Digital identity is becoming the new infrastructure layer of the internet, and APAC is building it faster than anyone else. From biometric verification to real-time fraud controls and new crypto regulation frameworks, APAC countries are shaping how users worldwide will identify themselves online, onboard to financial services, and interact with crypto platforms.
To understand what digital identity really means today, how APAC sets the tone for global regulation, and what the upcoming EU Digital Identity Wallet could learn from the region, CoinsPaid Media spoke with M Sivakumar, APAC Legal Director at Sumsub. He works directly with regulators across Asia, helping businesses navigate evolving requirements around verification, ID cards, digital identity verification, and crypto compliance.
Here’s how he sees the landscape shifting, and why the next phase of digital identity will redefine the future of crypto and fintech onboarding.
How APAC Is Redefining Verification and Crypto Regulation
Which APAC regulator has found the most practical balance between innovation and biometric verification rules?
It’s very difficult to choose a single jurisdiction, because each country builds its system around its own foundational laws, fraud landscape, technological maturity, and risk appetite. Singapore, Australia, and South Korea all face different threat levels that shape their regulatory needs.
Singapore, for example, mandates strict biometric verification, facial recognition, and liveness checks — requirements that are not always present elsewhere. In South Korea, regulators have introduced strong KYC and biometric rules, but certain parts of the identity-infrastructure still lag behind modern capabilities by several years. Australia’s priorities differ again because its fraud-risk profile is different from Singapore’s or South Korea’s.
So rather than declaring one country “the best,” I would say each jurisdiction has implemented what fits its unique demands. Singapore’s model may be optimal for its environment, but Australia or South Korea may need a different approach based on their own threat perceptions and regulatory foundations.
Are regulators in APAC still behind the tech, or are they quietly leap-frogging in crypto regulation?
It’s easy to assume that regulators don’t understand technology or are always behind, but that isn’t entirely true. Yes, regulators in many regions take time to catch up, especially with rapidly evolving technologies like algorithmic governance, deepfake manipulation, or new fraud techniques. Fraud evolves faster than regulatory guidance — that part is true.
But in several areas, especially in Singapore and Hong Kong, regulators have been far-sighted. In 2018 and 2019, MAS mandated that banks implement the SIGMAS facial-recognition tool for onboarding and for high-value or critical transactions. At the time, even banks did not anticipate how serious biometric fraud would become a few years later.
MAS also implemented anti-scam measures like blocking screen-sharing during onboarding, which helped counter device-mirroring fraud. These actions show that regulators were actually ahead of the curve.
South Korea recently mandated encrypted facial templates for onboarding to mitigate deepfake risks — something we don’t see widely enforced elsewhere. Regulators in India, Australia, and Hong Kong are now engaging AI specialists to shape guidance, which is a welcome development for compliance teams.
So yes, some regions still need to catch up, but we also see regulators actively leap-frogging in important areas.
What new APAC compliance obligations should crypto and fintech businesses expect in 2026, especially around digital identity verification?
Several obligations already exist, but regulators are now prioritizing their enforcement. The most important requirement for 2026 will be real-time transaction monitoring. Fraud rarely happens at onboarding; users typically commit illicit activity only after gaining access to a system. Regulators now want reporting entities to monitor all customer transactions continuously and flag unusual behavior, synthetic IDs, or changes in PEP status.
Another major requirement will be beneficial ownership transparency. Countries like Malaysia and Vietnam updated their rules recently, and regulators want to clearly identify the true owners behind accounts. This will become a core compliance responsibility in 2026.
We also expect stricter oversight on data protection and AI transparency. Regulators in India, Vietnam, and other markets want companies to explain how their AI systems operate — what data they use and how decisions are made. At Sumsub, for example, we already provide explainable AI with timestamped audit trails, which helps clients meet these expectations.
These areas — real-time monitoring, beneficial ownership, and AI transparency — will be central to compliance in 2026.
Why APAC’s Digital Identity Models Are Influencing Global Standards
How will APAC’s digital identity programs influence Europe and the U.S., including the EU Digital Identity Wallet?
Digital identity systems in APAC — in Singapore, India, Hong Kong, and the Philippines — are among the most successful in the world. SingPass in Singapore is a great example: one digital ID allows access to government services, banking, and even some private-sector platforms. The same applies to Aadhaar in India.
These products are interoperable. You can onboard quickly by scanning a QR code, and your account is created within seconds. This level of efficiency is unmatched in many Western markets.
The EU is currently developing its own EU Digital Identity Wallet, and similar pilots are emerging in the U.S. What APAC built over the past decade is now being adopted globally.
If FATF introduces global liveness requirements, how will that impact cross-border digital identity verification?
In APAC, this won’t be a major shift. Countries like India, Singapore, and South Korea already make liveness checks mandatory. Even in countries where it isn’t mandatory, such as the Philippines, many companies implement it voluntarily as part of their risk-based approach.
But in regions where liveness is not a regulatory requirement, like some African or Latin American jurisdictions, this would be a significant change. Cross-border providers may need to upgrade quickly.
Technology vendors, including Sumsub, already collaborate with technical and compliance partners to ensure liveness solutions meet local regulatory requirements, so companies will have ready-made systems available.
Will APAC’s identity-proofing standards define global onboarding for exchanges, ID cards, and crypto wallets?
APAC includes more than 20 countries, and many, including Australia, Singapore, Hong Kong, the Philippines, and India, have implemented high standards for biometric verification, liveness detection, document security, and fraud controls.
Global exchanges operating here already meet these requirements, which means their onboarding flows are built to a higher standard. When they expand into regions with looser regulations, they don’t need to redesign their flows — their systems are already compliant with stricter APAC norms.
So APAC effectively sets a global benchmark. Companies standardized here carry those standards with them to the rest of the world.
What APAC’s Digital Identity Shift Means for Users and Crypto Builders
Can stronger verification rules still protect user anonymity in crypto ecosystems?
From a legal perspective, users often expect full anonymity when they enter the blockchain ecosystem. When licensed platforms require KYC, they may feel the ecosystem is moving away from decentralization.
But the scale of fraud in crypto shows why regulators — from the U.S. to Hong Kong — now require exchanges to identify end users. This is a welcome step in building a safer ecosystem. Transparency is becoming a regulatory necessity.
Whether stronger verification can preserve anonymity in the long term is more of a technical than a legal question. But regulators are clearly pushing toward identifiable users to reduce fraud.
What should new crypto and DeFi startups do in 2026 to prepare for deepfake-driven regulation and digital identity risks?
A startup should build an AI-powered digital identity system from day one. With experience in payments and exchanges, I know how difficult it is for young companies to build these systems internally, especially for cross-border operations.
It’s more practical to partner with specialized identity-verification providers like Sumsub, who have the technical capacity to meet regulatory standards and detect deepfake-driven fraud. Building such capabilities internally is costly and complex.
Regulators closely watch crypto platforms. Failures in AML or KYC can result in severe penalties. We saw India’s largest payments company lose its license and more than 100 million users, due to AML/KYC violations. My advice to startups is: focus on your core technology, and rely on experienced compliance providers for identity and onboarding.
Will users eventually have one reusable global digital ID, or will digital identity remain fragmented?
A global reusable KYC ID — a single digital identity used across services — is something many teams around the world are working toward. Conceptually, I believe it should happen.
But not in the next ten years. Countries need shared privacy rules, aligned regulations, and interoperable technology before such a system can exist. Trust between jurisdictions is a major barrier.
At the moment, I can’t use my Singapore ID to access services in India. I still need separate identities. A unified global framework will take time and collaboration among governments before it becomes a reality.
