UK's digital identity program hindered by being 'largely voluntary'.
Fragmented policies and limited security frameworks could undermine national efforts and public trust.
According to Biometric Update, unlike EU counterparts like France and Germany, which anchor digital identity programs in strong regulatory frameworks like eIDAS 2.0 and leverage encryption and biometrics, the UK's approach, currently centred on the still-rolling-out GOV.UK One Login, remains largely voluntary under the Digital Identity and Attributes Trust Framework (DIATF).
Experts claims that a history of poor adoption, as seen with the now-defunct GOV.UK Verify, underscores the need for stronger safeguards. The risks are heightened with the shift to fully digital, dematerialised IDs, which are vulnerable to fraud, synthetic identities, and data breaches if not properly secured.
Experts advocate for legally enforceable standards, improved cybersecurity infrastructure, and industry collaboration, particularly with fintechs and cybersecurity experts, to embed robust protections from the outset.
Without urgent, coordinated action, the UK risks becoming a laggard in digital identity security, potentially compromising both innovation and user confidence.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
