. As deployment accelerates, the distinction between those who participate in the ecosystem and those who operate it becomes clearer.
The former will adapt to the system as it evolves.
The latter will define how it does.
Next in the series: PART 2 – Identity Week is the Stage: The Trust Stack is the Story
Identity Week Europe 2026 takes place between 9-10 June 2026 at the RAI Amsterdam. Meet the contributors to this article:
• IN Groupe – Stand 820
• Tinexta InfoCert – Stand 432
For more Identity Week coverage, interviews and analysis, visit The Quantum Space.
Leave a Reply