What next for digital identity in the UK? Industry welcomes latest DCMS plan

After months – some would say years – of frustration and delay, tech suppliers have largely welcomed the latest government initiative to establish a digital identity ecosystem in the UK.

The Department for Digital, Culture, Media and Sport (DCMS), which is responsible for supporting digital identity in the private sector, has held a series of “listening exercises” with interested companies to outline its plans for a UK digital identity and attributes trust framework.

Computer Weekly has seen some of the information shared with suppliers, and it appears to give those suppliers most of what they have been asking for, namely:

  • Not being prescriptive about specific technologies, standards or products.
  • A legal framework to operate within.
  • Access to government attributes, such as passport data – and, if suppliers get their way – driving licence data.
  • A governance body to oversee the trust framework.
  • Updated legislation to put digital identity on a par with physical documents such as signatures.
  • Interoperability between government and private digital IDs, allowing access to digital public services from framework-compliant supplier services.

This approach could also be broadly summarised as: the very few things industry liked about Gov.uk Verify, while getting rid of all the many things they hated.

The framework will determine what “good” identity verification looks like, allowing for reuse of digital identities across any schemes that comply with the rules. Those rules will be “outcome based” – unlike the previous approach that the Government Digital Service (GDS) preferred of specifying standards as the basis of any and all schemes that wanted access to online public services. (It didn’t help that GDS’s chosen GPG 44 / 45 standards were seen by industry as outdated and no longer appropriate).

“This will give members of the trust framework more ownership of the things they build,” said DCMS – an openness that many have called for, for a long time.

Within the framework there will be any number of compliant ID schemes, any of which can establish identities and attributes that can be shared with other compliant schemes.

It’s notable that DCMS includes GDS’s Identity and Attributes Exchange (IAX) – the supposed successor to Verify – as just one example of a scheme. This means we are likely to see schemes coming through from the financial services sector – led by work already underway related to open banking and anti-money laundering regulations – as well as accommodating the many other digital identity schemes across government.

As disillusionment grew with Verify – and with GDS’s bewildering state of denial over the troubled project’s failure – new schemes have proliferated across the public sector. HM Revenue & Customs (HMRC), the Department for Work and Pensions (DWP), the NHS, the Scottish government, the 数字货币home Office, and the Department for Business, Energy and Industrial Strategy, are all pursuing their own plans.

Even GDS has come up with a separate identity scheme, called Gov.uk Accounts, to pilot a simple login and password system across the Gov.uk website – Verify’s complexity was one of the many contributory factors in its troubled history.

GDS hoped to establish IAX as a gateway between the public and private sector digital identity spaces, but its lack of communication and collaboration may have already scuppered that goal.

Earlier this month, the Think Digital Identity for Government event – which has become one of the primary get-togethers for the key players in this sector – held a session to discuss IAX. GDS declined to participate, and the digital ID experts who did take place acknowledged that all they knew about IAX came from an article published by Computer Weekly in June. (Disclosure: I was also one of the panellists in that session).

HMRC, DWP and the 数字货币home Office – whose public support for Verify has always been grudging and has hidden their strong private criticism and desire to take their own path – will be happy with the structure of the trust framework. Given their involvement in the new Digital Identity Strategy Board, that’s likely to be enough to take the plans for the private sector in a more productive direction than under GDS.

The one area that may still be contentious is, who oversees the trust framework? DCMS has only said that it will be “run by a governing body chosen by the UK government”.

“The role of the governing body and the way it manages the trust framework are still being defined. DCMS is presently researching options for governance and will be consulting widely with stakeholders on the design for a governance body,” said DCMS in its information to suppliers.

Industry will be hoping – expecting – to play a significant role in that body. That in itself will come as a relief after years of being dictated to by GDS or, in many cases, excluded entirely from decision-making.

DCMS does seem, at last, to be consulting widely with industry and listening to its advice and concerns. Apparently the robust letter sent by trade body TechUK to DCMS secretary of state Oliver Dowden in July, calling for digital identity policy to be “urgently” resolved, struck a chord.

Digital minister Matt Warman announced at the recent Identity Week event that the trust framework will be published “as an alpha” – that is, a first draft – in the new year.

Progress is being made after years of false starts and failed promises. Suppliers are expressing guarded optimism. But as Verify moves closer to being finally discarded, the pressure and expectation to make up for lost time means DCMS will quickly need to deliver on its latest proposals.

Content Continues Below


  • The impact of blockchain in COVID-19 pandemic

    Organizations across several industries from healthcare to retail are turning to blockchain to help support critical business ...

  • Top 5 digital transformation trends of 2021

    In 2021, low-code, MLOps, multi-cloud management and data streaming will drive business agility and speed companies along in ...

  • Private 5G companies show major potential

    Companies across several vectors are deploying their own private 5G networks to solve business challenges. Here, experts dive ...


  • How to perform a cybersecurity risk assessment, step by step

    This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly ...

  • 6 common types of cyber attacks and how to prevent them

    To prevail in the battle against cybercrime, companies must understand how they are being attacked. Here are the six most ...

  • The enterprise case for implementing live-fire cyber skilling

    Companies continue to grapple with the cybersecurity skills gap, but Adi Dar offers a way to ensure security teams are properly ...


  • 5 networking startups helping enterprises adapt and prepare

    Even in a global pandemic, these five networking startups continue to impress. Learn how their innovative technologies can help ...

  • Private 5G networks to gain momentum in 2021

    Enterprises using industrial IoT devices are among the early adopters of private 5G networks, which could become an $8 billion ...

  • Ensure network resilience with redundancy and skills

    Ensuring network resilience doesn't just mean building redundancy in network infrastructure. It should also include planning ...


  • Server failure, Linux comprise 2020 data center management tips

    When you work in IT, you should consistently try to expand your knowledge base. This tip roundup explores recent content about ...

  • Smart UPS features for better backup power

    Vendors now offer UPSes with functions that help regulate voltage and maintain battery health. Before you upgrade, evaluate costs...

  • Data center market M&A deals hit new high in 2020

    This year proved to be a banner year for data center mergers and acquisitions with 113 deals valued at over $30 billion, a pace ...


  • What FAIR data management means for your enterprise

    The FAIR principles were made to promote the sharing of data in the research field, but their guidance can help organizations in ...

  • Emerging data management trends to watch in 2021

    A number of nascent efforts across the enterprise data landscape became manifest in 2020 that are likely to become larger trends ...

  • Data lineage documentation imperative to data quality

    Understanding the detailed journey of data elements throughout the data pipeline can help an enterprise maintain data quality and...