.jpg)
We’re working to help people securely prove who they are without having to present physical documents.
Overview
The government is enabling the use of trusted digital identity services in the UK. Digital identities give people another way to securely prove things about themselves, such as who they are or what their age is, without having to present physical documents. This work is led by the Office for Digital Identities and Attributes (OfDIA), which is part of the Department for Science, Innovation and Technology (DSIT).
The government is also rolling out GOV.UK One Login, a more straightforward and secure way for people to prove their identity and access government services online.
The Data (Use and Access) Bill includes measures to establish a statutory footing for digital verification services without creating a mandatory digital ID system or introducing ID cards.
What is a digital identity?
If you’ve scanned your driving licence to open a bank account, used your passport at an automated border gate, or used your face to unlock your phone, you’re already familiar with some of the technologies used in digital identity services.
A digital identity is a digital representation of your identity information, like your name and age. At your request, it can also contain other information about you, like your address, or biometric information, like a fingerprint or face scan.
It enables you to prove who you are without presenting physical documents.
Just like when a physical document (such as a passport) is checked, someone checking your digital identity must have a way to know that it is genuine and that it belongs to you.
For example, some banks will check your identity digitally when you want to open an account. A typical process using a digital identity is:
You use your smartphone to take a photo of a document (such as a passport or driving licence)
It is checked digitally to confirm it is genuine
You take a photo or video of yourself which is matched to the one on the document
Your identity is confirmed
Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details.
Standards for digital identities and attributes
It is important that digital identities can be trusted to be reliable and accurate, just like physical documents. OfDIA has developed a set of rules called the UK digital identity and attributes trust framework to help achieve this.
What is the trust framework?
The trust framework is a set of government-backed rules, which draws on existing guidance, standards and best practice for trustworthy and secure digital identity services.
Organisations that offer digital identity services can choose to be independently certified against the trust framework’s requirements. Where a service is certified, users and businesses alike can trust it to be private, secure and reliable. They can be confident that it meets high standards in areas including privacy, data protection, fraud management, cyber security and inclusivity.
The trust framework builds on other government guidance for proving and verifying someone’s identity (GPG 45) and for using authenticators to protect an online service (GPG 44).
The current version of the trust framework has been published following extensive feedback and testing. It has been developed in an open and iterative way, with input from over 250 organisations across civil society, industry, standards bodies, regulators and academia. This testing helps to ensure that trust framework rules are appropriate, proportionate and deliver on the government’s digital identity principles.
OfDIA is responsible for preparing the trust framework and ensuring it remains up to date. Previous versions of the trust framework are available on gov.uk.
Register of certified digital identity and attribute services
The register of digital identity and attribute services is a list of organisations who provide digital identity services which are currently certified against the trust framework.
Each organisation on the register has passed independent certification and government checks to make sure they’re trustworthy and suitable to join the register.
By accessing the register, you can find up-to-date organisation and contact details for certified providers and download their certificates to check the details of their certification.
Read the guidance page for organisations on how to join the register.
Certification against the trust framework
Organisations interested in getting certified against the trust framework must engage with one of the approved conformity assessment bodies.
Organisations are assessed by a combination of desk reviews and on-site audits depending on the scope to be assessed. Certification is a time-limited process, and certified organisations need to undertake an annual surveillance audit and recertification every two years to remain on the register of digital identity and attribute services.
Supplementary codes
A supplementary code is a set of extra rules which builds on the rules in the UK digital identity and attributes trust framework to show how services can meet additional needs in specific use cases or sectors. The supplementary codes are integrated into the trust framework’s certification system, so providers can certify against them as part of the same robust process.
There are currently three supplementary codes which set additional rules for digital verification service providers conducting digital right to work, right to rent and Disclosure and Barring Service (DBS) checks. This helps employers and landlords to choose compliant providers for these checks.
Also:
Digital Identity Spotlight: The UK
The UK is aiming to join the growing number of nations introducing forms of digital identity that, if done right, could empower citizens to protect their privacy like never before.
In 2023, the British government released a Digital Identity and Attributes Trust Framework (DITF) that provided a set of rules and standards designed to establish trust in any future digital identity-based initiatives in an effort to boost the country’s $150 billion digital economy. The idea: enable smoother, more secure online transactions and align more closely to the secure route taken by much of Europe when it comes to digital identity.
What Exactly Is Digital Identity?
Identity verification and proofing are essential to functioning societies. It enables individuals to prove their identity to take out loans, make purchases, receive entitlements, access services, manage finances, and more. Verifying that identity in digital channels has been tougher, accomplished mainly through usernames, passwords, and rudimentary forms of multifactor authentication. Thanks to never-ending phishing scams and data breaches, the result has been a $10.5 trillion-a-year global cybercrime economy.
New forms of digital identity are generally validated digital attributes and credentials designed primarily, but not exclusively, for the digital world that are verified by cross-referenced government-issued physical world credentials. Birth credentials, driver’s license, passports—those kinds of things. They also increasingly include biometric information, like a fingerprint or face scan.
For national identification purposes, digital identity can be connected to, and even contained in, biometric-enabled ID cards, though a growing number of countries, including Singapore, India, Estonia, Sweden and Spain, are also launching mobile apps and digital wallets for keeping this and other credentials for accessing medical care, educational services, and other information that may be used for interactions and information exchange between government, universities, banks and lenders, employers, and businesses.
Benefits include convenience—citizens don’t need to manage multiple usernames and passwords for different services or transactions. Instead, they grant permission to banks, health care providers, government agencies, and businesses to retrieve personal information to simplify account enrollment and verification. In the UK’s case, it’s estimated that digital identity can generate an additional $800 million to the UK economy every year. But there are more than a few challenges ahead.
Identity Proof Is in the Pudding
According to the 2025 Cyber Security Breaches Survey from the UK’s Department for Science, Innovation, and Technology, 43% of UK businesses experienced a cyberattack or breach in the past year. That’s actually down from recent years, thanks to heightened cybersecurity—but still quite troubling. Phishing played a role in 85% of the successful breaches or attacks. The financial impact of successful breaches is significant—an average of $4.5 million per incident, before any lawsuits or regulatory fines. When personal information is breached, it can take years to rebuild public trust.
Provisions in the Digital Information and Smart Data Bill introduced in 2024 are designed to address data privacy concerns. This includes specially-certified third-party digital identity services that follow strict government guidelines for helping people set up digital identities while “reducing costs, time, and data leakage.” It also includes attribute providers that share attributes—specific elements of an individual’s full identity—with organizations or individuals needing to verify identity, but only with the individual’s consent. The official list of such services was launched on April 16. For the record, it’s also worth pointing out that the government ruled out a mandatory digital identity.
The government has also announced the introduction of a Gov.uk digital wallet. This mobile app gives users the ability to store and manage their identity information, and is expected to drive significant growth in adoption of digital identity among UK residents. Portugal, Singapore, Thailand, India, and other nations are seeing tremendous uptake of digital identity through such apps. And Juniper Research estimates that 6.9 million people will adopt the app this year, climbing to 25.5 million by 2029.
But there are reasons to believe this is overly optimistic. Surveys have shown that more than 40% of people have “little to no trust” in the government managing their personal information through such systems. They trust businesses even less.
What Kind of Digital Identity Makes All the Difference
For digital identity systems to work, individuals must control who has access to their data. These systems must also lower barriers to participation. In the UK, 8% of the population doesn’t have even traditional forms of identification. Voting, driving, working, borrowing, and even commerce can be difficult without an ID.
Digital identity can change that. It can also reduce bias by enabling only pertinent information to be used, so that personal data vulnerable to discrimination doesn’t come into play. These systems can also reduce fraud by cryptographically protecting and locking with specific multifactor authentication methods.
The UK’s digital identity initiative is a significant step in the right direction. But it might also be a sign of the post-Brexit world we live in that, as Forbes points out, the UK is pursuing a different strategy for digital identity than the European Union. And that may matter in a couple of significant ways.
Under EU law, users remain in control of the digital credentials in their wallets to ensure that they can decide what information they share and with whom, and they can use verifiable credentials to prove certain attributes without revealing their personal data at all. A standardized digital identity solution is used via wallets across all member states under the EU’s Electronic Identification, Authentication, and Trust (EIDAS) regulations. Governance oversight is maintained by public sector institutions in each member state.
Under the UK strategy, attribute service providers give users the ability to share just the information they want with specific organizations or individuals needing to verify identity. This includes combining, say, identity information with birthdate information to verify an individual is old enough to enter a bar or example. But approved private sector providers centrally store and govern digital identity information under the DITF guidelines. As a practical matter, the utility of digital identities is also limited because of its lack of interoperability with EU systems.
In other words, citizens must use digital identity managed by a private sector it trusts less than the government and won’t be able to even use it with the organizations with which millions transact and interact each day. But there are steps the UK can take to mitigate these issues.
Building an Infrastructure of Trust: What Should Come Next
Yes, moving toward EIDAS standards could significantly improve the UK’s ability to conduct business with its neighbors in the EU. But either way, following some of the steps the EU is taking in distributed ledger-based identity systems can benefit the utility and adoption of digital identity no matter the framework the UK employs.
Both frameworks make use of digital wallets. And both frameworks grant users a measure of control over with whom their personal information is shared. But several EU countries are ahead of the curve in moving toward far more decentralized forms of identity that give users even more control over personal data—while dramatically reducing the chances of it getting hacked.
With distributed ledger-based systems, users are authenticated without requiring personal data to be stored centrally on servers belonging to public or private organizations such as the UK’s attribute service providers, where it can be hacked, ransomed, or otherwise exploited to commit fraud. Instead, individual users maintain full ownership and control of their digital identities without relying on a third party at all. They control what information they share, for what purpose, and for how long.
Germany, Italy, Estonia, and Poland have pilots in place for this kind of system as part of EIDAS 2, an ambitious update to the original EIDAS framework. There’s no reason the UK couldn’t embrace its own flavor of this kind of “self-sovereign identity.”
Even within its current framework, digital identity wallets should also comply with NIST-, FIDO2-, and ISO/IEC biometrics-based standards that leverage liveness tests capable of defeating virtually any attempt at identity spoofing or unauthorized access to accounts in a process that’s nearly effortless for users. The architecture for this kind of functional, practical digital identity is available today. In fact, it’s baked into the solution we offer at 1Kosmos. In light of distrust in government and business stemming from non-stop threats to personal data and privacy, it’s the kind of digital identity anyone would welcome.
Also:
How DSIT is enabling the use of trustworthy digital identity services in the UK
The Department of Science Innovation and Technology (DSIT) is enabling the widespread use of trusted digital identity services across the UK economy. This will bring efficiency savings to businesses, increase security and make people’s lives easier.
The benefits of digital identity
While techUK members have been among those championing the benefits of digital identity services, they’re worth reiterating. People and businesses across the economy need quick, safe and affordable ways to check or prove identity and eligibility in everyday transactions. For example, it’s an essential part of accessing some age restricted goods or services, opening a bank account, starting a new job, or even collecting a parcel from the Post Office. Trustworthy digital identity services will help people do these things and more without the friction, cost and fraud risk of presenting physical documents.
Digital identity products also give users far more control over their own data. If someone chooses to, they’ll be able to re-use a digital identity across the economy, sharing only what is needed, when it is needed.
But the benefits don’t stop there. Digital identity services have the potential to boost the UK’s economic growth, and we estimate that a fully functioning digital identity market could create net economic benefits of between £1.07 billion and £5.56 billion over the next 10 years.
DSIT’s work to build trust in digital identity services
To realise these benefits, people need to feel comfortable using this technology. There needs to be trust that the services they use are reliable, secure and privacy preserving. That is why a team is working to establish a framework of standards, governance, and legislation; so that people and businesses know which digital identity services they can safely rely on.
At the core of our work, we have created a set of rules that define what a good digital identity service looks like, called “the UK digital identity and attributes trust framework”. We have already published three successive versions of the trust framework and we’re hard at work on the next iteration, making sure that standards keep up with changes in technology.
Alongside the trust framework, we’ve worked with the UK Accreditation Service (UKAS) to develop an officially recognised certification process. This allows digital identity services to be independently assessed against the rules set out in the trust framework. Around 50 digital identity services have already successfully gone through this process, so they appear on our list of certified providers on gov.uk.
These service providers are already spreading the benefits of digital identity products. For instance, they underpin hundreds of thousands of digital right to work and right to rent checks every month, saving businesses and landlords money and hassle, while offering a simple and secure service to employees and renters.
Next steps
Excitingly, legislation to put our system on a statutory footing is now imminent. While full details will have to wait until the text of the data bill is introduced
give legal standing to the trust framework as a set of rules for a ‘good’ digital verification services across the economy, with supplementary rules where needed,
support the creation of the new GOV.UK register of services which meet our standards,
allow for services on the register to be issued with a trust mark, making it easy to identify the trustworthy services, and
lay the foundations of a new information gateway, which will in time allow for public authority data to be shared with registered providers for the purposes of identity and eligibility checking.
DSIT will also play a key role in enabling the market and will continue the work with regulators and other government departments to identify and remove barriers to the use of digital identity services.
Also:
UK plans compulsory digital ID as populist pressure over immigration rises
The United Kingdom has announced plans to introduce a digital ID scheme in a bid to curb undocumented immigration.
Announced by the government on Friday, the scheme will see the digital ID of British citizens and residents held on phones. The government said there will be no requirement for individuals to carry their ID or be asked to produce it, but that it will be “mandatory” for workers.
The UK has long resisted the idea of Identity cards, which were abolished after World War II, but Prime Minister Keir Starmer’s Labour government is under pressure to tackle immigration that populist forces claim is uncontrolled.
The free digital ID would include a person’s name, date of birth, and photo, as well as information on their nationality and residency status.
It will be “mandatory as a means of proving your right to work”, a government statement said.
“This will stop those with no right to be here from being able to find work, curbing their prospect of earning money, one of the key ‘pull factors’ for people who come to the UK illegally,” it added.
The digital ID will also make it simpler to apply for services like driving licences, childcare and welfare, while streamlining access to tax records, the statement said.
“Digital ID is an enormous opportunity for the UK… It will also offer ordinary citizens countless benefits,” Starmer said. “It will make it tougher to work illegally in this country, making our borders more secure.”
‘Digitally excluded’
The plans, which the government had previously said it was considering, drew criticism from across the political spectrum.
The centrist Liberal Democrats said they would not support mandatory digital ID where people are “forced to turn over their private data just to go about their daily lives”.
Kemi Badenoch, leader of the opposition Conservative Party, wrote on X that her party “will oppose any push by this organisation or the government to impose mandatory ID cards on law-abiding citizens”.
“We will not support any system that is mandatory for British people or excludes those of us who choose not to use it from any of the rights of our citizenship,” she added.
The far-right Reform UK party called the plans a “cynical ploy” designed to “fool” voters into thinking something is being done about immigration.
It also sought to tap into longstanding British suspicions regarding national ID schemes, which are common in most of Europe.
“It will make no difference to illegal immigration, but it will be used to control and penalise the rest of us,” said Reform leader Nigel Farage.
In the 2000s, the Labour Party, then led by Tony Blair, attempted to introduce an identity card, but the plan was eventually dropped by Blair’s successor, Gordon Brown, after opposition called it an infringement of civil liberties.
However, with populist narratives regarding immigration now rife, the government appears to be betting that such concerns will override the longstanding opposition.
The timing of the announcement appears no coincidence, coming as Labour prepares to hold its annual conference.
A petition demanding that ID cards not be introduced had collected 575,000 signatures by early Friday, but recent polling suggests majority support for the move.