With nearly three million people – so far – signing an online petition against the introduction of “digital ID cards”, the government is already fighting to reclaim the initiative after prime minister Keir Starmer’s botched announcement of plans for a mandatory national digital identity scheme.
Civil service officials last week attempted to quell the second uproar of the year from private sector digital ID app providers in a behind-closed-doors meeting, while this week (Monday 13 October) new technology secretary Liz Kendall attempted to face down MPs from all parties in a House of Commons debate as they expressed their concerns and protestations at the plans.
Kendall was correct when she told MPs: “There is a lot of misinformation out there about this proposal.” But she did not acknowledge that any misinformation was largely a result of the government’s poor communication around the original announcement.
As fintech industry body Innovate Finance – a supporter of digital identity – put it: “The reaction, frankly, has been to focus on the worst-case scenario – ‘compulsory digital ID’ is being framed as an erosion of civil liberties, a gateway to mass surveillance, and a tool of digital exclusion. It’s all fear and no finesse.”
Christopher Holmes, a Conservative peer who has long been an advocate for digital identity, said: “The government’s current approach, suggesting mandatory digital ID to stop illegal immigration, is going about it in precisely the wrong way.”
Based on discussions with industry insiders, however, it may in fact be the case that Starmer’s mandatory national digital ID scheme will prove to be neither mandatory nor national.
What, exactly, will be mandatory?
Starmer’s announcement seemed clear: it will be mandatory for anyone seeking a job in the UK to prove their right to work using a government digital identity app on their smartphone – with limited exemptions for those unable to do so.
However, the language used in the Commons by Kendall was subtly different. She talked about “making ID checks both mandatory and digital for all employers”. Her speech tried to focus on the wider benefits of digital identity, citing the need to modernise public services and make them easier to access in a digital age.
Years from now, having your ID on your phone will feel like second nature, putting more power directly into people’s hands and giving them more control over how they interact with government services. That is worth striving for Liz Kendall, technology secretary
“Years from now, when we look back, I believe that having your ID on your phone will feel like second nature, putting more power directly into people’s hands and giving them more control over how they interact with government and the whole range of services. That is something worth striving for,” she said.
As shadow technology secretary Julia Lopez pointed out, the previous Conservative government had already introduced mandatory right-to-work checks for employers and launched a mechanism whereby a digital identity app can be used, voluntarily, to prove an individual’s right to work in the UK. Most UK citizens will have had to prove their right to work (RTW) using physical documents such as a passport.
Any apps used as part of RTW checks have to be approved through the government-backed Digital Identity and Attributes Trust Framework (DIATF), which was given a statutory basis through the Data (Use & Access) Act (DUA), which received Royal Assent in June.
Run by the Office for Digital Identities and Attributes (OfDIA), nearly 50 third-party identity service providers (IDSPs) have received approval under DIATF for their apps to be used for RTW and other statutory government checks, such as age verification or registering as a company director.
Kendall confirmed to MPs that the government will bring legislation during this Parliament – so, before 2029 – for “making ID checks mandatory and digital”. She said there will not be a central database of digital identities, and there will be no sanction or penalty for people if they do not have a digital ID – only for employers that do not conduct RTW checks.
The only legal change the government has proposed so far is that RTW checks will have to be conducted digitally. There will be a government digital identity app that people can use to digitally prove their right to work, but the question remains: will they be compelled to use the government app, or will any app from a DIATF-approved IDSP be acceptable?
What are officials saying in private?
Last week, officials from the Department for Science, Innovation and Technology (DSIT) and OfDIA met with industry representatives in a second attempt this year to quell fears that the government is looking to squeeze private sector suppliers out of the digital identity market – despite years of investment in building third-party apps.
The first attempt came after the announcement of the Gov.uk Wallet and its proposed use for age verification – for example, when buying alcohol or accessing age-restricted online services. Many IDSPs specialise in age verification and have spent millions of pounds developing, testing and proving their capability to determine someone’s age using facial verification through a smartphone app.
Then technology secretary Peter Kyle was forced to meet with suppliers in May to assure them the government had no intention of muscling in – only that the government wants to play a role and it would be strange not to offer its own app. Kyle’s reassurances were warmly received, and supplier executives left the meeting confident that government and industry would be working hand-in-hand going forward.
So, when Starmer announced that the government would be further treading on the IDSPs’ turf, there was understandable outrage.
At the meeting last week, civil service officials outlined how Starmer’s plans would be brought to fruition.
IDSPs were told that OfDIA chief executive Hannah Rutter would be moving into a new role, leading development of the policy and overseeing a consultation planned for early 2026. They heard that Rutter would be replaced at OfDIA by John Peart, who is seen by suppliers as supportive of the private sector’s role. When asked by Computer Weekly, DSIT would not confirm or deny the appointments.
The consultation process – calling for, and responding to, submissions – is likely to take about a year. Draft legislation would then be put before Parliament in 2027, with the new government digital ID scheme likely to be in place by mid-2028, about a year before the next general election.
The legislative process will not be easy. As David Crack, chair of industry body the Association of Digital Verification Professionals, told Computer Weekly, many Labour MPs are opposed to the concept of mandatory digital identity, opposition parties are lining up against it, and because the policy was not included in Labour’s manifesto, the House of Lords may find it constitutionally acceptable to delay or even deny its approval. If millions of voters are against the proposals too, it’s not a policy likely to be enacted in a general election year.
“There is a plan – for a plan for a national ID scheme – but not an [actual] plan. Realpolitik will prevail,” said Crack.
During the meeting with IDSPs, DSIT officials reiterated that measures introduced by the DUA Act will still be implemented.
Significantly, this includes the launch of an “information gateway” which will allow IDSPs to access government-held data as part of the process of confirming people’s identities digitally – for example, passport or driving licence checks – greatly expanding the range of public data that non-government apps can use as credentials to prove that app users are who they say they are.
Well before the likely launch of a government digital ID scheme in 2028, therefore, there will already be a wide variety of digital identity apps and services on the market and already in use by people choosing voluntarily to prove their right to work digitally.
If use of those apps numbers in the millions by 2028, will legislation really force them to move to a government-developed app instead?
Crack said DSIT officials told suppliers they are open to ideas on how to implement mandatory digital RTW checks. “Note, mandatory RTW checks, but not necessarily a mandatory digital ID scheme,” he said. Crack believes that “government is listening”.
Others in the industry are less convinced. “The truth is out – a confirmation that the government made a policy decision to go ahead and do this stuff themselves. We are told the DUA Act will be continued, but my sense is that they see the private sector as interim or peripheral,” said one supplier executive, who asked to remain anonymous.
However, stakeholders across the digital identity sector agree on two things.
First, that Starmer’s announcement has propelled digital identity into a topic for national debate – something even the most worried suppliers have welcomed.
And second, that the manner of Starmer’s announcement – linking digital ID to tackling illegal immigration – means the public will need to be educated on what digital identity really means.
Dispelling the myths
With nearly three million signatories, the petition against the government proposal is one of the largest such online protests, but the statement people sign up to support says, “We demand that the UK government immediately commits to not introducing a digital ID card”.
The government has failed to establish to the public that digital identity is not an attempt at “ID cards by stealth” – and the highly publicised support for the policy from the Tony Blair Institute has not helped to dispel such concerns, given Blair was the prime minister who tried to introduce physical ID cards during the 2000s.
Furthermore, critics have lined up to attack the use of a centralised government database – but Kendall confirmed there is no such plan, there never was, and as anybody familiar with how digital identity works would explain, the technology relies on the secure sharing of credentials, not large amounts of personal data or referencing an identity database.
For example, an age verification app simply confirms that the holder is over 18 when buying alcohol. It shares a digital credential saying “yes” when asked, “Is this person over 18?” – the app does not need to identify the person to the retailer in any way.
Lurid newspaper headlines have warned of US tech companies getting their hands on UK citizens’ personal data, with particular fears over the involvement of Palantir, the controversial data integration supplier that works closely with US military and intelligence services, as well as the NHS. One MP in the Commons debate warned of “writing Fujitsu a blank cheque” – a reference to the shamed IT services supplier that developed the Horizon system at the heart of the Post Office scandal.
However, Kendall confirmed that the government app will be developed in-house, by the Government Digital Service – there are no plans to award a contract to a single supplier to develop the digital ID software from scratch.
The software will be a continuation of existing developments – notably, Gov.uk One Login, the digital identity system that will become the standard way to log in to online public services and is already in use by many government websites.
It’s likely that the digital ID system will use the Gov.uk Wallet to store digital credentials, provided by the government, that prove the holder is who they say they are and that they have the right to work in the UK – much the same as the existing private sector apps that are used for the same purpose today.
By the time any legislation is passed, the amount of further development needed for One Login and the digital wallet is likely to be comparatively minimal – and certainly not require a huge new software development project.
Those plans are not without risks – Computer Weekly revealed earlier this year that the National Cyber Security Centre has, in the past, raised serious security concerns over One Login, and that a security exercise conducted by an external consultancy in March showed that One Login could be hacked without being detected. One Login has also lost its DIATF approval.
DSIT will need to be far more transparent about how it has solved those problems before public trust in the system can be established.
Industry trade association TechUK has called on the government to help address the concerns its announcement has provoked, and to work together to explain the benefits that digital identity can offer the public, citing the “uncertainty for citizens and the private sector alike” that came as a result of Starmer’s announcement.
[Keir Starmer’s announcement] inappropriately positions digital ID as a silver bullet for a multifaceted and nuanced issue, rather than focusing on the benefits that digital ID can actually deliver, meaning its broader benefits are currently missing from the current political narrative TechUK report
“The announcement primarily centred on immigration enforcement, with government linking digital ID to the reduction of illegal working – and without acknowledgement that digital ID solutions, provided under the DIATF, were already being used for this purpose,” said TechUK, in a new report, Digital ID & the UK: Empowering citizens, enabling growth.
“It inappropriately positions digital ID as a silver bullet for a multifaceted and nuanced issue, rather than focusing on the benefits that digital ID can actually deliver, meaning its broader benefits are currently missing from the current political narrative.”
The report added: “Government must work alongside the digital ID sector, civil society, citizens, and other key stakeholders to build public trust, support innovation, and drive adoption. Indeed, the digital ID sector is prepared for a sustained period of engagement, where long-term decisions on digital ID infrastructure, governance, and market design will need to be carefully considered. Clearer communication around future plans is imperative for citizens and the digital ID sector alike.”
There is a path that Starmer and his government could follow, to back away from a badly received proposal and appear to be listening to public concerns, which would promote digital identity as the social and economic benefit it has proved to be in numerous other countries.
It would involve rescinding plans for a “national, mandatory” scheme, in favour of offering the public a wide choice of digital ID apps – both private sector and government-developed – that will enable a mandatory digital right-to-work check to be implemented nationwide. Who knows, maybe it might even have an impact on immigration?
But industry, the public and sceptical MPs alike can only wait and see whether Starmer is politically savvy enough to grasp the opportunity to turn a bad proposal into good policy.
Source
