A unified Digital ID system for UK citizens is coming, says Prime Minister Sir Keir Starmer. It’s not the first time a Labour government has made such a statement. Starmer’s predecessor but six, Tony Blair, made a similar commitment to a national identity registry in 2006 by introducing the Identity Cards Act. That scheme, which proposed that every citizen receive a unique card containing biometric data, was eventually dropped in 2010 by David Cameron’s Coalition government.
The problem, as critics argued then and now, was privacy: how does one guarantee the right of the individual to a private life if his or her details are packed onto a national registry that anyone in government could consult and anyone outside it with a hood and a keyboard might hack?
That moral conundrum restrained subsequent Conservative governments from reviving Blair’s identity card dream, but not from attempting lesser forms of digital registration. In 2013 came the Gov.uk ‘Verify’ program, launched to onboard 25m users onto government services by 2020, a scheme launched behind schedule, cost £220m and was eventually shut down after howls of complaints that the platform was unusable. Then came One Login, in June 2023, a single digital identity for accessing UK government services that, so far, has cost £329m, will cost another £115m next year, and has yet to be implemented across all relevant departments. In January, the Labour government announced plans for GOV.UK Wallet, building on the OneLogin programme. The plan was for digital versions of existing credentials to be held on a smartphone app, enabling secure digital exchange of information to enable public services when required. At present, only the HM Armed Forces Veteran Card can be held on the wallet.
Digital ID supported by AI
Why, then, is it time for a new digital ID system? Though not a direct manifesto promise of the current Labour government, at a time of unprecedented strain on underfunded public services, argues The Tony Blair Institute for Global Change, a national digital ID system could help to streamline the organisation of and access to everything from NHS records to our benefits system.
It’s not a bad argument, says Damian Stirrett. ServiceNow’s UK&I general manager believes that if digital ID is ably supported by AI, the possibilities for more efficient governance could be endless. “The potential is there to unlock faster, smarter and more people-centric everyday outcomes across government, from health to employment, welfare, justice and beyond,” says Stirrett.
Other proponents of the scheme point to the added convenience a digital ID system would offer for ordinary citizens jaded by a tangle of disparate logins for different government services. Detractors, meanwhile, view the centralised nature of the scheme as government surveillance overreach and a tool for law enforcement and immigration.
Though the political and ethical debate around digital ID is fierce, it is accompanied by practical issues of implementation. Despite advances in AI and compute power, the UK public sector’s dismal record of unsuccessful technology implementations remains a cautionary tale. Furthermore, the UK already has a growing private sector digital ID verification market – raising questions around whether the government’s new plans have taken this into consideration.
UK’s digital ID verification market
According to UK technology industry group TechUK, the UK currently hosts around 270 active digital identity companies, generating an estimated £2bn annually. Right-to-work and right-to-rent checks are already a key part of the digital identities and attributes trust framework, currently used as a certification framework for private digital identity companies.
“Government should integrate proven technologies, rather than starting from scratch,” argues techUK’s associate director for technology and innovation, Laura Foster. What’s more, the industry has already shown a willingness to collaborate closely with the government on building new systems. “Consultation is vital as it will allow government and industry to work together and ensure any proposed models for mandatory digital ID are clear, citizen-centric and do not override tools and services people and organisations already trust to use.”
Even so, says GlobalData public sector principal analyst Gavin Sneddon, it is not clear at this point whether the government will continue to rely on the framework for right-to-work use cases when these become mandatory or whether it will want to introduce a new centralised approach, either built in-house or with a single provider. “Historically, the government has made it clear it favours a ‘mixed economy’ of digital ID providers,” says Sneddon. “Whether it will maintain this position under the massively increased political scrutiny that is emerging remains to be seen.”
If the government maintains the current trust framework approach for digital ID verification in general, then the impact on business outside the Digital Wallet use cases is likely to be minimal, according to Sneddon. “Digital credentials are already widely exchanged in the UK in general and the right-to-work digital ID need not impact these other use cases in the slightest,” he says. “The anxiety will be that growing use of the digital wallet – which will only be used for official government documents – will come to supplant existing digital ID provision.”
The government therefore has to perform a challenging balancing act, argues Sneddon. Above all, he says, “it needs to trumpet the potential use-cases of digital ID outside right-to-work in order to build the political case for it, but does so at the risk of discouraging private providers who already cover these additional use cases.”
Sneddon’s suspects that the government has looked at the work already underway for the One Login and digital wallet programmes and then simply added a right-to-work use case to the scope, with the political addition of digital ID being mandatory for that new context. “Although this probably looked straightforward enough on paper,” he says, “the government will now need to manage digital ID very carefully to avoid the risk of an essentially blooming technocratic programme around single sign-on and verification getting completely derailed by political concerns.”
Janine Hirt, CEO of fintech industry body Innovate Finance and RegTech UK, says a little clarification from the government on design and delivery principles for the new scheme wouldn’t hurt either. Without that, says Hirt, investment in promising ID startups might freeze if investors think a government-sponsored digital ID project would make private sector alternatives redundant. Then there’s the national conversation such a scheme engenders.
“The decision to mandate government ID… risks the discussion being focused on civil liberty and sovereignty – rather than the utility and innovation this technology can bring to people across the UK,” says Hirt. “It is also vital that the roll-out of digital ID supports a competitive market, underpinned by a trust framework, not via a monopoly or costly state solution.”
Digital ID to combat fraud
A public consultation is scheduled for later this year to gather views on how digital ID should be delivered. Jonathan Frost, EMEA director of global advisory at BioCatch, warns that digital ID is not a silver bullet that’ll end illegal work, informal economies, or fraud. “Just look at EU countries like France, Germany, and Belgium, which already have national ID schemes, yet still face significant challenges in these areas,” argues Frost.
Its more immediate value, he continues, may lie in reducing friction in financial services and state entitlements rather than directly cutting fraud – or even linking systems run by public sector departments more efficiently to financial institutions. “Connecting online activity to a digital ID could become a powerful counter-fraud tool,” says Frsot, “but its full impact, both positive and negative, needs careful consideration to ensure successful implementation.”
According to Sneddon, some high-level principles have already been agreed upon to address security issues. The most important, he says, is that data will be held on individual user devices rather than in a central database, mitigating the significant risk of a wholesale leak.
“However, such an approach creates security problems of its own, not least the risk of devices being stolen and potentially rendering users vulnerable to a higher level of identity theft,” says Sneddon. “The government hopes to mitigate this risk by enabling the prompt revoking and reissue of credentials in the event of theft – but user experience of mobile banking has shown that this risk cannot be reduced to zero.”
A version of this piece was originally published on Verdict.
Read more: Agentic AI needs stronger digital certificates
