Computer Weekly Editors Blog

UK government set to finally meet with digital identity providers - but will anything change?

Bryan Glick
Bryan Glick
Editor in chief

Wednesday 14 May is set to be an important day in the long, slow, painful evolution of the use of digital identity in the UK.

For the first time since the government announced its digital wallet app in January, officials will sit down with industry representatives to discuss the future of the digital ID market.

To show the government means business, secretary of state for science, innovation and technology Peter Kyle – the political heft behind the Gov.uk Wallet – will address the meeting.

Also speaking from the Government Digital Service (GDS) will be chief product officer Christine Bellamy and director of digital identity, Natalie Jones – along with Hannah Rutter, CEO of the Office for Digital Identities and Attributes (OfDIA), which oversees ID provider compliance with the Digital Identity and Attributes Trust Framework (DIATF).

The meeting has come about after repeated concerns from the private sector since – in their eyes – they were blindsided by Kyle’s announcement that the forthcoming government wallet would compete with private sector offerings.

Startups and their investors – some of which are rumoured to be taking flight as a result – have been up in arms ever since, fearing the government app will inevitably come to dominate the market.

The timing of the meeting is important, too. On 7 May, the Data (Use & Access) Bill returned to Parliament – the bill contains enabling legislation to support the development of the digital identity market and improve sharing of government data. It’s expected to become law within weeks.

What’s more, Google has recently announced its entry into the UK digital ID sector. The tech giant is “exploring certification within the digital identity trust framework of the UK’s Department for Science, Innovation and Technology (DSIT), which could allow residents to use their Google Wallet ID passes for alcohol purchases and more,” adding that “residents of the UK will soon be able to create digital ID passes with their UK passports and securely and conveniently store them in Google Wallet.”

With political backing, private sector support, and Big Tech involvement, the digital identity sector in the UK could, finally, be set to take off.

But what does it all mean? And is this, as many critics will no doubt suggest, the effective introduction of “ID cards by stealth”?

What industry wants

Let’s start with the meeting on the 14th. DSIT officials intend to discuss the Gov.uk Wallet in more detail, explain how it relates to the Data Bill and the DIATF, and explore the next steps in engagement with the private sector. So far, so good.

But industry has things it wants to say too. A preparatory meeting took place earlier this week – a follow-up to the recent All-Party Parliamentary Group (APPG) meeting on digital identity – involving key industry bodies TechUK, the Age Verification Providers Association (AVPA), and the Association of Digital Verification Professionals (ADVP), along with private sector ID service providers.

Computer Weekly understands that a joint “official” briefing paper from all three organisations is expected next week, in advance of the meeting.

ADVP chair David Crack told Computer Weekly: “The challenge for government is to demonstrate they really are listening to our message that ‘markets should innovate, and governments should regulate’.

“We would like to understand why they believe they can use taxpayers’ money to out-innovate the market. We would also like to know what they are going to do to encourage investors to remain in the market – the uncertainty created by their actions has caused a genuine and immediate investment flight risk.”

Laura Foster, associate director of tech and innovation at trade body TechUK echoed the industry’s concerns: “While TechUK welcomes the commitment to a modern digital government, the announcements of the digital driving licence and the Gov.uk Digital Wallet have raised questions for digital ID and age verification service providers, who have already spent significant resources verifying against the digital ID trust framework. We are concerned what this could mean for their business growth opportunities, and the uncertainty undermining inward investment into the UK.

“Companies are asking how these announcements will impact their businesses and the ongoing question around designated use cases between the OneLogin digital ID service and the government’s DIATF. We welcome the opportunity to discuss the concerns of the digital ID industry and underpin the need for clarity from government on how these two approaches will now coexist.”

Key demands

ADVP has laid out five key themes to discuss with the government, which Crack says “broadly capture” the demands of industry players:

  1. Regulation and enforcement: Putting OfDIA’s principles into practice
  • How will OfDIA’s six principles – user choice, interoperability, portability, competition, transparency, and inclusion – be applied consistently across public and private solutions?
  • What mechanisms are in place to ensure fairness in the market, and who is responsible for enforcing them independently for any single solution?
  • Given that DSIT has already demonstrated that these decisions are subject to decisions of individual ministers, how will the government restore trust into the authority of OfDIA to enforce the rules independently?
  1. National security: Cyber security, data ownership and control
  • What’s the current status of the security and data protection concerns raised by the National Cyber Security Centre and Cabinet Office data protection officer about the Gov.uk One Login digital identity service, and were these reported to the auditors during DIATF certification?
  • How will security be guaranteed if wallet platforms are hosted or integrated with infrastructure outside the UK?
  • What safeguards are in place to stop citizen-derived data being used beyond their control in other jurisdictions – and what mechanisms exist for individuals to benefit financially from that use?
  1. Adoption: Public messaging, user trust, and government neutrality
  • Will public communications reflect the full digital identity ecosystem – or focus mainly on promoting the Gov.uk Wallet?
  • How will the government clearly distinguish between state-issued and private wallets to build trust and encourage genuine user choice?
  • What safeguards are planned to stop major platforms – like Apple or Google – from bundling the upcoming mobile driving licence with their other services in ways that distort the UK market?
  1. Investor confidence: Rebuilding trust and laying the ground for growth
  • How will the government restore investor confidence after the Gov.uk Wallet disrupted previous expectations in the market?
  • What’s the plan to stop the UK identity ecosystem being overtaken by Big Tech giants with built-in scale advantages?
  • Will there be clear guidance on pricing, value propositions, and market models for digital wallets and credential verification services?
  1. Strategic vision: What is the vision for UK digital identity and personal data sovereignty, over a five-, 10-, and 15-year horizon?
  • What is the government’s long-term roadmap, targets and milestones for the UK’s digital identity infrastructure and personal data sovereignty?
  • Is the Gov.uk Wallet intended to operate as part of the market – or will it maintain and extend its monopoly on access to public services and Companies House?
  • How will innovation be supported and regulated as Big Tech inevitably enters the UK digital identity space?

These are big issues to ponder, and unlikely to be resolved in one meeting. As Crack says, “It’s still unclear whether this [meeting] will be a case of being ‘done to’ or ‘done with’. We did ask if we could provide input to shape the agenda but that was declined.”

But one, perhaps even bigger, question remains: Does any of this matter?

Here comes Big Tech

There seems little doubt that the government has encouraged Google to venture into UK digital identity provision. Apple has already dipped its toe into the US market and will most likely have received similar encouragement in the UK.

There are currently more than 50 companies registered with the DIATF. There is no way the UK market will support that many digital ID providers in the long term. When – and it is moving towards “when” and not “if” – the UK public starts to understand the benefits of digital ID and it becomes a more mass-market service, people will not want 50+ alternatives. They will opt for familiar brands and trusted providers – banks, the government, and of course, their mobile phones. The race is on for the new entrants – the unfamiliar names – to establish themselves in the public eye in time for the market’s growth phase.

But can they succeed, if the functionality is just there in people’s hand, as easy to use as a touch on that ever-present, super-familiar Apple or Android screen?

Personal opinion: If Apple and Google go for the digital ID market in the UK, it’s game over. They will utterly dominate. If you’re the government – a minister, for example, looking for some good publicity – wouldn’t you want to announce to the world that the two most important smartphone software providers have signed up to your digital ID initiative? It’s inevitable that government documents, such as the mobile driving licence, will be made available to Apple and Google digital wallets, as well as the government’s own. I’m really not sure where that leaves everybody else.

But until then, there’s a landgrab underway – unless government policy prevents it. And that’s what’s motivating the industry to have its say on 14 May.

ID cards by the back door?

For now, however, the government needs industry buy-in. Everybody knows the Tony Blair Institute is pushing digital identity and advising Labour behind the scenes. The biggest blocker is Britain’s cultural resistance to ID cards and any suggestion that digital identity is a means to introduce such a policy by the back door – an accusation that sections of the national media would be only too happy to pounce on.

How do you stop that? By pointing to a thriving private sector where more than 50 independent companies and their smart investors are putting money into a plural and distributed market that ensures the government cannot dominate nor use your digital wallets as some form of official virtual ID card.

If you’re the average smartphone user though, you’ll trust Apple and Google – mostly. They already know everything about you, after all.

While digital ID providers currently worry about what government policy might do to them, longer term it’s Apple and Google that present the greatest threat. And it’s a threat the government will quietly encourage.

The public, largely, is not calling for digital identity products. Nobody in the UK is using online services and thinking, “My life would be so much easier if only I had a digital identity I could use”. But it’s going to happen to them, one way or another.

As ADVP chair Crack puts it: “At present, this is seen as a dispute between government and industry. But underlying this dispute are questions that strike at the heart of how the UK’s digital identity ecosystem will evolve over the next decade.

“At present, this is unknown to the general public, but it will come to their attention over the next 12 months. It is in the interests of both government and industry to know the answers to the above questions and strike a new partnership so we can move forward together for the interests of all.”

He’s right. But does the government agree? We may soon begin to find out.