Patryk Kosmider -

GDS loses digital identity policy to DCMS

The move follows DCMS taking over data policy from GDS and means Cabinet Office is no longer responsible for relations with private sector ID ecosystem

The Government Digital Service (GDS) has lost responsibility for digital identity policy, with the Department for Digital, Culture, Media and Sport (DCMS) taking over.

GDS will still be developing Verify, its in-house digital identity assurance system, but wider policy now rests with Matt Hancock, secretary of state at DCMS. The move took place last month, without any public announcement, but was revealed by Hancock during a press briefing last week.

Hancock’s team now looks after all issues relating to the UK’s digital ID ecosystem, and will determine Verify’s relationship with the private sector. He said GDS will continue to develop Verify as a tool for accessing online government services.

“Getting a high-quality system for digital identity is incredibly important. This matters both inside government for people to access government services effectively, and in the wider economy,” said Hancock. “The more these two things are tied together the better.”

The move follows the switch of data policy from GDS to DCMS in March, which was widely seen as a diminishing of GDS’s role in digital government. Hancock said it makes sense to keep data and digital ID together in policy terms.

“The move of data policy including digital identity policy to DCMS was done to unite policy over data whether it’s within or outside government,” he said. “We found the boundary between the two was increasingly artificial.”

“The delivery of government services and digitisation of government services is a Cabinet Office function – because they interact with each department – rather than a policy function. The move will lead to a more coherent data policy across government and the economy as a whole.”

Read more about digital identity

The Cabinet Office said GDS will still manage the relationship with the Privacy and Consumer Advisory Group, an independent body that advises on data privacy issues related to Verify, and with OIX, the digital identity standards body that is part-funded by the Cabinet Office. 

GDS has been criticised for delays in producing a commercial framework for how private sector identity companies can work with Verify, which has caused much frustration in the wider ecosystem.

Identity experts have also called for Verify to be reviewed over performance concerns. Currently, only 41% of user attempts to create a Verify identity are successful, and only 17 digital government services use the system, despite a target for 25 million Verify users by 2020.

GDS has blamed Brexit for the poor take-up of Verify across Whitehall. Nic Harrison, director of service design, assurance and digital identity at GDS, said last month: “[Departments are] worrying about the EU exit, so we are frankly just not going to get hundreds of new services being digitised in the next year to bring on Verify.”

Harrison also implied GDS was looking to make Verify more of an industry standard than a product. He said the government wants “a ubiquitous digital identity for service users both for public and private sector,” which would be “Verify compliant” by following a set of standards.

“In an ideal world, they would be truly interoperable,” he said. “Interoperability and standards-based is the key for us.”

Developing Verify alternatives

Despite attempts to make Verify the identity system for all digital government services, several parts of the public sector are developing their own alternatives. HM Revenue & Customs is working on a new version of its existing Government Gateway, while NHS England is developing its own identity system, after saying Verify is not secure enough for the health service.

The Department for Work and Pensions is using Verify as part of its Universal Credit system, but was forced to develop its own identity system as well, after finding that hundreds of thousands of benefits applicants could be unable to register successfully on Verify.

Verify uses publicly available data, such as passports, driving licences and credit histories, to prove online users are who they say they are. However, benefits claimants tend to have less of a digital footprint than people in employment who are more likely to have mortgages or credit cards, and as a result, Verify finds it harder to gather enough data to prove their identity.

The Scottish government is also pressing ahead with its own digital identity plans, with the aim of producing a prototype in August 2018.

Computer Weekly revealed in February that DCMS and the Cabinet Office were engaged in a heated discussion over the future of digital identity policy. Sources said at the time that DCMS was worried that ongoing problems with Verify were becoming a major hindrance to the development of the UK’s digital identity infrastructure.

Read more on IT for government and public sector

Data Center
Data Management