On 25 September 2025, the UK government announced the introduction of a national digital identity scheme for adult residents of the UK. Under the proposal from Prime Minister Keir Starmer’s government, the digital ID – nicknamed BritCard – will become mandatory for proving the right to work, a key part of the government’s efforts to reduce illegal migrant crossings. The government says the scheme will make it easier for citizens to access a range of services, including welfare and childcare, as well as driving license applications.
Yet the UK government’s plan has triggered significant opposition. Critics argue it raises serious privacy and civil liberty risks. Many worry it could further expand state surveillance and concentrate large volumes of sensitive personal data. Some see echoes of Tony Blair’s ill-fated ID-card scheme, abandoned in 2010 amid privacy concerns and political backlash.
In this post, we’ll explore precisely what is being proposed, what we know about how the scheme will be governed and secured, and weigh up the possible benefits and potential risks.
What the UK government is proposing
Under current plans, every UK citizen and legal resident will be issued a digital credential stored in a supposedly secure phone application. Those without smartphones will be able to access an equivalent paper or offline alternative, though details are still vague. The Office for Digital Identities and Attributes (OfDIA) is overseeing the rollout after the closure of the GOV.UK Verify programme.
Alongside the app, the Department of Science, Innovation and Technology (DSIT) published a “trust framework” setting rules for how identity verification companies can operate. The idea is that approved private providers will help verify identities, while government systems simply recognize those verifications. In theory, this model would reduce bureaucracy because one secure digital proof could replace the endless duplication of passports, bank statements, and utility bills that are required for everything from job applications to tenancy agreements.
The government also presents the scheme as a tool for tackling illegal work. Employers would scan or receive a digital credential proving that a job applicant has the right to work in the UK. Ministers say this will speed up enforcement and make it more reliable, while eliminating paper-based loopholes exploited by fraudsters.
UK digital IDs: Why advocates see an upside
Supporters of digital ID systems point to the obvious conveniences. Citizens could log into public services more easily, prove their age or identity online, and avoid repeating the same checks with every new employer or landlord. The scheme could cut red tape and save the state and private sectors time and money.
Proponents also argue that digital credentials, if properly designed and implemented, can strengthen privacy rather than weaken it. Instead of handing over photocopies of documents that reveal far more than necessary, users could consent to sharing only the specific information required. For example, a person could confirm they’re over 18 without disclosing their full birth date.
January 2025’s state of digital government review estimates that complete digitisation of public sector services could unlock billions of pounds in productivity gains over the coming decade. The UK is far from alone in seeking such reforms, with similar systems being adopted in countries across Europe and Asia as governments digitize services and move toward paperless administration.
UK digital IDs: The privacy concerns
Despite the potential benefits, there are serious reservations regarding UK digital IDs:
Centralisation
However decentralized the architecture may claim to be, a national digital ID programme ultimately creates a shared dependency on one system. A breach of credentials or compromise of authentication servers could expose not just data, but the ID’s ability to function.
If many services depend on a single national credential or on centrally run infrastructure, successful attacks can have a much greater impact. If identity data such as names, dates of birth, photos, and device identifiers are held or cross-referenced, then attack risk increases significantly.
Data collection
The initial use cases for UK digital IDs may be confined to age verification and right-to-work checks. Yet, once the infrastructure is in place, the pressure to expand increases, also known as function creep. Civil liberty advocates warn that a voluntarily adopted tool could become mandatory for accessing essential services.
Over time, individuals might find themselves compelled to disclose personal information not only for renting property or opening a bank account, but for routine interactions such as accessing healthcare or applying for government benefits. This incremental expansion of data collection raises important questions regarding privacy and consent.
Third-party access
The UK model uses certified private digital verification systems. That raises questions about what private firms can see or store, how long they keep records, and how transparent their business practices are. Privacy advocates have also raised concerns about how far digital IDs might connect with information held by private companies such as banks and telecoms – and whether such links could allow data to be shared or analyzed across multiple systems.
If identity credentials become part of a verification “ecosystem”, the governance framework must be strong. The UK trust framework states that transparency, proportionality, and good governance must apply, but critics say early details remain too vague.
Surveillance and profiling
A nationwide digital ID system could deepen the government’s ability to track and profile individuals. It’s not just the core identity data that matters, but also metadata such as who verified what, where, and when. Privacy campaigners argue that, once a single ID is used to access multiple services, it becomes technically possible to build a detailed profile of a person’s activities. The infrastructure makes large-scale surveillance easier.
Exclusion and accessibility
If the digital ID is smartphone-based or otherwise device-centric, people who lack smartphones (or the skills to use them), stable connectivity, or have disabilities may be disadvantaged. A push toward digital-first services risks excluding groups unless strong non-digital alternatives and support are guaranteed. Government guidance says that paper documents will continue, but critics say that design must be robust.
Security vulnerabilities
No digital system is completely immune to failure or attack, and identity databases are particularly attractive targets for cybercriminals. Critics warn that a single data breach could expose sensitive information about millions of people – not just names and dates of birth, but also verification records and potentially biometric data.
Even without a major breach, security lapses can erode trust. Many experts emphasize that a UK digital ID system would need continuous monitoring, third-party audits, and robust incident-response mechanisms to prevent and contain data exposure.
How other countries have managed digital IDs
While the UK’s scheme is still in its early phase, other countries provide cautionary tales and lessons:
India
India’s Aaadhaar system is the largest digital ID programme in the world, assigning a 12-digit unique number to over 1.4 billion residents. Originally designed to streamline welfare delivery and reduce fraud in social benefits, it has expanded to banking, mobile SIM registration, tax compliance, and even school enrolment.
Although Aadhaar has made accessing government services faster and more efficient for many, it has faced multiple data leaks and reports of insecure endpoints. Privacy advocates warn that linking Aadhaar to so many services increases the risk of function creep, where a system initially limited to social benefits becomes a tool for broader surveillance. Despite these concerns, supporters argue that Aadhaar has helped reduce fraud and ensured welfare payments reach the right people more efficiently.
Estonia
Estonia is often cited as a model for digital governance. Its e-ID card underpins almost all public services, from voting and healthcare to banking and taxation. The system is considered highly secure, using digital signatures and strong cryptography to verify identity online. Yet in 2017, a vulnerability in the cryptographic chips required the government to suspend and reissue hundreds of thousands of ID cards. Estonia mitigated the problem but the episode shows that even strong e-states face challenges when widely deployed credentials are compromised.
Belgium
Belgium’s widely adopted eID card serves as both a government-issued identification and a digital authentication tool for accessing online services. Citizens use it for everything from tax filings to healthcare portals and banking transactions. Belgium’s system places a strong emphasis on legal safeguards. Strict rules govern data sharing, retention, and third-party access, all of which limit potential misuse.
Balancing convenience and privacy
Digital IDs offer an appealing vision of a more efficient and connected state. They promise faster verification, reduced paperwork, and a simpler way to access public and private services. Supporters of UK digital IDs argue that a secure, standardized system could cut fraud, lower administrative costs, and help modernise public infrastructure that relies on outdated, manual checks.
Yet the question isn’t only about convenience. Even the most advanced technology can only succeed if people believe their data is being handled safely and transparently. The UK’s recent data breaches and the rapid expansion of state surveillance powers have left many skeptical of new systems that centralise personal information, even if officials insist that safeguards are in place.
The UK government has promised that BritCard will not create a central database, and that individuals will control what information is shared for each verification. If implemented faithfully, such a decentralized approach could limit risks of profiling and misuse. Privacy experts stress that strong technical design must be accompanied by independent oversight and clear accountability, as well as the ability for citizens to challenge any misuse.
Ultimately, the balance the UK must strike is ensuring that convenience never comes at the expense of people’s right to privacy.
UK digital ID FAQs
Will digital ID be mandatory in the UK?
Under the current government plans, the proposed BritCard system will be mandatory for proving the right to live and work in the UK. Broader users such as accessing public services may remain voluntary. Keir Starmer’s government has said it doesn’t intend to create a centralized database, but details on enforcement as well as opt-out rights are still vague.
Can I refuse to have a digital ID?
Whether you can refuse to have a UK digital ID really depends on how the scheme is implemented. If digital IDs become the primary way to prove the right to work or access certain services, refusing to use one could make those processes more difficult or even impossible. The government has indicated that digital IDs will be used alongside traditional forms of verification, at least during the transitional period.
Which countries have a digital ID?
Many countries have adopted national ID systems. These include Estonia, Belgium, and Finland in Europe, as well as India with its Aadhaar identity number. myGovID in Australia allows access to tax and business services while the Digital ID and Authentication Council in Canada is working with provinces and banks to create compatible digital credentials.
