Italy is preparing to retire one of Europe's most successful digital identity systems. Undersecretary for Innovation Alessio Butti has confirmed that SPID — the Sistema Pubblico di Identità Digitale, used by roughly 40 million Italians for over a billion logins a year — will be phased out over the next two to three years in favour of the CIE, the state-issued electronic identity card. The government is urging citizens to activate their CIE digital credentials now, ahead of an unrelated 3 August 2026 deadline that ends the validity of paper ID cards for intra-EU travel and is expected to drive a rush on municipal offices.
The direction of travel is clear: Italy wants a single, state-controlled national credential. The question this publication asks is whether the stated benefits — security and cost — justify dismantling a working, competitive, federated system that citizens demonstrably prefer.
The case for consolidation
The government's argument deserves a fair hearing. SPID is operated by up to ten private identity providers — including Poste Italiane, Aruba and InfoCert — and Butti contends that outsourcing the management of citizens' digital identities to private firms is both a security exposure and an avoidable public cost. The security claim centres on so-called "doppio SPID" ("double SPID") fraud, where criminals enrol a second, fraudulent identity in another person's name. Because the CIE is issued by a public official who verifies the applicant in person at the anagrafe, the state argues this class of impersonation is far harder to pull off. There is also a genuine fiscal grievance: the state has historically paid providers to run SPID, and from January 2026 Poste Italiane introduced a €6 annual fee for some SPID accounts, while the CIE carries no recurring login charge.
Those are real points. In-person enrolment is a stronger root of trust than remote onboarding, and nobody should defend identity fraud. But the conclusion — therefore abolish the alternative — does not follow from the premises.
What gets lost when you delete the competitor
The usage numbers are the most damning fact for the government's own framing. SPID records around one billion logins per year; the CIE manages roughly 21 million. Italians overwhelmingly choose the private, federated option when both are available. That is not a system to be euthanised on security grounds; it is a system whose convenience the state has so far failed to match. Forcing 40 million people onto a credential they have largely declined to use is a migration risk, not a security upgrade.
Federation is also a feature, not a bug. A market of competing identity providers means no single point of failure and no single chokepoint where the state both issues identity and watches it being used. Folding everything into one government-issued credential concentrates exactly that power. "Double SPID" fraud is a real but bounded problem that better provider-side verification and liveness checks can address; the remedy of last resort should not be eliminating provider choice altogether.
The accessibility gap the government already sees
Tellingly, the same administration has had to legislate around the friction its own plan creates. A draft decree approved in March 2026 introduces "digital proxies" (deleghe digitali): citizens registered in the national population registry can authorise up to two trusted delegates to access online public-administration services on their behalf via the new delegation-management platform run by the Istituto Poligrafico e Zecca dello Stato. Italy's data-protection authority, the Garante per la protezione dei dati personali, issued a favourable opinion on the implementing decree in its newsletter of 9 March 2026, while insisting each public body carefully classify which services are delegable and carving out a stricter regime for sensitive health records (FSE 2.0) and telemedicine data.
The Garante's caution is well-placed, but the deeper signal is this: a delegation workaround is necessary precisely because a CIE-only world excludes people who cannot easily obtain or operate the card — the elderly, the digitally marginalised, residents abroad. SPID's remote enrolment served many of those people without a proxy. Replacing it with "have someone else log in for you" is a downgrade in autonomy dressed up as a convenience.
The EU frame argues for plurality, not monopoly
None of this happens in a vacuum. Under Regulation (EU) 2024/1183 — eIDAS 2.0 — every member state must offer citizens an interoperable EU Digital Identity Wallet by December 2026, with use voluntary and free for individuals. Italy can satisfy that obligation through its IT Wallet without making the CIE the sole admissible credential domestically. The European framework is explicitly built around interoperability and user choice, including the ability to selectively disclose attributes. A national pivot toward a single state credential sits awkwardly against that grain.
A proportionate path
The pro-innovation answer is not to defend SPID's status quo uncritically — its fraud and funding problems are real. It is to fix them while preserving choice. Strengthen provider-side identity-proofing to close the "double SPID" gap; put SPID's funding on a stable, transparent footing instead of letting fees creep onto users; and let the CIE, SPID and the forthcoming IT Wallet coexist as accepted credentials, with citizens deciding. A billion voluntary logins a year is the market telling regulators what works. The burden of proof for switching it off — and concentrating national identity in a single state-issued card — should be very high, and on the evidence so far, the government has not met it.