Digital national identification has long been a constant on the political agenda, but the trade-off for privacy has re-entered public debate. Two decades ago, former Prime Minister Tony Blair championed digital IDs with far greater public backing; people were less concerned about the idea of government-controlled data schemes. Today, however, Prime Minister Keir Starmer’s new digital ID scheme for proving right to work status is meeting a profoundly tougher, more privacy-aware audience.
Fuelling this cynicism is the £1.8bn price tag attached to the ID scheme, revealed in the Autumn Budget. This upfront expenditure dominated headlines, but it is not the real scandal. The far higher cost is the financial and social damage caused by inaction. According to the latest figures, fraud alone drains over £200 billion from the economy each year. Outdated, paper-based identity checks slow everything from renting a home to accessing vital public services, contributing to the UK’s productivity crisis.
The £1.8bn must be reframed as a crucial security investment. A cut-corners approach to launching the ‘BritCard’ would be politically catastrophic, risking a data breach that would cost multiples of the initial investment in the long run. Getting this scheme right isn’t just essential; it’s the only way to earn public trust.
Getting digital ID to work for everyone
Thankfully, the mechanics of the proposed digital ID can satisfy both the government’s need for reliable credentials and the public’s need for privacy.
Similar to a traditional ID card but stored inside a secure, government-issued digital wallet, the BritCard is intended to go further than simply proving who we are. Crucially, the core identity data will remain stored on the owner’s individual device, allowing users to share only the necessary verified attributes (e.g., ‘I am over 18’) without revealing sensitive, underlying data (such as one’s date of birth or passport number). This emphasis on data minimisation is the strongest defence against privacy concerns.
That’s not to say the chance of misuse is zero. Scepticism rightly focuses on the need for a central repository to verify the identity’s authenticity, potentially creating a lucrative hacking target, or ‘honeypot’. The government must also publish the full technical design of the ID: how data is stored, accessed, shared; what protections exist; and how citizens opt-in or control their data sharing, in a bid for transparency.
That said, modern decentralised systems are designed to mitigate risk. In a well-built system, the central repository does not store the user’s personal data; it stores only cryptographic hashes or public keys. If this central point were breached, hackers would gain almost no sensitive information. Also, unlike a physical ID such as a passport, the digital credentials can be immediately revoked and reissued if a user’s phone is lost or stolen.
The UK has the legal foundation to rebuild trust, but the technical foundation must be equally strong, built on robust identity verification, transparent governance, and open standards.
This scheme’s true value is its ability to withstand sophisticated threats. Outdated, paper-based checks are defenceless against deepfakes, social engineering, and the rising tide of AI-driven fraud. The £1.8bn cost is an investment in securing our economy against the fraud epidemic and delivering faster, more trustworthy public services.
Alex Laurie is the GTM CTO of Ping Identity
Read more: The barriers are real for mothers returning to tech – but giving up isn’t the answer
