Practical Privacy, Security, and Speech Guide
A field guide to modern privacy, security, and freedom of speech.

17.3 Government digital ID

A passport held in a hand
A single credential proposed to stand in for identity across daily life.

What is being built

For decades the United Kingdom has been unusual among large democracies in having no compulsory national identity card. An attempt to introduce one in the 2000s was scrapped in 2010 after sustained opposition, and the associated database was destroyed. That history matters, because the proposals now under way represent a return to an idea the country had previously rejected — this time in digital form, and assembled piece by piece rather than announced all at once.

The pieces already here

Several components already exist or are well advanced. GOV.UK One Login is a single sign-on system intended to become the standard way of accessing central government services online, consolidating what used to be many separate logins into one verified identity. A government digital wallet has been developed to hold official credentials on a smartphone, beginning with documents such as a digital driving licence. Each of these is presented as a convenience, and taken individually each is modest. Together they form the scaffolding of a national digital identity: a verified account, a way to prove who you are, and a wallet to carry official credentials.

The mandatory proposal

In September 2025 the government went further, announcing plans for a mandatory digital identity scheme, widely reported under the working name "BritCard". As described, it would be required to prove the right to work in the UK, with the stated aim of making illegal employment harder and so reducing an incentive for irregular migration. The proposal was immediately controversial. A petition against it gathered very large numbers of signatures within days, and opposition came from across the political spectrum, including from civil-liberties groups, technologists, and members of the governing party's own side. The precise scope, timetable, and legal form remained under discussion and consultation, and the details may change substantially or the scheme may be altered before any implementation.

The important point for a reader of this guide is the direction, not the brand name. A credential that is mandatory to prove the right to work is, by definition, something almost every adult must obtain and present. Even if it is introduced for that single purpose, it establishes a verified, government-issued digital identity held by nearly the whole population — and the history of such systems is that, once they exist, the number of situations in which they are demanded tends to grow.

The case made for it

It is only fair to state the case in its strongest form. A reliable digital identity could make many interactions genuinely easier: proving your age without revealing your name, accessing services without repeated form-filling, reducing certain kinds of fraud, and replacing the awkward business of posting copies of passports to landlords and employers. Proponents argue that people already hand identity data to dozens of private companies with far weaker safeguards than a government scheme would have, and that a well-designed state system using modern, privacy-preserving cryptography could reveal less, not more, than the status quo. Several other countries operate digital identity schemes that are popular and broadly trusted.

These arguments are not empty, and a flat refusal to engage with them weakens the case for caution. The right response is not to deny that digital identity could be done well, but to ask hard questions about whether this scheme, with this governance, these safeguards, and this trajectory, actually will be — and to insist that the burden of proof lies with those building a system that is difficult to dismantle once in place.

Why it worries people

How one identity links separate activities together.
A single credential can become the key that links everything.

Function creep

The first and most consistent concern is function creep: the tendency of a system built for one purpose to acquire others. A credential introduced to prove the right to work is easy to extend to renting a home, opening an account, accessing healthcare, claiming benefits, proving age online, or boarding transport. Each extension is individually defensible and administratively convenient. The end state, reached without any single decisive vote, is a society in which one government credential is the key to ordinary participation — and in which not having it, or having it suspended, becomes a serious disability. History shows that identity systems rarely shrink in scope; they grow.

A single point of failure

Concentrating identity into one system also concentrates risk. A credential that unlocks everything is a target worth attacking, and a breach or compromise is correspondingly more damaging than the loss of any single password. Large government IT systems do not have an unblemished record. Beyond outright breaches, there are quieter failures: incorrect records that are hard to correct, accounts wrongly flagged or locked, and the ordinary friction of a system that everyone is forced to depend on. When one credential gates access to work, money, and services, its failure — whether through attack, error, or outage — stops being an inconvenience and becomes an emergency.

Exclusion and coercion

A mandatory digital identity also raises questions of exclusion and coercion. Not everyone has a smartphone, reliable connectivity, or the confidence to manage digital credentials: the elderly, the poor, the homeless, people fleeing abuse, and others at the margins are most likely to struggle and most likely to be harmed by being locked out. A system that becomes necessary for daily life can exclude exactly those who can least afford it. There is also the coercion concern that runs through 2.5 and Chapter 10: a credential that can be demanded can be demanded by an abusive partner, an overbearing employer, or an official exceeding their authority, and the more it unlocks, the more is lost when someone is compelled to hand it over.

What you can do

For now, the most important responses are civic rather than technical, because the scheme is still being decided. Where elements remain genuinely optional, you can choose not to adopt them, and can prefer existing physical documents and processes where they still work. You can engage with consultations, petitions, and your elected representatives, since several of the measures in this chapter have been delayed or amended precisely because of public pressure, and digital identity in particular remains contested rather than settled.

Where digital identity does become mandatory for a specific purpose, the sensible posture is the one this guide recommends throughout: comply with what the law actually requires, disclose no more than that, and keep the credential compartmentalised from activities it does not need to touch. Resist the convenience pull to use one government identity to log in everywhere simply because it is offered, since every such use adds a link to the profile. Keep physical fallbacks where they exist, because dependence on a single digital credential is itself a risk. And stay informed about scope: the difference between a credential used only to prove the right to work and one demanded to read, speak, and move is the difference this whole chapter is about. The consolidated steps are in 17.7.