Energised into action following the excellent recent comment piece from Computer Weekly’s editor, I thought I’d dig deeper into what exactly is going on right now with the government and its plans for digital identity.
Readers will be well aware – we are far beyond a pressing need for a trusted and effectively delivered system of distributed digital ID and digital verification. Despite some, slow, progress, the current, continuing lack of clarity is concerning. All of us need to know – what’s the plan, how will it be implemented and what are the implications and, indeed, opportunities?
Many of us have been at this for some time. I have raised the issue, through amendments to several pieces of legislation, not least the Financial Services Bill 2021 and Financial Services and Markets Bill 2023. The amendments required “the Secretary of State, within six months of the passage of the bill, to publish the government’s plans for the development and deployment of a distributed digital identification for individuals and corporate entities “.
My amendments also specified the need for public engagement and that systems must be scalable, flexible and inclusive. The then government did not accept my amendments.
Trust framework
There has been some progress since those interventions. The Department for Science, Innovation and Technology (DSIT) launched the Office for Digital Identities and Attributes (OfDIA) in October last year to oversee the Digital Identity and Attributes Trust Framework (DIATF).
The DIATF certifies private sector service providers. According to the latest update published on 7 April 2025 there are 58 organisations capable of providing digital verification for right to work, right to rent and background check (DBS) compliance.
In a significant step forward the Data Use and Access Bill, currently making its way through Parliament, will put digital verification services on a statutory footing.
Whilst progressing the DIATF, the government simultaneously worked on Gov.uk One Login, the single sign-in service providing a single account for citizens to log in, prove their identity and access central government services. As far as the digital ID market was concerned One Login was completely separate from digital ID and age verification services.
Recent government announcements about the introduction of a Gov.uk digital wallet and app, and confirming the launch of digital driver’s licences – a “mobile driver’s licence” or mDL – and digitised veteran cards, make this public/private separation a lot less clear, not least as the government specifically suggest that its IDs could be used to assert such credentials as age when buying, for example, a beer.
Is digital ID moving from a positive developing competitive market to a state play?
A collaborative approach
If the government is moving away from the collaborative approach, becoming an active participant provisioning digital ID for access across its services, and hence a competitor to the thriving private sector developing across the market, then it must be clear on this.
Alongside that clarity, we need to see a transparent business plan. How much taxpayer funds are going to this “new” direction and what is the government’s assessment on the level of “crowding out”?
Most of us would accept that the public sector is the preserve of One Login. It is the only system, currently, that allows access to online public services including applying for an import licence, cancelling a stolen passport and using a lasting power of attorney, among others.
The potential problem though emerges if its status and uses are promoted beyond this. In December 2024 One Login was certified under the DIATF, immediately enabling it to compete directly with those private DIATF certified identity providers. One Login can clearly now be deployed to prove age or eligibility in a variety of private sector contexts.
Added to this, is there a move by the government for us taxpayers to put out from our wallets, millions of pounds to fund its digital wallet for use cases it could well be argued would be better fulfilled by private sector DIATF-certified companies?
At a time when trust and confidence are crucial in relation to digital ID, is it sensible to blur the lines between commercial frameworks such as DIATF and state solutions such as One Login?
Mandating digital ID
There also appears to be an increasing mood, not least among Labour MPs, for mandating a system of digital ID, evidenced by the letter to numerous government departments from 42 of their number. I’m not certain many would see this as the most effective means of gaining public support and the required trust if we are to make the success, as we must, of digital ID.
A secure, verified, distributed digital ID could be transformational, whether we are thinking about fraud, convenience for citizens, efficiency for businesses and government, or even the beloved economic growth – but there must be trust in the system. A DSIT survey found that although people want verifiable identity, accountability and transparency are essential.
The challenges are significant. It is unclear whether the public trust the government not to misuse data, either intentionally or due to data breaches, as well as understandable fears of further excluding those who are already vulnerable to the accursed digital divide.
The approach matters. We need strong privacy protections, voluntary use, robust security, accountability, accessibility and broad public trust.
Such trust, be you citizen or company seeking to build in this digital ID space, can only come through meaningful engagement on an ongoing basis.
If the public feel excluded, if digital ID companies feel the government is lining up to directly compete with them, then trust, that most critical of elements, is not exactly optimised. If we end up at the avoidable position of no public trust, well – no trust, no take up.
Effective digital ID, principles-based, distributed not centralised, is essential if individuals, business, communities and countries are to realise the opportunities and be protected from the harms from so many of the new technologies now in our hands.
It’s a journey, underway but not yet inclusive; a journey we all must be part of – the discussion, the design, and the deployment.
