Decidos: Accessible, Usable and Secure Voting in Low-stakes Elections Using Identity Wallets
Floris Jansen, Hanna Schraffenberger, Bart Jacobs · 2026 · Extended Abstracts of the 2026 CHI Conference on Human Factors in Computing Systems (CHI EA '26) · doi:10.1145/3772363.3798937
Summary
Jansen, Schraffenberger, and Jacobs (Radboud University) propose Decidos, a prototype web-based election platform designed for low-stakes elections — student councils, homeowners associations, small shareholder meetings, local citizen consultations — that combines a digital identity wallet (the open-source Dutch Yivi wallet, derived from IRMA) with an accessible voting-flow UI. Online voting platforms have historically traded off accessibility, usability, security, and trust against each other: sending eligibility codes by email is insecure, printing codes for postal distribution is expensive and excludes people without reliable mail delivery, and existing research-grade verifiable platforms like Helios and Belenios ask voters to compare random strings, a task many users fail. With the EU eIDAS 2.0 regulation requiring member states to provide identity wallets by end of 2026, the authors argue identity wallets open a new design space in which voters can prove eligibility by disclosing selected attributes (student number, postal code) and receive an anonymous voting card as a blindly signed credential. The paper synthesises usability recommendations from the voting-research literature (Bokslag and de Vries's accessibility, vote freedom, verifiability, availability requirements; Fernandez et al.'s voter convenience, usability, cost-effectiveness, flexibility, mobility) and applies them to the interface: one step per screen, plain-language instructions, randomised ballot option order, a bare simple ballot to prevent steering, WCAG 2.2 AAA colour contrast and semantic markup, responsive layout with OS dark-mode matching, and a verification step that reuses the voting number stored in the wallet so the user never has to manually compare random strings.
Key findings
The paper is a prototype-description contribution rather than a user study; no empirical evaluation has yet been conducted. Its design contributions are: (1) a user flow split across three logical servers (eligibility, voting, tallying) separating responsibilities to guarantee ballot secrecy, with distinct branding so users can perceive the split; (2) blind issuance of anonymous voting cards in the Yivi wallet, so voters can prove they are eligible without the election organiser holding a voter roll with email addresses; (3) wallet-mediated vote verification, where the voter's phone looks up their own voting number in the published list of counted votes rather than asking the voter to recognise or transcribe a random code; and (4) an interface that adheres to WCAG AAA for contrast and plain-language-reading-level guidance. The paper identifies unresolved tensions for future evaluation: does explicit communication of the split-server architecture improve trust or introduce confusion; does sharing additional identity attributes (employee number vs name) affect perceived vote anonymity; how should organisers set up a non-steering ballot given that organiser-side UX is under-studied; and how does the approach fare with voters with situational impairments, low digital literacy, or assistive technology. The authors also note that moving elections fully online excludes people who lack digital access entirely, so hybrid election formats will still be needed for broad accessibility.
Relevance
This work matters to accessibility practitioners because voting is a legally protected right and one of the most commonly cited examples of inaccessible civic infrastructure. Paper ballots exclude people with motor or visual disabilities unless specialised accommodations are available, and first-generation online voting has substituted technical barriers (random-string verification, insecure email codes) for physical ones. By anchoring eligibility and verification in the identity wallet that every EU resident will have by end 2026, Decidos illustrates how upstream identity infrastructure can simplify accessible design downstream — the voter does not need to remember codes, compare hashes, or disclose identifying attributes they do not need to share. The design recommendations the paper synthesises (one step per screen, plain-language ballots, randomised option order, WCAG AAA contrast, clear split-server branding) are directly reusable as a checklist for any voting, civic-engagement, or high-stakes form interface. Limitations: the paper is pre-evaluation, low-stakes only (current technology is still not robust enough for national elections), and presumes a mature identity-wallet ecosystem that outside the EU does not yet exist. Evaluation with voters who have situational impairments, low digital literacy, or who rely on assistive technology is flagged as planned but not yet conducted.
Tags: voting accessibility · e-voting · internet voting · identity wallet · verifiable credentials · privacy · security · civic participation · plain language · WCAG
Standards referenced: WCAG 2.2 · eIDAS 2.0