UK's digital identity implementation necessitates collaboration between the public and private sectors, according to industry experts.

UK's digital identity implementation necessitates collaboration between the public and private sectors, according to industry experts.

UK Nationwide Digital Identity Scheme: Best Practices and Recommendations

A UK nationwide digital identity scheme is being proposed to enhance security, privacy, inclusivity, and trust while ensuring scalability and cost-effectiveness. Here are some best practices and recommendations based on the current UK landscape and international efforts.

Robust Identity Verification and Compliance

The digital identity scheme must adhere to strong identity verification standards, complying with UK regulations such as the UK GDPR and new identity verification rules. This includes biometrics, government-issued IDs, and re-verification processes to prevent fraud, with penalties in place for non-compliance.

Privacy and Data Protection

Privacy must be a foundational aspect, respecting data protection laws like the UK GDPR and the new Data (Use and Access) Act. Systems should incorporate "privacy by design" principles and clear user consent models that reduce power imbalances and respect user control over personal data.

Inclusivity and Accessibility

The digital identity scheme should cater to all demographics, especially the elderly and those without smartphones, to avoid exclusion and digital divide issues. This addresses practical hurdles noted by UK officials exploring digital ID.

Interoperability and Cross-Border Functionality

The digital identity should be interoperable with existing public and private services and enable cross-border recognition, taking lessons from the EU Digital Identity Wallet framework and agreements like the UK-Spain certification cooperation.

Security and Cyber Risk Governance

Strong cybersecurity measures must be embedded, including mitigation of cyber risks and secure AI deployment. Governance codes for cyber risk should guide organizational responsibility at the board level.

Market Adoption and Stakeholder Engagement

The scheme should gain broad support from government, businesses, and citizens. Regulatory frameworks must create trust and certainty for corporate service providers, directors, and end-users, promoting marketplace confidence and uptake.

Cost-Effective Implementation and Maintainability

Addressing cost concerns through scalable technology and streamlining processes is essential, as cost estimations for such a scheme vary considerably.

A Call for Regulatory Ownership and Public-Private Collaboration

Lee McNabb, head of payments strategy and partnerships at NatWest Group, called for more regulatory "ownership" due to "regulatory fragmentation," which leads to a lack of "real clarity on what digital ID means." McNabb also emphasized the importance of the UK digital ID scheme being commercially viable.

Ronny Khan, senior advisor at The Norwegian Digitalisation Agency, highlighted the Nordics' "well-developed" digital ID system, which was achieved through public-private cooperation. McNabb referred to Australia's approach to overcoming cultural resistance to an ID scheme by framing it as enabling a core outcome, rather than labeling it as digital ID.

The GOV.UK Wallet and App

The GOV.UK Wallet and app will launch this year with an early version of a digital driver's licence, followed by adding other data points. By starting with a digital driver's licence on the government wallet, it becomes the norm for 16 and 17-year-olds.

Establishing Trust in Digital ID

Leon Ifayemi, director of coalitions and research at CFIT, expressed concerns about banks relying on digital ID if they can't verify the accuracy of the data. Ifayemi suggested that gradualism is needed to establish trust in digital ID, using the GOV.UK Wallet and app as an example.

In March this year, CFIT published a blueprint for fighting economic crime through the widespread adoption of Digital Company ID. The panel discussion, titled 'Are digital identities the solution to stopping fraud?', took place at Pay360 on 26 March in London. The panel was moderated by Daniel Saliba, ambassador at The Payments Association. Reinhard Hochrieser, vice president of product management at Jumio, suggested that regulators and government should "align" on a common standard, with companies "building products on top." However, Hochrieser did not suggest that regulators and government should align on a common standard, or that companies should build products on the basis of a common standard set by regulators and government.

1. To ensure the success and scalability of the UK nationwide digital identity scheme, partnerships between government, businesses, and citizens should be fostered for broad support and market adoption.
2. In the pursuit of inclusivity, the digital identity scheme should cater to all demographics, employing 'privacy by design' principles and user consent models that respect user control over personal data.
3. Innovation in technology and cybersecurity measures must be integrated into the digital identity scheme, including robust AI deployment and governance codes for cyber risk.
4. For optimal functionality, the digital identity should be interoperable with existing services and enable cross-border recognition, emulating the EU Digital Identity Wallet framework and UK-Spain certification cooperation.
5. The digital identity scheme must adhere to strong identity verification standards, complying with regulations such as the UK GDPR, and ensuring secure, efficient, and cost-effective payments via open banking strategies.
6. A well-defined strategy should be in place to address potential regulatory fragmentation and conflicting industry standards, as emphasized by Lee McNabb, while learning from the Nordics' successful public-private cooperation model.

Read also: