Identity verification has historically been an event. A person presented identification at the moment they opened an account, took up a position, entered a building, or boarded an aircraft. The verification was performed; the relationship continued under its implication. The next verification, if there was one, came at a defined moment chosen by the institution.

The systems now in deployment treat verification as a continuous condition. A bank application that prompts for a re-verification each time it is opened in a new location. A workplace system that performs a face check at each sensitive transaction. A device that continues to confirm the holder is the holder, throughout a session, by checking biometric and behavioural signals.

The drivers of the shift are several. The cost of repeated verification has fallen as the technologies (face matching, behavioural biometrics, document scanning) have improved and as the infrastructure has been built out. The regulatory direction has favoured stronger and more frequent verification in the categories where the rules apply (financial services, regulated professions, certain government services). The threat model has shifted: once-verified accounts are increasingly compromised between verifications.

The implication for a private person is that the records of identification become more numerous, and the inferences about the person become more current. A verification performed today (rather than years ago) places the person at a particular location, on a particular device, at a particular moment. The accumulation across years is a finely dated map of the person's presence.

· · ·

The desk reads the direction as one likely to continue. The reading shapes how it advises on the present, with attention to what becomes part of the record as continuous verification spreads.