Inclusion monitoring report findings 2025
Published 16 July 2025
© Crown copyright 2025
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/digital-identity-services-inclusion-monitoring-report-findings-2025/inclusion-monitoring-report-findings-2025
1. Executive summary
Background
The Office for Digital Identities and Attributes (OfDIA), part of the Department for Science, Innovation and Technology (DSIT), is working to enable the widespread use of secure digital verification services in the UK. Trusted digital identities can improve people’s lives by making transactions such as collecting a parcel, buying age-restricted items and starting a new job, simpler, quicker and more secure. The use of digital verification services will not be mandatory, but the Government is committed to ensuring that they are inclusive and accessible for anyone who chooses to use them.
Standards for digital identity - the UK digital identity and attributes trust framework
The UK digital identity and attributes trust framework is a set of rules and standards that show what a good digital identity looks like. Digital verification services can get independently certified to demonstrate they are following these robust standards. The trust framework outlines how organisations can make their digital verification services more inclusive and accessible, such as by choosing technologies which have been tested with users from a variety of demographics. While the potential barriers to using a digital identity are complex, the trust framework aims to ensure that digital verification services are as inclusive and accessible as possible.
Who completes an inclusion monitoring report?
Digital verification services which are certified against the trust framework must complete an inclusion monitoring report. The inclusion monitoring reports are a mechanism for building a general picture of the inclusivity of the certified digital identity market. Providers with a certified service respond to a survey of around 40 questions on areas such as identity evidence, accessibility, data collection and biometrics. The results are anonymous and individual services are not being assessed. The anonymised and aggregated results will be used to inform inclusion policy and further development of the trust framework. This is the second year that the results have been published.
The survey was completed online and 54 organisations with a certified service completed a response by the deadline in mid-March. This represents an 100% completion rate amongst organisations with a certified service at the time of the survey. Whilst all certified services responded to the survey, base numbers per question will vary. This is because some questions were voluntary, some were not applicable to all organisations, and some responses were removed where answers were not appropriate for analysis.
Key findings
-
66% of organisations surveyed offer only single-use identity or attribute checks, suggesting this is currently more common than reusable digital identities among certified services.
-
60% of organisations surveyed adhere to the Web Content Accessibility Guidelines (WCAG) 2.0 (AA) or higher, up from 54% in 2024.
-
55% of organisations surveyed report that they collect demographic data about their users. Of these services, 42% are using this data to monitor the inclusivity of their service.
-
47% of organisations surveyed report that they offer non-digital routes for users to access support (telephone or in-person).
-
73% of organisations surveyed offer at least one accessibility feature, such as text magnification or compatibility with assistive technologies, up from 65% in 2024.
-
Of the organisations surveyed offering biometric technology, 52% offer an alternative route if users do not wish to use biometrics. 41% of those services record information on the accuracy rates of their biometric technologies for different demographic groups. This has increased from 30% last year.
-
As in 2024, cost and a lack of access to government-held data were the most commonly cited challenges to improving inclusion.
2. Methodology
Aims
The aim of the inclusion monitoring reports is to collect data to build a general picture of the inclusivity of digital identity services certified against the UK digital identity and attributes trust framework beta (0.3) version. Completing the inclusion monitoring report annually is a requirement of certification.
The report provides key evidence for policy making, particularly for understanding if further policy intervention is required to support the provision of inclusive and accessible digital identity services. The report provides an indication of the inclusivity of the market at a fixed point in the year and this will be used to track any changes over time. As the second year of data collection, this is the first opportunity to identify any changes from the previous year. Caution should be applied to any changes in results from last year. The sample size is small and evidence does not account for contextual changes that may be impact reporting.
Approach
An online survey was used to collect the data. The main considerations of survey design were:
-
Limiting survey length to prevent against survey fatigue
-
Limiting access to raw data to government analysts to remove potential for bias and to ensure responses were treated anonymously
-
Maintaining a consistent approach with the previous edition of the survey
-
Designing questions that deliver reproducible metrics
Responses
The population of interest was all 54 services that were certified at the time of initial survey distribution (February 2025). The achieved sample was 54. Only organisations with a live service (47) are considered in scope for analysis. Whilst all certified services responded to the survey, base numbers per question will vary. This is because some questions were voluntary, some were not applicable to all organisations, and some responses were removed where answers were not appropriate for analysis.
Timing
Responses were collected between February to April 2025.
Analysis of results
Analysis was conducted in Microsoft Excel, with the raw data converted into table format and organised by question. The tables were then used to produce graphs to visualize the results. Responses were analysed by question and quality assured by DSIT analysts.
Changes from the 2024 report
Additions to the 2025 Survey
Following review of the 2024 survey, some additional questions were added to this year’s survey to provide additional clarity and/or insight.
Conformity Assessment Body:
Q: Which Conformity Assessment Body issued the current certificate for your organisation for certification against the UK digital identity and attributes trust framework?
This question was added to make completion checks more efficient for OfDIA.
Type of transaction:
Q: What type of transactions does your business primarily focus on?
An additional option was added to the closed responses (B2B2C), after many providers wrote it in ‘other’ in the 2024 survey.
Number of transactions:
Q: On average, how many individuals (members of the public) use your service to create, share or verify a digital identity or attribute each month?
Q: On average, how many digital identity or attribute checks does your service undertake or orchestrate each month?
OfDIA added additional questions to understand the average number of unique monthly users per service and estimates on the number of checks completed monthly.
Languages offered:
Q: How many languages does your service offer?
To make it easier for respondents, the question on languages offered was amended to ask ‘how many’ rather than specific languages as many providers offered a large and varied selection of languages.
White labelling:
Q: Is your service offered as a white label service to other businesses?
OfDIA added a question on whether organisations offered white labelling[footnote 1] to understand the prevalence of this amongst certified services.
Single use vs reusable checks:
Q: Does your service offer or support single use or reusable identities and attributes?
A question was added to understand the proportion of certified providers offering single-use identity and attribute checks and/or reusable identities and attributes.
Unsuccessful verification:
Q: Does your service collect any data on the reasons for a user being unsuccessful in verifying their identity or attribute?
A question was added to allow text responses for organisations to explain how they collect data on unsuccessful verification.
Removals from the 2024 survey
Number of use cases offered:
Q: How many distinct use cases does your service currently operate in?
The question on number of use cases has been removed as it did not provide significant insights and it was difficult to categorise the use cases reported.
Type of technology:
Q: What technology is required for a user to access your service to prove their identity or verify an attribute?
Questions on type of technology used were removed as they did not provide useful insights.
Operating system:
Q: If your service is available as an app, what is the oldest operating system for Apple and/or Android products that your service is compatible with?
The question on oldest operating system accepted has been removed as it was not answered consistently and did not provide useful insights.
Additional analysis
This year, OfDIA analysts conducted additional analysis to examine any changes in reporting between 2024 and 2025. In some instances, analysis has been conducted to report on how organisations have responded by size. At this stage, due to the limited sample size, we are not able to assert with confidence whether meaningful relationships exist between variables. OfDIA will continue to examine relationships in future years.
3. Findings
The survey was divided into 6 different sections: general information about the service, documentation and evidence, accessibility, data collection, biometrics and questions on possible future improvement.
General (Q1-11)
These questions gathered basic information about the organisation completing the survey so the aggregated results could be interpreted in context.
Services offered:
Q: What role is your service certified as?
At the time of the survey, the current version of the trust framework was the 0.3 version which allowed digital verification services to certify against three different role types: identity service provider, attribute service provider or orchestration service provider. This was the same as last year’s survey.
Most organisations were certified exclusively as identity service providers. There were a small number of services certified as both identity and attribute services or identity and orchestration services, with a smaller number certified against all three. This is similar to the findings from 2024.
| Number of role types offered | Count |
|---|---|
| 1 role offered | 32 |
| 2 roles offered | 11 |
| 3 roles offered | 4 |
Figure 1: Number of role types offered by a service. Base = 47
| Role type | 2024 | 2025 |
|---|---|---|
| Attribute service | 1 | 1 |
| Identity service | 27 | 31 |
| Identity, attribute and orchestration service | 3 | 4 |
| Identity and orchestration service | 4 | 5 |
| Identity and attribute service | 2 | 6 |
Figure 2: Role type by year. Base = 2024: 37, 2025:47
Transaction type:
Q: What type of transactions does your business primarily focus on?
Of the 47 organisations that confirmed that they provided a live service, 33 organisations indicated they primarily focus on providing a single transaction type. Of those, 22 focus on business to business (B2B), 9 focus on business to business to consumer (B2B2C) and 2 on business to consumer (B2C).
Single offering:
| Transaction type | Count |
|---|---|
| B2B | 22 |
| B2B2C | 9 |
| B2C | 2 |
Figure 3: Transaction type - single transaction. Base = 33
Organisations could select more than one transaction type for this question. Combining the responses of organisations that offer more than one transaction type demonstrates that 83% of services described the transactions of their service as business to business (B2B) or business to business to consumer (B2B2C). This is very similar to 2024.
Single and multiple offering:
| Transaction type | Count |
|---|---|
| B2B | 32 |
| B2B2C | 20 |
| B2C | 7 |
| Other | 4 |
Figure 4: Transaction type - single and multiple transaction. Base = 47
White Labelling:
Q: Is your service offered as a white label service to other businesses?
White labelling refers to a business procuring the service of another business and using their own branding on the procured service. This may not be visible to the end customer. OfDIA are in the process of introducing new certification procedures and rules in the trust framework to provide additional assurance these services are operated to the same high standards as non-white label services.
Analysis shows that 25 (54%) of surveyed organisations offer white labelling services to other businesses. Figure 5 demonstrates a relatively even spread of organisations of different sizes offering white labelling.
| White-labelling | Micro | Small | Medium | Large | Total |
|---|---|---|---|---|---|
| Yes | 6 | 6 | 9 | 4 | 25 |
| No | 4 | 8 | 3 | 6 | 21 |
| Don’t know | 0 | 1 | 0 | 0 | 1 |
Figure 5: Organisations offering white labelling to other businesses, by firm size. Base = 47
Single or Reusable Identities:
Q: Does your service offer or support single use or reusable identities and attributes?
Of the 47 organisations offering live services, 31 (66%) organisations offer single use identity or attributes only. 7 (15%) offer reusable identities or attributes only, and 9 (19%) offer both.
| Single use or reusable identities and attributes | Count |
|---|---|
| Single use only | 31 |
| Reusable | 7 |
| Both | 9 |
Figure 6: Single or reusable identities and attributes. Base = 47
Cloud- or device-based service:
Q: Is your service cloud-based or device-based?
34 (73%) organisations offering certified services are cloud-based rather than device-based, with just 4 organisations offering a device-based only service.
| Service offering | Count |
|---|---|
| Cloud | 34 |
| Device | 4 |
| Both | 9 |
Figure 7: Cloud- or device-based service. Base = 47
Organisation size:
Q: Please specify the size of your organisation
There was a roughly even spread of large, medium, small and micro businesses amongst certified organisations offering a live service to the market [footnote 2]. This is broadly in line with last year’s results, but the proportion of micro-sized certified businesses increased, from 5 in 2024 to 10 in 2025.
| Size of Organisation | 2024 | 2025 |
|---|---|---|
| Micro | 5 | 10 |
| Small | 11 | 15 |
| Medium | 11 | 12 |
| Large | 10 | 10 |
Figure 8: Organisation count by size. Base = 47
Average Users and Checks:
In order to gain insight on the current scale of digital identity activity, for the first time the survey asked questions about average number of users of each service per month, and the average number of identity or attribute checks undertaken per month.
Q: On average, how many individuals (members of the public) use your service to create, share or verify a digital identity or attribute each month?
The evidence demonstrates a range in the scale of usage across organisations. 10 organisations indicated between 1 to 1,000 individuals were using a service each month with 8 organisations each indicating between 1,001 – 10,000 and 10,001 – 100,000 users. 5 organisations indicated over 100,000 individuals a month. 5 organisations recorded a response of 0. This question was not applicable to all services.
| Number of users | Count |
|---|---|
| 0 | 5 |
| 1 to 1,000 | 10 |
| 1,001 to 10,000 | 8 |
| 10,001 to 100,000 | 8 |
| 100,001 to 1,000,000 | 4 |
| Over 1,000,000 | 1 |
Figure 9: Reported number of monthly users per service. Base = 36
Q: On average, how many digital identity or attribute checks does your service undertake or orchestrate each month?
Evidence here is broadly consistent with the previous question and demonstrates a range in the scale of usage across organisations with 31 organisations completing checks each month and 23 of those organisations indicating they are completing over 1,000 checks a month.
| Number of Checks | Count |
|---|---|
| 0 | 2 |
| 1 to 1,000 | 8 |
| 1,001 to 10,000 | 7 |
| 10,001 to 100,000 | 7 |
| 100,001 to 1,000,000 | 6 |
| Over 1,000,000 | 3 |
Figure 10: Reported number of monthly digital identity and attribute checks undertaken by each service. Base = 33
Documentation and evidence (Q12-14)
GPG 45 Profiles:
Q: Across all the use cases your service provides, which GPG 45 profiles do you meet?
The survey asked organisations with certified services about the different Good Practice Guide 45 (GPG 45) profiles they offer. GPG 45 outlines the government guidelines on how to prove and verify someone’s identity. There are four different confidence levels (low, medium, high and very high) for identity checking that are applicable for different scenarios, and a number of different profiles within each confidence level.
All GPG 45 profiles are offered by at least one service. This has changed from last year, where there were 4 very high confidence profiles not offered by any services. The most common profiles are medium confidence, which reflects the requirements for several of the current use cases, such as digital right to work and right to rent checks. Individuals without identity documents such as a passport or driving licence are less likely to be able to meet the requirements for medium profiles or above.
| GPG 45 Profile | Percentage of services offering this profile | Count |
|---|---|---|
| L1A | 13% | 5 |
| LAB | 16% | 6 |
| L1C | 8% | 3 |
| L2A | 5% | 2 |
| L3A | 3% | 1 |
| M1A | 66% | 25 |
| M1B | 32% | 12 |
| M1C | 50% | 19 |
| M1D | 26% | 10 |
| M2A | 13% | 5 |
| M2B | 21% | 8 |
| M2C | 26% | 10 |
| M3A | 18% | 7 |
| H1A | 42% | 16 |
| H1B | 16% | 6 |
| H1C | 13% | 5 |
| H2A | 16% | 6 |
| H2B | 26% | 10 |
| H2C | 5% | 2 |
| H2D | 11% | 4 |
| H2E | 11% | 4 |
| H3A | 16% | 6 |
| V1A | 8% | 3 |
| V1B | 3% | 1 |
| V2A | 11% | 4 |
| V2B | 5% | 2 |
| V2C | 5% | 2 |
| V3 | 8% | 3 |
Figure 11: GPG 45 profiles offered. Base = 38
Evidence type:
Q: What forms of evidence can someone use to prove their identity or verify an attribute through your service? Please select all that apply for live use cases.
The survey included a question on the types of documents accepted as identity evidence. Due to a technical error, this question was not displayed for all the services that should have completed this question. Unfortunately, this means we are unable to compare the results for this question with last year’s results. Of the responses that were submitted, UK passport and driving licence remain the most common documents that are accepted but there are a range of other documents and evidence accepted too, from Knowledge Based Verification (KBV) questions to PASS cards.
Vouching:
Vouching is when a person confirms that they know another individual as the person they are claiming to be. This is typically used as a method for proving identity when the person doesn’t have traditional identity documents. For example, vouching may be used to verify the identity of a child for their first passport. Certified services offering vouching is likely to support the inclusivity of the digital identity sector in facilitating access for those without traditional identity documents.
Q: Does your service support vouching as a means of identity or attribute verification for any current use cases?
3 of the surveyed organisations reported that they support vouching, up from 2 services last year. All of the services accepting vouching are micro-sized businesses (defined as ‘fewer than 10 employees and turnover of less than or equal to £2 million or balance sheet total of less than or equal to £2 million’). This could suggest that smaller organisations are more likely to offer specialised services that support users who are at more risk of exclusion, for example those without access to identity documents like a passport or driving licence.
Accessibility (Q15-21)
This section of the survey asked services about the accessibility features of their products and the standards followed.
Web Browser:
Q: If your service is available via a browser, what browsers does your service support?
For services that are available via a web browser, services generally support a range of browsers, with most available on common browsers such as Chrome, Safari and Firefox.
Web Content Accessibility Guidelines (WCAG):
Q: Does your service adhere to Web Content Accessibility Guidelines (WCAG)?
60% of services adhere to the Web Content Accessibility Guidelines 2.0 (AA) or higher, up from 54% in 2024. However, similarly to last year’s results, there is a sizeable proportion of services (23%), who answered that they didn’t know if their service met these guidelines. This compared to 27% in 2024.
| WCAG Version | Count |
|---|---|
| 2.0 (A) | 1 |
| 2.0 (AA) | 6 |
| 2.1 (A) | 1 |
| 2.1 (AA) | 10 |
| 2.1 (AAA) | 1 |
| 2.2 (A) | 1 |
| 2.2 (AA) | 7 |
| 2.2 (AAA) | 2 |
| No | 3 |
| Don’t know | 11 |
| Not applicable | 4 |
Figure 12: Reported adherence to WCAG. Base = 47
Adherence to other standards:
Q: Does your service adhere to any other accessibility guidelines or best practice?
14% of surveyed services, up from 8% in 2024, reported that they met at least one additional internationally recognised accessibility standard such as the European Telecommunication Standards Institute (ETSI) standard for accessibility requirements EN 301 549 V3.2.1 (2021-03) and accessibility requirements suitable for public procurement of ICT products and services in Europe EN 301 549 V1.1.2 (2015-04).
Accessibility tools:
Q: What, if any, accessibility tools does your service offer?
73% of services offered at least one of the accessibility tools listed in the survey, up from 65% last year. These were: text to speech capability, voice recognition, text magnification, keyboard navigation and compatibility with assistive technologies. 27% of services did not offer any of these tools or answered that they didn’t know which tools their service offered.
| Accessibility tools offered | Count |
|---|---|
| Text to speech capability | 13 |
| Voice recognition | 2 |
| Text magnification | 24 |
| Keyboard navigation | 16 |
| Compatibility with assistive technologies | 21 |
| None | 9 |
| Other - please specify | 8 |
| Don’t know | 4 |
Figure 13: Accessibility tools offered. Base = 47
Non-digital support:
Q: What support does your service offer for users verifying an attribute or proving identity?
Non-digital support options help to ensure that those who might feel less confident using digital services or who have more limited access to internet connectivity are more likely to be able to access support to use a digital identity service.
47% of services offer non-digital routes to access support, marginally less than the 51% of services in 2024. 17 services offer telephone support (compared to 19 services in 2024) while 5 services offer in-person support (up from 2 services in 2024). Several services selected ‘Other’ in response to this question and the answers given suggest that for B2B businesses, the organisation who has contracted their digital identity services often provides the support mechanisms for consumers.
Delegated Authority:
Q: Does your service offer a route for verifying an attribute or proving identity via delegated authority?
5 services offer a route for verifying an identity or attribute via delegated authority. This is the same number of services as last year. Delegated authority is when a subject nominates a representative to do things for them. For example, someone may give lasting power of attorney to a family member or caregiver.
| Delegated authority | Count |
|---|---|
| Yes | 5 |
| No | 32 |
| Don’t know | 1 |
| Not applicable | 1 |
Figure 14: Services offering delegated authority. Base = 39
Languages:
Q: How many languages does your service offer?
Around half of organisations (51%) offer their service in more than 1 language, with 40% offering their service in more than 5 languages (33% in 2024) and 30% offering more than 10 languages (19% in 2024).
| Number of languages offered | Count |
|---|---|
| 1 | 23 |
| 2-5 | 5 |
| 6-10 | 5 |
| More than 10 | 14 |
Figure 15: Number of languages offered. Base = 47
Data (Q22-33)
These questions in the survey were designed to understand to what extent services are using data to monitor the inclusivity of their services. The Information Commissioner’s Office (ICO)’s data minimisation principle must guide a services’ approach to data collection and the trust framework sets out that a service is ‘not required to collect information on users solely for the purposes of inclusion reporting’.
Q: Does your service collect any demographic information at any point during identity or attribute verification?
Q: Does your service store any of this demographic data?
Q: What demographic information does your service collect?
Q: Is any of this demographic information used for monitoring the inclusivity of your service?
55% (26) of organisations surveyed reported that they collect demographic data on their users and 42% (11) of those organisations are using this to monitor the inclusivity of their service. The number of services collecting demographic data is roughly the same as last year but more services report they are using this to monitor inclusivity. The most common type of demographic data collected is name, date of birth, address and nationality. This reflects the information that is most commonly required for identity and eligibility checks. A small number of services collect sex and/or gender and very few collect ethnicity or religion.
Incomplete User Journeys:
Q: Does your service collect data on ‘drop-out’ or incomplete user journeys?
Q: Does your service collect data on the reasons for ‘drop-out’ or incomplete user journeys? How is this data collected?
66% of services collect information about rates of drop-out from their service and 55% of those services collect information about the reasons for drop-out. The most cited reasons for drop-outs were lack of understanding on how to complete the check and lack of correct identity evidence. This year’s survey included a new question on how this information is collected. The question had a free text response and there were a range of answers from user surveys, analytics on the stage and timing of drop-out, and user experience (UX) tools. Drop-outs were reported as less common for reusable services compared to single-use checks.
| Data on drop-out rates | 2024 | 2025 |
|---|---|---|
| Collects data on drop-out rates | 73% | 66% |
| Collects reason | 30% | 55% |
Figure 16: Services that collect data on drop-out rates. Base = 2024:37, 2025:47
Single-use identities:
| Reason for drop-outs | Count |
|---|---|
| Session ‘time’s out’ before completed | 4 |
| Lack of identity evidence | 7 |
| Lack of understanding about how to complete | 9 |
| Change of mind | 4 |
| Lack of trust | 3 |
| Process takes too long | 4 |
| Other - please specify | 4 |
Figure 17: Reasons for drop-outs from single-use identities. Base = 17
Reusable identity checks:
| Reason for drop-outs | Count |
|---|---|
| Not applicable | 10 |
| Lack of identity evidence | 2 |
| Lack of understanding about how to complete | 3 |
| Change of mind | 2 |
| Lack of trust | 1 |
| Process takes too long | 1 |
| Other - please specify | 3 |
Figure 18: Reasons for drop-outs from reusable identities. Base = 17
Q: Does your service collect any data on the reasons for a user being unsuccessful in verifying their identity or attribute?
Q: What are the most common reasons for users being unsuccessful in verifying their identity or attribute?
79% of services collect data on the reasons for a user being unsuccessful in creating a digital identity or verifying an attribute. The most common reason stated was lack of the required identity evidence with 60% of services who collect data on this selecting this reason. Services could select more than one option for this question and other reasons, that were less common but still selected by around a third of services, were technology failure, inaccurate information provided or suspicion of fraud.
| Data collected on reasons for unsuccessful identity or attribute verification | Count |
|---|---|
| Yes | 33 |
| No | 6 |
| Don’t know | 3 |
Figure 19: Data collected on reasons for unsuccessful identity or attribute verification. Base = 43
| What are the most common reasons for users being unsuccessful in verifying their identity or attribute? | Percentage | Count |
|---|---|---|
| Lack of necessary identity evidence | 60% | 21 |
| Technology failure | 34% | 12 |
| Inaccurate information | 37% | 13 |
| Suspicion of fraud | 34% | 12 |
| Other – please specify | 31% | 11 |
| Don’t know | 3% | 1 |
Figure 20: Reasons for users being unsuccessful in verifying their identity or attribute. Base = 33
Biometrics (Q34-39)
Biometric technologies are commonly used as part of identity verification or authentication to conduct liveness checks and likeness checks. A liveness check – usually a video of the user taken by themselves – is used to check that the person is a real person. A likeness check compares the person trying to verify their identity with the photo shown on the identity document they are presenting to make sure they are the same.
While biometric technologies can be very accurate, there is a risk that they can be biased towards certain demographic groups if not robustly tested. For example, some types of facial recognition technology may not identify people of a certain ethnicities or genders as well as others.
Biometric technology:
Q: What biometric technology does your service use, if any?
Q: Is there an alternative route for users to verify an attribute or prove identity if they do not wish to provide biometric information?
94% of services use some form of biometric technology. The majority of these use facial recognition with a smaller proportion using fingerprint (11%) or voice recognition (2%). 52% of services offer an alternative route for users that may wish not to use biometrics.
| Type of technology | Micro | Small | Medium | Large | Total |
|---|---|---|---|---|---|
| Facial recognition | 9 | 15 | 9 | 9 | 42 |
| Fingerprint | 2 | 3 | 0 | 0 | 5 |
| Retina | 0 | 0 | 0 | 0 | 0 |
| Voice | 0 | 0 | 1 | 0 | 1 |
| None | 1 | 0 | 2 | 0 | 3 |
Figure 21: Biometric technology offered by size of organisation. Base = 47
Testing:
Q: What performance testing has been completed to assess the biometric technology you use for bias?
There is a range of different testing conducted to assess bias in the biometric technologies across the surveyed services. This includes operational testing (testing in conditions similar to the target operating environment), scenario testing (testing in a simulated operational setting closely resembling the target operational conditions) and technology testing (testing of biometric algorithms using a defined data set). 7% of services reported they did not know if performance testing was undertaken to assess bias.
| Type of testing | Micro | Small | Medium | Large | Total |
|---|---|---|---|---|---|
| Operational testing (testing in conditions similar to the target operating environment) | 7 | 12 | 9 | 4 | 32 |
| Scenario testing (testing in a simulated operational setting closely resembling the target operational conditions) | 7 | 11 | 7 | 3 | 28 |
| Technology testing (testing of biometric algorithms using a defined data set) | 7 | 10 | 10 | 6 | 33 |
| Other (Please specify) | 2 | 2 | 1 | 1 | 6 |
| No performance testing for bias was conducted | 0 | 0 | 0 | 0 | 0 |
| I don’t know if performance testing was undertaken to assess the biometric technology for bias | 0 | 1 | 0 | 2 | 3 |
Figure 22: Type of performance testing conducted, by organisation size. Base = 47
Q: How was this testing conducted?
Of the testing that was conducted, the most common method is external independent testing delivered by an ISO/IEC 17025 accredited biometric test laboratory (45%). The second most common method is internal testing that is delivered by a team within the service provider, using a recognised testing methodology that meets international standards (36%), followed by internal testing that is bespoke to the service provider (30%). Services may use more than one type of testing.
| Type of testing | Count |
|---|---|
| External independent testing delivered by an ISO/IEC 17025 accredited biometric test laboratory | 20 |
| Internal testing that is delivered by a team within the service provider, which uses a recognised testing methodology that meets international standards | 16 |
| Internal testing that is bespoke to the service provider that does not follow a recognised testing methodology | 13 |
| Other - please specify | 6 |
| Don’t know | 7 |
Figure 23: Types of performance testing conducted. Base = 44
Accuracy rates:
Q: Do you have information on the accuracy rates of the biometric technology your service uses for different demographic groups?
Whilst 94% of providers use some form of biometric technology, only 41% of services have information on the accuracy rates of their biometric technologies for different demographic groups. This is an improvement from 30% last year.
| Biometrics | 2024 | 2025 |
|---|---|---|
| Firms using facial recognition | 92% | 89% |
| Firms that do not use biometric technology at all | 5% | 6% |
| Collects accuracy rate on the technology | 30% | 41% |
Figure 24: Biometric technology. Base = 2024:37, 2025:47
Future improvements to inclusion (Q40-42)
This section was designed to understand certified services’ priorities and recommendations for improving inclusion and the key challenges to improving inclusive practice from their perspective. Unlike the other questions in the survey, these questions were optional.
Q: What are the challenges to improving the inclusion and accessibility of your service?
The most cited challenges to improving inclusive practice were cost and lack of access to government-held data. The Data (Use and Access) Act 2025, which passed in June 2025, will allow government-held data to be shared with certified and registered providers for the purposes of identity or eligibility checks where the individual requests this. This may help to improve inclusion as it offers the potential for alternative authoritative sources of information for individuals who might not have a driving licence or passport. Next year’s survey will be the first following this legislative change.
4. Conclusion
As the second year of this data collection, this is the first opportunity to observe the changes in the data from 2024 and where things have remained stable. There are areas of modest improvements, for example a higher proportion of services adhering to WCAG 2.2 and other accessibility standards, and a higher proportion of services conducting robust, accredited testing on their biometric technology. These are examples of positive changes that suggest the trust framework is contributing to raising standards in these areas. Accessibility standards and biometric testing are both areas with increased requirements in the next version of the trust framework (0.4).
We were able to make improvements to last year’s survey and add new questions to increase the insights gathered. For example, the new question on white labelling reveals the prevalence of this in the certified market and suggests that considering the implications of this on the inclusivity and accessibility of services is a possible area for further exploration.
The Government remains committed to supporting an inclusive digital identity market and encouraging certified services to continue improving in this area. The findings from the report will continue to be used to inform our ongoing work on inclusion policy, including the development of the trust framework.
Annex A: Survey Limitations
Survey response
DSIT analysts reviewed responses to check for any duplication and there were not any suspected instances of duplication.
It is not possible to be sure who specifically from each organisation completed the survey. It may be that the respondent was not the most appropriate person and may not have been able to gather accurate information.
For instance, 23% responded that they didn’t know if their service adhered to WCAG guidelines, and 8% responded ‘Not Applicable’. This is a significant number of responses and may warrant further investigation as to why this is. In the next question that asks about any other guidelines that the organisation follows, 52% responded ‘Don’t know’. This provides further indication that the person responding to the survey did not have the relevant information.
Comparatively, on questions around specific accessibility tools, very few responded that they didn’t know (8%). Similarly, very few responded that they didn’t know if their service offered a route for providing delegated authority (3%). This may indicate the person responding to the survey had more information on the service offered than service standards.
To support a better understanding of how organisations use accessibility standards when designing their service, OfDIA may need to consider how questions on this topic are structured.
Only live services responded in full
The survey was designed so that only data on organisations with a live service was collected. The survey did not collect any data on new services.
Annex B: DSIT Inclusion Monitoring Report Questions 2025
Q1. Which organisation are you reporting on behalf of?
Section 1: General
Q2. Is your product or service currently active in the UK market?
a. Yes
b. No
Q3. What role is your service certified as? Please select all that apply.
a. Identity service
b. Attribute service
c. Orchestration service
d. None of the above
Q4. Which Conformity Assessment Body issued the current certificate for your organisation for certification against the UK digital identity and attributes trust framework?
a. Kantara
b. BSI
c. ACCS
Q5. What type of transactions does your business primarily focus on? Please select all that apply.
a. Business to business
b. Business to consumer
c. Business to business to consumer
d. Other - please specify
Q6. Is your service offered as a white label service to other businesses?
a. Yes
b. No
c. Don’t know
Q7. Does your service offer or support single use or reusable identities and attributes?
a. Reusable
b. Single use only
c. Both
Q8. Is your service cloud based or device based?
a. Cloud based
b. Device based
Q9. Please specify the size of your organisation.
a. Micro: Fewer than 10 employees and turnover of less than or equal to £2million or balance sheet total of less than or equal to £2 million
b. Small: 10-49 employees and turnover of less than or equal to £10 million or balance sheet total of less than or equal to £43 million
c. Medium: 50-249 employees and turnover of less than or equal to £50 million or balance sheet total of less than or equal to £43 million
d. Large: 250+ employees and turnover of over £50 million or balance sheet total of over £43 million
Q10. On average, how many individuals (members of the public) use your service to create, share or verify a digital identity or attribute each month?
- Free text
Q11. On average, how many digital identity or attribute checks does your service undertake or orchestrate each month?
- Free text
Section 2: Documentation
Q12. Across all the use cases your service provides, which GPG45 profiles do you meet? Please select the options that apply to current use cases.
a. L1A
b. LAB
c. L1C
d. L2A
e. L2B
f. L3A
g. M1A
h. M1B
i. M1C
j. M1D
k. M2A
l. M2B
m. M2C
n. M3A
o. H1A
p. H1B
q. H1C
r. H2A
s. H2B
t. H2C
u. H2D
v. H2E
w. H3A
x. V1A
y. V1B
z. V1C
aa. V1D
bb. V2A
cc. V2B
dd. V2C
ee. V2D
ff. V3
Q13. What forms of evidence can someone use to prove their identity or verify an attribute through your service? Please select all that apply for current use cases.
a. UK Passport
b. UK Passport with NFC
c. Non-UK Passport
d. UK Driving Licence
e. EEA Driving Licence
f. EEA Identity card with NFC
g. National ID card with photograph
h. Residence permit
i. PASS card
j. Telco data
k. Council tax letter
l. Electoral register
m. Social media
n. Credit data
o. Utility bill
p. Bank statement
q. Birth or adoption certificate
r. Marriage certificate
s. Bank account details
t. Knowledge Based Verification (KBV) questions
u. Evidence of power of attorney (mark of Public Guardian)
v. Other - please specify
w. Not applicable
Q14. Does your service support vouching as a means of identity or attribute verification for any current use cases? Vouching is a type of evidence that can be used to verify a claimed identity. A person vouches for someone else by declaring they know them as the claimed identity.
a. Yes
b. No
c. Don’t Know
d. Not applicable
Section 3: Accessibility
Q15. If your service is available via a browser, what browsers does your service support? Please select all that apply.
a. Not applicable – the service is not available via a browser
b. Google Chrome
c. Firefox
d. Microsoft Edge
e. Safari
f. Opera
g. Maxthon
h. Brave
i. Vivaldi
j. Duck Duck Go
k. Other – please specify
l. Don’t know
Q16. Does your service adhere to Web Content Accessibility Guidelines (WCAG)?
a. 2.0 (A)
b. 2.0 (AA)
c. 2.0 (AAA)
d. 2.1 (A)
e. 2.1 (AA)
f. 2.1 (AAA)
g. 2.2 (A)
h. 2.2 (AA)
i. 2.2 (AAA)
j. No
k. Don’t know
l. Not applicable
Q17. Does your service adhere to any other accessibility guidelines or best practice? Please select all that apply.
a. The European Telecommunication Standards Institute (ETSI) standard for accessibility requirements EN 301 549 V3.2.1 (2021-03)
b. Accessibility requirements suitable for public procurement of ICT products and services in Europe EN 301 549 V1.1.2 (2015-04)
c. Other – please specify
d. None
e. Don’t know
f. Not applicable
Q18. What, if any, accessibility tools does your service offer? Please select all that apply.
a. Text to speech capability
b. Voice recognition
c. Text magnification
d. Keyboard navigation
e. Compatibility with assistive technologies
f. None
g. Other - please specify
h. Don’t know
i. Not applicable
Q19. What support does your service offer for users verifying an attribute or proving identity? Please select all that apply.
a. Telephone support
b. In person support
c. Live chat support
d. Email support
e. None
f. Don’t know
g. Other - please specify
h. Not applicable
Q20. Does your service offer a route for verifying an attribute or proving identity via delegated authority? Delegated authority is where a nominated individual is given permission to act on behalf of another. For example, when an individual has power of attorney for someone in their care.
a. Yes
b. No
c. Don’t know
d. Not applicable
Q21. How many languages does your UK service offer?
a. 1
b. 2-5
c. 6-10
d. 10+
Section 4: Data
Q22. Does your service collect any demographic information at any point during identity or attribute verification?
a. Yes
b. No
c. Don’t know
Q23. Does your service store any of this demographic data?
a. Yes
b. No
c. Don’t know
Q24. What demographic information does your service collect? Please select all that apply.
a. Name
b. Age or Date of Birth
c. Sex
d. Gender
e. Marital Status
f. Nationality (e.g. via country of issue)
g. Address
h. Ethnicity
i. Religion
j. Socio-economic group
k. Other - please specify
l. Don’t know
Q25. Is any of this demographic information used for monitoring the inclusivity of your service?
a. Yes
b. No
c. Don’t know
Q26. Does your service collect data on ‘drop-out’ or incomplete user journeys?
a. Yes
b. No
c. Don’t know
d. Not applicable
Q27. Does your service collect data on the reasons for ‘drop-out’ or incomplete user journeys?
a. Yes
b. No
c. Don’t know
d. Not applicable
Q28. How is this data on reasons for drop-out collected?
- Free text
Q29. For single-use identity or attribute checks, what are the most common reasons for incomplete user journeys? Please select all that apply.
a. Not applicable
b. Session ‘time’s out’ before completed
c. Lack of identity evidence
d. Lack of understanding about how to complete
e. Change of mind
f. Lack of trust
g. Process takes too long
h. Other - please specify
Q30. For reusable identity or attribute checks, what are the most common reasons for incomplete user journeys? Please select all that apply.
a. Not applicable
b. Session ‘time’s out’ before completed
c. Lack of identity evidence
d. Lack of understanding about how to complete
e. Change of mind
f. Lack of trust
g. Process takes too long
h. Other - please specify
Q31. Does your service collect any data on the reasons for a user being unsuccessful in verifying their identity or attribute?
a. Yes
b. No
c. Don’t know
d. Not applicable
Q32. How is this data on reasons for unsuccessful verification collected?
- Free text
Q33. What are the most common reasons for users being unsuccessful in verifying their identity or attribute? Please select all that apply.
a. Lack of necessary identity evidence
b. Technology failure
c. Inaccurate information
d. Suspicion of fraud
e. Other – please specify
f. Don’t know
Section 5: Biometrics
Q34. What biometric technology does your service use, if any? Please select all that apply.
a. Facial recognition
b. Fingerprint
c. Retina
d. Voice
e. None
f. Don’t know
g. Other - please specify
Q35. Is there an alternative route for users to verify an attribute or prove identity if they do not wish to provide biometric information?
a. Yes
b. No
c. Don’t know
Q36. What performance testing has been completed to assess the biometric technology you use for bias? Please select all that apply.
a. Operational testing (testing in conditions similar to the target operating environment)
b. Scenario testing (testing in a simulated operational setting closely resembling the target operational conditions)
c. Technology testing (testing of biometric algorithms using a defined data set)
d. Other (Please specify)
e. No performance testing for bias was conducted
f. I don’t know if performance testing was undertaken to assess the biometric technology for bias
Q37. How was this testing conducted? Please select all that apply.
a. External independent testing delivered by an ISO/IEC 17025 accredited biometric test laboratory
b. Internal testing that is delivered by a team within the service provider, which uses a recognised testing methodology that meets international standards
c. Internal testing that is bespoke to the service provider that does not follow a recognised testing methodology
d. Other - please specify
e. Don’t know
Q38. Do you have information on the accuracy rates of the biometric technology your service uses for different demographic groups?
a. Yes
b. No
c. Don’t know
Q39. Please provide the most recent accuracy rate for each demographic.
- Free text
Section 6: Future improvements
Q40. What are the challenges to improving the inclusion and accessibility of your service? Please select all that apply.
a. Cost
b. Security
c. Lack of data
d. More guidance needed
e. Lack of access to government data
f. Regulatory restrictions
g. Other - please specify
Q41. If you would like to, please add any information about steps you are planning to take to improve the inclusivity of your service in the next year.
- Free text
Q42. Are there any other comments you would like to make about inclusion or accessibility? This can be about your service or about the market more generally.
- Free text
-
White labelling refers to a business procuring the service of another business and using their own branding on the procured service. ↩
-
Business size is defined as follows:
Micro: Fewer than 10 employees and turnover of less than or equal to £2million or balance sheet total of less than or equal to £2 million
Small: 10-49 employees and turnover of less than or equal to £10 million or balance sheet total of less than or equal to £43 million
Medium: 50-249 employees and turnover of less than or equal to £50 million or balance sheet total of less than or equal to £43 million
Large: 250+ employees and turnover of over £50 million or balance sheet total of over £43 million ↩