.svg)
.svg)
.svg)
.jpg)
Every time you prove your identity online, you probably share far more than the situation actually requires. Applying for a student discount, you hand over your full ID. Accessing an age-gated service, you upload a document with your home address, your photo, your date of birth, and everything else on it. The service needed one fact. You gave it everything.
This is not just inconvenient. It is the root cause of how personal data ends up in databases it was never meant to be in, how breaches expose information that should never have been collected, and how individuals lose control of their own identity one transaction at a time.
Selective disclosure is the concept that changes this dynamic. It is one of the foundational principles behind the EU Digital Identity Wallet and modern verifiable credential systems, and in 2026 it is moving from a technical idea into everyday infrastructure. This guide explains what it is, how it works, and why it matters for anyone building or operating in the digital identity space.
Selective disclosure is a privacy-preserving technique that allows an individual to share only the specific attributes required for a particular interaction, while keeping all other personal information confidential. The key word is specific. Not a document. Not a record. A single verified fact.
A practical example makes this concrete. Imagine a person holds a government-issued digital credential in their wallet containing their full name, date of birth, address, and national ID number. A venue asks them to prove they are over 18. With selective disclosure, they can prove that single attribute, that they meet the age requirement, without the venue ever seeing their name, their address, or any other detail from the credential. The proof is valid. The credential is real. But only what was asked for was shared.
This is what makes selective disclosure different from simply handing over a physical document or a PDF. Traditional credentials are all-or-nothing. You show the passport and the verifier sees everything on it. Selective disclosure breaks that constraint. The credential issuer, such as a government authority or a licensed institution, signs the entire credential cryptographically. The holder then chooses which fields to present, and the cryptographic proof confirms those fields are authentic without exposing the rest.
The concept connects directly to a broader principle called rational privacy: the idea that privacy should not be absolute or all-or-nothing, but contextual. In real interactions, people often want and need to share some information to access services, meet legal obligations, or prove eligibility. Rational privacy recognizes this and gives individuals the tools to calibrate what they share to exactly what the situation requires, nothing more.
Selective disclosure is enabled by a combination of verifiable credentials and specific cryptographic signature schemes that support partial disclosure.
A verifiable credential is a digital version of a real-world document, a driving license, a university degree, a professional certification, issued in a format that is cryptographically signed by the issuing authority and tamper-proof. Unlike a scanned PDF, a verifiable credential can be verified instantly without contacting the issuer, and the holder controls when and to whom it is presented.
Standard digital signatures have a limitation for selective disclosure: if you change or hide any part of the signed data, the signature breaks. The whole credential must be presented for the signature to be valid. This is why specialized signature schemes are needed.
BBS+ signatures are one of the most widely used solutions. BBS+ allows a holder to generate a proof from a subset of the credential's attributes, a proof that confirms those specific fields are authentic and signed by the issuer, without revealing the remaining fields. The proof itself looks different every time it is generated, which prevents the holder from being tracked or linked across different transactions based on a recurring signature pattern.
Zero-knowledge proofs (ZKPs) take this further. A zero-knowledge proof allows a holder to prove that a statement is true, such as "my age is over 18" or "my credit score exceeds a threshold," without revealing the underlying value at all. The verifier learns only that the condition is met. They learn nothing else. ZKPs are particularly powerful for financial and healthcare applications where the underlying data is highly sensitive but a binary answer, eligible or not eligible, is all that is actually needed.
The EU Digital Identity Wallet is built to support both of these approaches. The Architecture and Reference Framework (ARF) specifies SD-JWT and mDoc as the primary credential formats, both of which support selective disclosure natively. This means selective disclosure is not an optional feature in the EUDIW ecosystem. It is built into the technical foundation.
Data minimization by design. GDPR requires that personal data collected be limited to what is necessary for the stated purpose. Selective disclosure enforces this at the technical level, not just as a policy target. When the wallet architecture only releases what was explicitly requested and consented to, data minimization becomes a structural property of the system rather than a compliance checkbox.
Reduced breach exposure. The less data a service receives and stores, the less there is to lose in a breach. When a verifier receives only a proof that an attribute meets a threshold, rather than the full underlying record, there is nothing sensitive to steal. The attack surface shrinks in direct proportion to the amount of data that was never collected in the first place.
Lower operational liability for businesses. Many organizations would prefer not to store sensitive personal data due to the regulatory burden, storage cost, and security risk it creates. Selective disclosure offers a path where users can demonstrate eligibility or compliance without requiring businesses to retain or manage the underlying personal information. This simplifies operations and reduces exposure.
User trust and control. When individuals can see exactly what data they are sharing in each transaction and choose which attributes to disclose, their relationship with digital services changes. They are participants with control, not subjects of a data collection process. This shift in dynamic builds genuine trust rather than the reluctant acceptance that characterizes most current identity interactions.
Cross-border compliance. In a multi-jurisdictional environment like the EU, different regulatory frameworks impose different requirements on what data can be collected, how it must be stored, and how long it can be retained. Selective disclosure reduces this complexity by ensuring that each interaction involves only the minimum required data, making it easier to operate compliantly across borders without maintaining separate data architectures for each jurisdiction.
KYC and AML regulations require financial institutions to verify identity and confirm eligibility, but they do not require institutions to hold a copy of every document a customer has ever produced. With selective disclosure, a bank can receive a cryptographic proof that a customer's identity has been verified by a government authority, that their address is current, and that they meet the required risk thresholds, without receiving or storing the underlying documents. Periodic KYC refresh becomes a matter of presenting updated wallet credentials rather than resubmitting paperwork.
A patient seeking treatment in a different EU country can share their relevant medical history, their prescriptions, their vaccination records, or their insurance status without exposing their entire health record to each new provider. A proof of vaccination status for a specific condition reveals exactly that, nothing more. This is particularly valuable in cross-border and emergency care scenarios where sharing must happen quickly but privacy must still be preserved.
A job applicant can confirm that they hold a relevant degree and that it was awarded by an accredited institution without sharing their student number, the grades on every module, or any other details from their academic record that the employer does not need. The credential is real. The proof is cryptographically valid. The oversharing that currently characterizes document-based verification is eliminated.
Citizens accessing public services, applying for benefits, or completing regulatory filings can prove their eligibility for a specific service without submitting a full identity record each time. Each interaction releases only the attributes that service actually requires, with the citizen explicitly consenting to each disclosure.
For any service that needs to confirm a binary attribute, such as whether a user is old enough, holds a valid license, or is a verified member, selective disclosure replaces full document submission with a simple, privacy-preserving proof. The service gets the answer it needs. The user retains everything else.
The EUDIW makes selective disclosure a practical reality at scale for the first time. Every EU Member State is required to make at least one compliant wallet available to its citizens by the end of 2026. The wallet specifications mandate selective disclosure support across all credential formats. This means that by the time EUDIW wallets are in widespread use, selective disclosure will be a standard expectation of the identity verification experience across Europe, not a premium feature available only in specialist contexts.
For businesses operating as relying parties, those who request and verify wallet credentials, this creates both an obligation and an opportunity. The obligation is to redesign data request flows around minimum necessary attributes rather than maximum collection. The opportunity is to build onboarding and verification experiences that are genuinely faster, cheaper, and more trusted by the users going through them.
Myth 1: "If someone only shares part of a credential, we cannot trust the proof."
Reality: The cryptographic proof covers exactly the attributes that were shared. The signature from the issuing authority confirms those attributes are authentic, even when the rest of the credential is withheld. Partial disclosure does not weaken the verification. It is designed to work precisely this way.
Myth 2: "Selective disclosure means we cannot meet our compliance requirements."
Reality: Regulatory requirements specify what facts need to be confirmed, not how much surrounding data needs to be collected in the process. In most KYC and AML contexts, selective disclosure provides everything required for compliance while eliminating the collection of data that compliance frameworks do not actually demand.
Myth 3: "This is only relevant for consumer identity."
Reality: Selective disclosure applies equally to business identity. A company proving its registration status, tax compliance, or beneficial ownership structure can share exactly the attributes a counterparty requires, without exposing its full corporate structure or financial history. The European Business Wallet proposal extends these principles directly to B2B contexts.
Myth 4: "Zero-knowledge proofs are too complex to use in practice."
Reality: The complexity sits in the cryptographic layer, not in the user experience or the business integration. From the perspective of the user, they confirm what they want to share and approve the request. From the perspective of the business, they receive a verified proof. The underlying mathematics is abstracted away by wallet and platform infrastructure.
Selective disclosure is not a future concept that businesses can defer thinking about. It is embedded in the regulatory framework that takes effect at the end of 2026, specified in the technical standards that wallet providers are building against right now, and expected by users who are increasingly aware that oversharing personal data comes with real personal risk.
For businesses, the practical preparation involves auditing current data collection practices against what each transaction actually requires, rebuilding verification request flows around specific attributes rather than full document submission, and ensuring that technical infrastructure is compatible with the credential formats the EUDIW ecosystem uses.
At Hovi, selective disclosure is a core part of how we have built our credential infrastructure. We work with organizations that need to issue verifiable credentials supporting selective disclosure to their customers and with businesses that need to verify specific attributes from EUDIW-compliant wallets without collecting more than a transaction requires. The regulatory framework has made the direction of travel clear. The businesses that build their identity infrastructure around these principles now will be in the strongest position when the deadline arrives and beyond it.
we showcased live demos of real-world EUDI Wallet use cases From age verification and healthcare identity to AI agents interacting with verified credentials.
.svg)
