Response to: Making public services work for you with your digital identity

The UK Chapter of the Internet Society has submitted two responses to the consultation on “Making public services work for you with your digital identity” – which complement each other.

This consultation seeks views on a proposed national digital ID system for British and Irish citizens and foreign nationals with permission to be in the UK.

The first submission was made on behalf of the Chapter by Olivier Crépin-Leblond, as Chair of the chapter, based on feedback received from members of the Executive Committee as well as community members.

Summary of Responses

Core Principles for a Secure, Inclusive and Resilient Digital Identity System

The Internet Society UK Chapter has reviewed the government’s proposals for a national digital identity system and identified several foundational principles that must guide its development. These points reflect our commitment to an Internet that is open, globally connected, secure, and accessible to all.

1. Convenience Must Not Come at the Expense of Resilience

A unified digital identity may simplify how people prove who they are — but only when systems function perfectly. No digital infrastructure is infallible. Outages, cyber‑attacks, or technical failures could disrupt essential services nationwide if digital identity becomes a de facto requirement. A resilient system must ensure continuity of access, even when digital components fail.

2. Privacy, Security, and Data Minimisation Are Non‑Negotiable

Centralised identity systems create high‑value targets for attackers and raise significant concerns around surveillance, data misuse, and commercial exploitation. To protect individuals and maintain public trust, the system must embed:

  • Strict data minimisation
  • Selective disclosure (only sharing what is necessary)
  • Decentralised architecture to avoid catastrophic single points of failure
  • Quantum‑resistant encryption and modern security standards

These safeguards are essential to prevent identity theft, tracking, and privacy breaches.

3. Digital Inclusion Must Be a Foundational Design Requirement

Millions of people in the UK lack smartphones, reliable connectivity, or digital literacy. A digital‑only identity system risks deepening exclusion and discrimination — particularly in areas such as employment, healthcare, and public services. The system must provide:

  • Free, secure, non‑smartphone alternatives
  • Accessible offline routes
  • Support for people with disabilities, older adults, and low‑income households

Digital identity must never become a barrier to participation in society.

4. Public Services Should Prioritise Reliability Over Further Automation

The UK’s public services are already heavily digitised. Additional automation risks replacing human support, increasing complexity, and creating fragile dependencies on interconnected systems. A modern digital state must prioritise:

  • Human‑centred service design
  • Operational resilience
  • Fallback mechanisms when digital systems fail

Technology should enhance public services — not make them brittle.

5. Users Must Have Full Control Over Their Identity

Trust depends on meaningful user agency. Individuals must be able to:

  • Delete their digital identity and all associated records
  • Prevent unauthorised revocation
  • Choose where their identity is stored, including non‑digital options
  • Limit what private organisations can access

Legal safeguards must ensure accountability for misuse by authorities or commercial providers.

6. Digital Right‑to‑Work Checks Risk Exclusion and Discrimination

Mandating digital identity for employment checks would disproportionately harm people without devices or digital skills. Any right‑to‑work system must:

  • Avoid digital‑only requirements
  • Provide robust support for employers and workers
  • Ensure no one is excluded from employment due to technology barriers

Fairness in the labour market requires inclusive verification pathways.

7. Alternative Access Routes Must Be Equally Secure

Non‑digital identity options must not be treated as second‑class. They must:

  • Maintain strong privacy protections
  • Avoid transmitting sensitive data insecurely
  • Prevent insider compromise
  • Use attribute separation rather than centralised data stores

Biometrics and genetic identifiers must be treated as high‑risk, non‑reissuable data, with strict limits on their use.

Conclusion

A national digital identity system can offer real benefits — but only if it is built on the principles of security, privacy, resilience, and inclusion. The Internet Society UK Chapter urges policymakers to adopt a design that protects individuals, strengthens trust, and avoids creating new forms of digital exclusion or systemic vulnerability.

We stand ready to support an approach that enhances the UK’s digital future while safeguarding the open, global Internet on which society depends.

Original Submission

Questions are in RED and answers are in BLUE.

The second submission (to be published shortly) was made by Christian de Larrinaga, focussing on specific points in particular.

Scroll to Top