Irene Hernandez, a Spanish entrepreneur, and the GATACA team transformed a vision on a napkin – building a new Identity layer for the Internet – into an internationally recognised company that is shaping Europe’s Digital Future.
What is GATACA?
GATACA develops self-sovereign (SSI) identity technology to provide hyper-secure, passwordless, and privacy-preserving access to digital services.
How did you come up with the idea for your project?
In 2017, while pursuing my MBA at MIT, I began an academic research project on security, privacy, and user experience issues within current authentication systems.
In this journey, I became aware that decentralised identities exceeded privacy protection to promise drastic reductions in identity-theft rates, and had the potential to become the linchpin of global economic growth and improve the lives of many. That’s when I decided to move from research to execution. I launched myself into the entrepreneurship journey in Boston, but soon came to the conclusion that Europe would become the pioneering market for SSI: the region not only had the most advanced privacy regulation in the world, but central authorities were initiating the definition of technical and policy frameworks for SSI.
This is when I transferred the newborn startup to Spain and joined forces with Samuel Gómez, current CTO, and blockchain expert, to establish GATACA in Europe. Shortly after, Jose San Juan, our CISO and cybersecurity expert joined the team – the rest followed almost immediately.
In just three years, we’ve built a multidisciplinary team of cybersecurity and blockchain experts, business leaders, engineers, and economists and managed to develop and launch a holistic platform. So far, we’ve closed several key contracts with public administrations and other major organisations in Europe.
What problem does your project solve?
GATACA’s technology aims to reduce identity fraud and client onboarding inefficiencies by redesigning the way users access digital services (sign up & sign in). To date, no identity system has been able to resolve the tradeoff between privacy, security, and user experience.
Current authentication systems ask digital consumers to create and keep track of multiple usernames and passwords while losing control of who has access to their personal information. At the same time, businesses receiving this information are responsible for validating and securing the data and thus are forced to implement complex onboarding processes and spend millions of euros complying with security, KYC, and GDPR rules.
The sudden full-remote requirements that COVID has put businesses and governments in have exacerbated the security risks of doing business online. With the digitalisation of sectors such as education, finance, health services, and government, in which identity verification is critical, the need for a more robust authentication system has become urgent.
Our self-sovereign identity proposal inverts the Internet’s authentication architecture by providing a single digital identity that is owned and controlled by the user and managed via an ID wallet as a privacy-preserving master key for the Internet, eliminating the need for passwords.
Blockchain technologies introduce the possibility of building a single, globally trusted digital ID, while ensuring interoperability for both public and private services, worldwide.
Identity fraud is the largest and fastest-growing type of cybersecurity attack, and the COVID situation has not only been a wake-up call (we’ve witnessed a +718% increase in phishing attacks since COVID), but also a categorical confirmation of the need to develop more secure authentication mechanisms. Cybersecurity is paramount for governments and businesses.
SSI has risen worldwide as the favourite novel solution to solve this challenge. In the last couple of years, a rich ecosystem of governments, regulators, standardisation bodies, and technology providers has matured, providing the minimum necessary set of tools to start deploying an SSI market, including the definition of standards.
This past June, the European Commission announced the launch of a European Digital Identity that borrows SSI principles, which will not only be mandatory for member states to implement but for businesses, including big tech, to accept it as a form of identity verification. What’s more, several European nations including Germany, Spain, Netherlands, and Finland have solidified their intent through public agreements to develop SSI-based cross-border use cases. Outside of Europe, other governments have also been piloting SSI use cases such as i-voting and academic diplomas & transcripts. This is just the beginning!
Now is the time when governments worldwide are designing national SSI strategies, and for us to exploit our first-mover advantage.
How did NGI support you?
GATACA was granted funds from two open calls of NGI’s ESSIF-Lab program: the Business Oriented Call (completed) and Infrastructure Oriented Call (ongoing). Our achievements during each phase are as follows:
- Business Oriented Call: We successfully developed Open APIs of our Connect component (access the APIs documentation here: https://api.gataca.io/) as well as launching a public testing environment.
- Infrastructure Oriented Call: We are defining the Verifiable Universal Interface (VUI), a set of standard interfaces to achieve interoperability between ID wallets and Verifier components. The VUI initiative is already having a significant impact on the international SSI community, having been referred to as a key interoperability project to keep an eye on in the Canada-EU Joint Workshop Series for Enabling Interoperability and Mutual Support for Digital Credentials. VUI is also being transferred to the Decentralised Identity Foundation (DIF), an organisation that develops standards and specifications for the SSI community. In January, we will be publishing VUI’s first draft here https://gitlab.grnet.gr/essif-lab/interoperability/verifierapis.
What is the advantage of being part of the NGI community?
For the GATACA team, joining the NGI community has provided us with the necessary support we needed to accelerate and expand our business. One of the most important aspects has been the access to a community of mentors and fellow innovators who have joined and contributed to our project, one example being their contributions in the interoperability initiative launched by GATACA called the Verifiable Universal Interface (VUI). They have been an integral part of this initiative’s success, which is now gaining global traction in the SSI community.
Getting funding is never an easy task, especially for startups in new category-defining markets such as ours. We’ve been fortunate to have joined the NGI community who provided access to target financing to develop not only technologically ground-breaking technologies but also technologies with a global aim of positive social impact.
Finally, the NGI community has boosted GATACA’s brand recognition at the EU level. Initiatives such as this website and blog, numerous invitations to participate in EU events and conferences, and other types of promotion have helped put GATACA in the mouths of governments and businesses regionally (it is thanks to the NGI ecosystem, that the VUI initiative has been able to reach the European Commission’s ears).
How do you support/promote women in STEM?
In 2019, women made up only 14.5% of blockchain startup teams and the ratio drops to 7% in the case of women in executive positions. The mild jump in the participation of women reported by CoinTelegraph during the last year stems mostly from women joining crypto investment, rather than in active incorporations as entrepreneurs, employees, or advisors to blockchain companies. This fact not only causes our company to be overlooked by investors, it sets a terrible example for young women and risks businesses’ ability to form diverse teams, key for success.
GATACA does not only want to stand out as a leader in the Decentralised Identity market. Our success is a responsibility towards other women innovators, who hopefully will boost public awareness of the capacity that women have to be leaders and contributors to the shaping of the Internet and our future. Currently, over 30% of our team is female, and we definitely expect this number to grow in the next couple of months as we receive new financing. And the goal is to not only hire women but to empower them with autonomy and responsibilities such as presenting in conferences, leading strategy brainstorming meetings, working directly with clients and partners, and providing them with the necessary foundation to help them successfully and confidently launch their professional selves into our male-driven industry.
GATACA’s product suite includes GATACA wallet, an ID wallet for mobile devices where users can store digitized and verified identity credentials including but not limited to academic certificates, government IDs, insurance cards, vaccination passports, and any other identity attribute. Their technology is complemented with two major components. GATACA Certify, a credentials issuance tool for Trusted Authorities, and GATACA Connect, single-sign-on authentication tools for Service Providers that automatically verify credentials and manage consent proofs.