The UK Chapter of the Internet Society has submitted two responses to the consultation on “Making public services work for you with your digital identity” – which complement each other.
This consultation seeks views on a proposed national digital ID system for British and Irish citizens and foreign nationals with permission to be in the UK.
The first submission was made on behalf of the Chapter by Olivier Crépin-Leblond, as Chair of the chapter, based on feedback received from members of the Executive Committee as well as community members.
Summary of Responses
Core Principles for a Secure, Inclusive and Resilient Digital Identity System
The Internet Society UK Chapter has reviewed the government’s proposals for a national digital identity system and identified several foundational principles that must guide its development. These points reflect our commitment to an Internet that is open, globally connected, secure, and accessible to all.
1. Convenience Must Not Come at the Expense of Resilience
A unified digital identity may simplify how people prove who they are — but only when systems function perfectly. No digital infrastructure is infallible. Outages, cyber‑attacks, or technical failures could disrupt essential services nationwide if digital identity becomes a de facto requirement. A resilient system must ensure continuity of access, even when digital components fail.
2. Privacy, Security, and Data Minimisation Are Non‑Negotiable
Centralised identity systems create high‑value targets for attackers and raise significant concerns around surveillance, data misuse, and commercial exploitation. To protect individuals and maintain public trust, the system must embed:
- Strict data minimisation
- Selective disclosure (only sharing what is necessary)
- Decentralised architecture to avoid catastrophic single points of failure
- Quantum‑resistant encryption and modern security standards
These safeguards are essential to prevent identity theft, tracking, and privacy breaches.
3. Digital Inclusion Must Be a Foundational Design Requirement
Millions of people in the UK lack smartphones, reliable connectivity, or digital literacy. A digital‑only identity system risks deepening exclusion and discrimination — particularly in areas such as employment, healthcare, and public services. The system must provide:
- Free, secure, non‑smartphone alternatives
- Accessible offline routes
- Support for people with disabilities, older adults, and low‑income households
Digital identity must never become a barrier to participation in society.
4. Public Services Should Prioritise Reliability Over Further Automation
The UK’s public services are already heavily digitised. Additional automation risks replacing human support, increasing complexity, and creating fragile dependencies on interconnected systems. A modern digital state must prioritise:
- Human‑centred service design
- Operational resilience
- Fallback mechanisms when digital systems fail
Technology should enhance public services — not make them brittle.
5. Users Must Have Full Control Over Their Identity
Trust depends on meaningful user agency. Individuals must be able to:
- Delete their digital identity and all associated records
- Prevent unauthorised revocation
- Choose where their identity is stored, including non‑digital options
- Limit what private organisations can access
Legal safeguards must ensure accountability for misuse by authorities or commercial providers.
6. Digital Right‑to‑Work Checks Risk Exclusion and Discrimination
Mandating digital identity for employment checks would disproportionately harm people without devices or digital skills. Any right‑to‑work system must:
- Avoid digital‑only requirements
- Provide robust support for employers and workers
- Ensure no one is excluded from employment due to technology barriers
Fairness in the labour market requires inclusive verification pathways.
7. Alternative Access Routes Must Be Equally Secure
Non‑digital identity options must not be treated as second‑class. They must:
- Maintain strong privacy protections
- Avoid transmitting sensitive data insecurely
- Prevent insider compromise
- Use attribute separation rather than centralised data stores
Biometrics and genetic identifiers must be treated as high‑risk, non‑reissuable data, with strict limits on their use.
Conclusion
A national digital identity system can offer real benefits — but only if it is built on the principles of security, privacy, resilience, and inclusion. The Internet Society UK Chapter urges policymakers to adopt a design that protects individuals, strengthens trust, and avoids creating new forms of digital exclusion or systemic vulnerability.
We stand ready to support an approach that enhances the UK’s digital future while safeguarding the open, global Internet on which society depends.
Original Submission
Questions are in RED and answers are in BLUE.
