Worldcoin, the Sam Altman-backed project that scans irises in exchange for a global digital identity credential and tokens, has reached settlements with data-protection regulators in several large markets where its operations had been suspended or curtailed. The settlements include stricter data-handling commitments, mandatory local data residency, and a clearer opt-out path for users who later wish to revoke their biometric records. The agreements unlock a path for the project to resume Orb signups in jurisdictions that had previously restricted activity.
The largest settlement, reached with Spain's Agencia Española de Protección de Datos, follows nearly two years of regulatory engagement and litigation that had effectively paused operations in the country. Comparable agreements have been reached with regulators in Germany, Brazil, and South Korea, with negotiations continuing in France and Argentina. The settlements share a common architecture: biometric data must be processed locally, World ID credentials must be deletable on user request, and the issuing entity — Tools for Humanity — must maintain audited proof that no raw iris images persist after the World ID is generated.
The settlement architecture is technically unusual because it relies on the Orb's hardware design itself for compliance. The Orb generates a one-way cryptographic hash from iris-scan data and discards the raw image immediately after processing, without ever storing it persistently. The settlement language requires Tools for Humanity to provide cryptographic proof that this discard pattern is enforced at the hardware level — proof that, in turn, is auditable by independent firms working under the regulators' supervision.
The agreements stop short of a full regulatory blessing. They require Tools for Humanity to make biometric template data immediately deletable on request, to support user-initiated World ID revocation through both online and in-person channels, and to maintain ongoing audited proof that no raw iris images persist after enrollment. Several regulators have explicitly retained the option to reopen the inquiries if circumstances change or if material non-compliance is discovered. The structure is closer to a probationary clearance than a final approval.
For the project itself, the resolution unlocks a meaningful operational path forward. Daily Orb signups have resumed in markets where they were previously paused, with public Orb deployments reopening across cities including Madrid, Berlin, São Paulo, and Seoul. The project's roadmap calls for substantial deployment expansion through 2026, with target signup rates that would push the cumulative World ID base past 25 million if achieved. The token itself, WLD, has rallied modestly on the regulatory news, recovering from multi-month lows.
Privacy advocates remain divided on the settlements. Supporters argue the agreements meaningfully strengthen biometric-data protections and create a template that other identity projects will have to match in order to operate in major jurisdictions. Critics counter that the very premise of biometric enrollment by a private commercial entity remains structurally problematic regardless of the disclosure protections layered on top. Several civil-liberties groups have filed requests for further oversight provisions, citing the long-term implications of any private-sector rollout of population-scale biometric identity infrastructure. "This is not a verdict that the model is fine; it is a verdict that the specific operational risks have been adequately addressed for now," said one privacy researcher who reviewed the settlement documents. "The deeper question of whether this kind of system should exist at all is unresolved and probably unresolvable through this kind of regulatory process." That broader debate is unlikely to fade soon.
What the project's future looks like depends in part on whether the AI-related identity-verification problem that motivated its founding becomes more pressing. Sam Altman's framing of World ID as essential infrastructure for proving humanity in an AI-saturated internet has gained traction with several major platforms that have begun integrating proof-of-humanity verification, but adoption beyond a handful of partner integrations remains modest. If AI-related identity-verification demand grows materially through 2026, the project's regulatory clearance will look like a necessary precondition for a much larger operational footprint. If demand remains tepid, the settlements will mark the moment when a contested project gained narrow operational permission rather than the start of a much larger rollout.