The Major Digital Trust Trends Shaping Asia in 2026

Across Southeast Asia and the broader APAC region, the rapidly increasing scale of digital payments makes digital trust a key consideration in market growth. Bank Indonesia data shows continued massive expansion in the value of e-money transactions, from 47.2 billion IDR (approx. US$2.8 billion) in 2018 to 594.2 billion IDR (approx. $35.4 billion) in 2024. In Vietnam, SBV figures show non-cash payment transaction activity and value rising by double digits year-on-year, while Thailand’s PromptPay volumes and values illustrate a similar picture of growth since 2020.

This shift in consumer behavior toward mobile-first, social commerce is reshaping expectations surrounding trust. Users understandably expect low friction and strong protection against fraud. For many businesses in the APAC region, this means digital trust is now the foundation of success; the companies that can prove they verify users with minimal friction, protect data, and prevent fraud are the ones that scale to their potential.

Across APAC, five themes are defining this shifting landscape: identity verification inside superapps, decentralized identity experimentation, data sovereignty pressures, privacy-enhancing technologies, and an accelerating arms race between AI fraud and AI fraud prevention.

Trend 1: Superapps are redefining identity verification across Asia

In 2026, superapps are central to many Asian digital economies. Let’s dive into their essence.

What are superapps and why do they dominate in Asia?

Superapps are mobile or web applications that offer multiple services in one app, often including messaging, payments, transport, and financial services. Examples include Grab across Southeast Asia, Gojek in Indonesia, WeChat in China, Line in Japan, and Kakao in South Korea.

In many Asian markets, mobile internet adoption leapfrogged desktop, financial inclusion gaps drove demand for all-in-one financial tools, and platforms benefited from strong networks. As a result, superapps function as de facto trust layers, where identity signals, transaction history, and behavioral data are concentrated within a small number of dominant platforms.

This concentration of data and user activity fundamentally changes how identity verification works. Rather than being a one-time gateway to a service, identity becomes continuously established and reinforced through ongoing interactions within the superapp ecosystem.

The shift from standalone to continuous embedded IDV: A seamless user experience

Identity verification typically includes uploading a document, passing a liveness check, waiting for approval, and then accessing a service. However, this verification model can slow down user interaction with superapps. In contrast, ongoing embedded IDV ensures verification happens continuously in the background rather than as a single checkpoint.

This can include pre-screening, passive device intelligence, device monitoring, account history, transaction behavior, and biometric signals working together to confirm that the right person is behind the screen. This would allow for greater digital trust between users and businesses without intrusive checks, while still performing all legally required identity verification steps. 

Biometric data and behavioral analytics enable continuous authentication

Biometric authentication has become usual to consumers across Asia, especially in markets where national digital ID schemes already use biometrics. Platforms can pair these with behavioral analytics to analyze how a user types, swipes, navigates, and transacts, building a dynamic trust profile.

This approach supports continuous authentication. Instead of asking “who are you at login?”, systems can ask “does this behavior still look like the user?” throughout the session, which can help build greater digital trust for high-risk actions like payments or account changes.

Suggested read: The Future Is Frictionless and Verified: How Digital ID Is Reshaping APAC

Trend 2: The rise of decentralized identity

What is decentralized identity?

As centralized platforms accumulate more personal data, interest in alternative ways to verify identity, such as decentralized identity, has grown. At its core, decentralized identity is a model where individuals hold and control their own credentials, often using decentralized cryptographic wallets rather than platform-owned databases. China’s RealDID system, for example, uses decentralized identity blockchain infrastructure to allow credentials to be verified without being repeatedly shared.

Instead of handing over potentially sensitive identity data to every service, users can present cryptographic proofs that confirm specific attributes (e.g., age or residency status) without revealing any more information than necessary.

Key use cases: Healthcare, finance, and cross-platform verification

Decentralized identity use cases are possible in sectors where data sensitivity and cross-institution trust are of considerable importance. In healthcare, verifiable credentials could be explored as a way for patients to securely store and manage medical records and share them selectively with providers. 

In finance, decentralized identity technologies have already been trialled to allow key client information to be collected once and reused across services through verifiable credentials, reducing the friction and cost of traditional KYC processes. In Hong Kong, for example, the DID system was used in a limited pilot to allow visitors from mainland China to register for regulated stablecoin services without giving away any of their personal details.

Decentralized identity models may allow users to hold credentials (such as a KYC-verified identity issued by a single entity) and present them to others without requiring repeated onboarding checks, illustrating how identity can be portable across platforms.

Barriers to adopting decentralized identity in Asia

Despite strong conceptual appeal, the decentralized identity market faces several practical barriers. Decentralized identity companies may struggle with user experience challenges, limited adoption in real-world scenarios, and fragmented regulation. 

Broadly, as noted in a 2025 University of Zurich study on the applications of decentralized identity projects, real-world adoption of the technology remains limited despite its potential, due to challenges including technological limitations, business constraints, societal conflicts, and a lack of reporting on adoption progress and results. 

The non-profit group Identity also notes that, despite growth in this sector, and notable instances of potential decentralized identity schemes in Asia for access to public services and digital finance through systems like Aadhaar and SingPass, interoperability and short-lived pilots also hinder development.

In many APAC jurisdictions, there is no clear statutory recognition of self‑sovereign credentials, and AML/KYC laws still assume the use of centralized government ID systems. Enterprises tend to move cautiously when infrastructure lacks clear standards or legal recognition.

Key questions are still unresolved, such as who is liable if a credential is wrong or misused, how consent and revocation work under privacy laws, and whether regulators will treat these credentials like traditional ID for KYC. Ultimately, liability, consent, and regulatory recognition are unresolved. Until regulators give clearer rules on these, adoption will likely remain gradual.

Parts of Asia, as the Tech Global Institute notes, also face a lack of investment from major tech companies.

Trend 3: The era of data sovereignty and localization

As data becomes strategic infrastructure, regulators increasingly ask who controls it and where it is stored.

What is data sovereignty?

Data sovereignty refers to the idea that data is subject to the laws and governance structures of the country where it is collected or stored. The data sovereignty definition may be expanded beyond storage location to include access rights, government oversight, and cross-border transfer restrictions.

For companies operating across APAC, the concept of data sovereignty is a core consideration in many countries, including China, India, Vietnam, and Indonesia.

Data localization requirements

Many governments impose explicit data localization rules as part of their data sovereignty compliance frameworks. These may require certain categories of data (such as financial records, biometric data, or citizen information) to be stored locally or processed within national borders. 

In some cases, localization is “hard,” meaning data must remain onshore. China, for example, mandates domestic storage for sensitive datasets under the Cybersecurity Law (CSL), Personal Information Protection Law (PIPL), and Data Security Law (DSL). Vietnam has imposed similar requirements in its Decree 53 guiding Cybersecurity Law.  

In other jurisdictions, localization is “soft,” with transfers relying on transfer impact assessments, standard contractual clauses, or regulator approvals rather than an absolute onshore storage mandate. India’s Digital Personal Data Protection Act, for example, allows cross-border data flows but still lets the government restrict transfers.

Multi-cloud data strategy: Frameworks for regional compliance

In response to these challenges, many platforms are adopting multi-cloud architectures rather than relying on a single regional data hub. This reflects both the growing complexity of data sovereignty requirements and the practical realities of operating across multiple jurisdictions.

Organizations increasingly need to consider questions such as where risk models are trained, where biometric data is processed, which jurisdiction’s laws apply to audit logs, and how systems can remain compliant across overlapping regulatory regimes.

To address these requirements in APAC, Sumsub offers local data processing capabilities in markets such as Singapore, Hong Kong, Indonesia, and the Philippines. This allows personal data and transaction information to be stored and processed within the region, helping organizations meet regulatory expectations, reduce cross-border data complexity, and improve performance. These capabilities support Sumsub’s KYC, KYB, Transaction Monitoring, and Fraud Prevention solutions.

Trend 4: Privacy-enhancing technologies

What are privacy-enhancing technologies?

As regulators push for stronger protections and users become more privacy-aware, attention is turning to privacy-enhancing technologies (PETs). These are tools designed to enable data use and analysis while reducing exposure to raw personal information. The definition of privacy-enhancing technologies usually focuses on minimizing data disclosure while preserving utility.

Rather than relying purely on policy controls, PETs aim to make privacy protection practical.

Key PET methods: Homomorphic encryption, zero-knowledge proofs, and federated learning

Commonly cited privacy-enhancing technologies examples include homomorphic encryption, which allows computation on encrypted data, and zero-knowledge proofs, which allow claims to be verified without revealing underlying data. Federated learning, meanwhile, allows machine-learning models to be trained across distributed datasets without centralizing raw data.

These types of privacy-enhancing technologies are still maturing, and how they may be applied in real-world practice remains unclear. However, they are increasingly referenced in policy discussions around AI governance, cross-border data sharing, and privacy-preserving compliance, and could play a part in the development of digital trust in Asia.

Enterprise adoption

The privacy-enhancing technologies (PETs) ecosystem is nonetheless expanding, and the privacy-enhancing technologies market is growing, but organizations could struggle with complexity, performance, and integration into legacy systems.

Still, institutions that may affect the APAC region in the future are viewing PETs as a potential way to balance innovation with privacy, especially in high-risk domains such as biometric identity and financial crime monitoring.

Suggested read: Unmasking Fraud Networks in APAC Ahead of the Threat Curve

Trend 5: AI-driven attacks vs AI-powered defense in APAC

AI-driven fraud is particularly dangerous for Asian superapps because their scale, embedded payments, and consolidated identity signals make them high-value targets and allow attacks to spread quickly across multiple services. At the same time, the same AI technologies can be a strong defense if superapps use them for real-time monitoring, behavioral analysis, and early intervention.

AI fraud: Deepfakes, synthetic identities, and automated bots

According to Sumsub’s Fraud Exposure Survey 2025, 32% in APAC have come across deepfakes online, while another 24% are unsure, showing that synthetic media is now so convincing that many users in the region struggle to tell reality from fiction.

Consequently, fraud has become more sophisticated as attackers adopt AI. Deepfake fraud can be used to bypass some biometric checks, while synthetic identity fraud can blend real and fabricated data to create convincing fake personas. 

Meanwhile, AI agents and bots may analyze onboarding flows, testing weaknesses faster than human attackers ever could. This also makes it simpler for bad actors to scale up their attacks, automating onboarding, transactions, and subsequent fraud.

China’s Ministry of Industry and Intelligence Technology has issued a warning that agentic AI systems like OpenClaw could put systems at risk of cyberattacks, and that hackers could exploit weak controls, a lack of monitoring, or identity mismanagement.

This new wave of AI fraud is particularly dangerous in ecosystems like superapps and digital wallets, where risk extends beyond traditional account takeover. AI can accelerate the entire user lifecycle, being compromised, with faster account creation, exploiting synthetic identities, more convincing impersonation, higher fraud success rates, and faster cash-out. In platforms that combine payments, lending, messaging, and identity in a single environment, these capabilities amplify the potential damage. 

In several APAC markets, this is already driving tighter expectations from financial regulators around ongoing customer due diligence, transaction monitoring, and robust biometric liveness controls.

AI-powered fraud prevention

The good news, however, is that defenses are evolving just as quickly. Modern AI fraud detection systems can analyze vast behavioral datasets in real time, identifying subtle anomalies that traditional systems would miss. These approaches underpin many AI fraud prevention strategies that could be of considerable use across the APAC region, from detecting account takeovers to flagging mule networks across platforms.

Across Asia, digital trust is being shaped by a landscape of dominant superapps, the potential for identity verification integration into everyday digital life, growing pressure around data sovereignty, the potential for experimentation with decentralized identity, and the conflict between AI fraud and AI-powered defense, as we are seeing all around the world.

For businesses operating in superapps, cross-border e-commerce, and digital wallets, the implication is clear. Trust must be built into systems, and success depends on how well organizations can demonstrate that they verify users with minimal friction, protect data responsibly, and respond to emerging AI risks intelligently.

Sumsub’s Fraud Prevention solution can help organizations across the APAC region establish this trust while navigating evolving regulatory expectations. 

Be one step ahead of fraudsters

Try Sumsub Fraud Prevention and protect your business from the newest types of fraud

Book a demo

FAQ

• What is digital trust?

  Digital trust refers to the confidence users have that a digital service will handle their identity, data, and transactions securely and responsibly. Put simply, one digital party trusts another to be who they say they are and act accordingly.

• Why is digital trust important?

  Digital trust directly affects whether users are willing to share data, complete transactions, and remain loyal as customers. As AI‑driven impersonation and deepfake fraud increase, regulators and customers are paying closer attention to how businesses verify identity, prevent fraud, and protect personal data. It is crucial for businesses to develop and maintain digital trust.

• How can we build trust in digital transactions?

  Trust in digital transactions is built through strong identity verification, effective fraud prevention, and transparent data practices. Consistent user experience and accountability also play a critical role.

• What are superapps?

  Superapps are platforms that combine multiple services, such as payments, messaging, commerce, and financial tools, into a single ecosystem. They function as both infrastructure and interface for much of the users’ digital activity.

• What is data sovereignty?

  Data sovereignty is the principle that data is subject to the laws and governance of the country where it is collected or stored. It shapes how organizations design systems for storage, processing, and cross-border transfers.

• Which countries have data sovereignty laws?

  Countries including China, India, Indonesia, Vietnam, and members of the EU have introduced data sovereignty or data localization requirements in various forms. The scope and strictness of these laws differ by jurisdiction and sector.