Enabling the use of digital identities in the UK
We’re working to help people securely prove who they are without having to present physical documents.
Overview
The Department for Science, Innovation and Technology (DSIT) is enabling the use of trusted digital identity services in the UK. Digital identities give people another way to securely prove things about themselves, such as who they are or what their age is, without having to present physical documents.
The government is also rolling out GOV.UK One Login, a more straightforward and secure way for people to prove their identity and access government services online.
The government is not making digital identities mandatory or introducing ID cards.
What is a digital identity?
If you’ve scanned your driving licence to open a bank account, used your passport at an automated border gate, or used your face to unlock your phone, you’re already familiar with some of the technologies used in digital identity services.
A digital identity is a digital representation of your identity information, like your name and age. At your request, it can also contain other information about you, like your address, or biometric information, like a fingerprint or face scan.
It enables you to prove who you are without presenting physical documents.
Just like when a physical document (such as a passport) is checked, someone checking your digital identity must have a way to know that it is genuine and that it belongs to you.
For example, some banks will check your identity digitally when you want to open an account. A typical process using a digital identity is:
-
You use your smartphone to take a photo of a document (such as a passport or driving licence)
-
It is checked digitally to confirm it is genuine
-
You take a photo or video of yourself which is matched to the one on the document
-
Your identity is confirmed
Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details.
Standards for digital identities and attributes
It is important that digital identities can be trusted to be reliable and accurate, just like physical documents. The Department for Science, Innovation and Technology has developed a set of rules called the UK digital identity and attributes trust framework to help achieve this.
What is the trust framework?
The trust framework is a set of government-backed rules, guidance and standards for trustworthy and secure digital identity services.
Organisations that offer digital identity services can choose to follow the trust framework. They may also choose to be independently certified as doing so. Where a service is certified, users and businesses alike can trust it to be private, secure and reliable. They can be confident that it meets high standards in areas including privacy, data protection, fraud management, cyber security, and inclusivity.
The trust framework draws on other government guidance for proving and verifying someone’s identity (GPG 45) and for using authenticators to protect an online service (GPG 44).
This ‘beta version’ of the trust framework has been published following extensive feedback and testing. It has been developed in an open and iterative way, with input from over 250 organisations across civil society, industry, standards bodies, and academia. This approach has helped ensure that trust framework rules are appropriate and proportionate.
The Department for Science, Innovation and Technology is responsible for preparing the trust framework and ensuring it remains up to date. Previous versions of the trust framework are available on gov.uk.
List of certified digital identity and attribute services
The register of digital identity and attribute services is a list of organisations who provide digital identity services which are currently certified against the trust framework.
Each organisation on the register has passed independent certification and government checks to make sure they’re trustworthy and suitable to join the register.
By accessing the register, you can find up-to-date organisation and contact details for certified providers and download their certificates to check the details of their certification.
Read the guidance page for organisations on how to join the register.
Certification against the trust framework
Organisations interested in getting certified against the trust framework must engage with one of the approved conformity assessment bodies.
Organisations are assessed by a combination of desk reviews and on-site audits depending on the scope to be assessed. Certification is a time-limited process, and certified organisations need to undertake an annual surveillance audit and recertification every two years to remain on the register of digital identity and attribute services.
Supplementary schemes
A supplementary scheme is a set of extra rules which can be added on top of the rules in the UK digital identity and attributes trust framework to show how services can meet any additional needs in specific use cases or sectors. The scheme’s extra rules are integrated into the trust framework’s certification system, so services can certify against them as part of the same robust process.
There are three existing supplementary schemes which set additional rules for digital verification service providers conducting digital right to work, right to rent and Disclosure and Barring Service (DBS) checks.
Read the guidance for providers on how to become certified against these supplementary schemes.
Updates to this page
Last updated 13 September 2024 + show all updates
-
The page has been restructured to provide the most up to date information on digital identity.
-
The Data Protection and Digital Information (No.2) Bill reintroduced to Parliament.
-
First published.