Futureproofing the UK’s digital identity market

Digital identities, a digital representation of a person which enables them to prove who they are during online interactions and transactions, can provide significant economic, efficiency and privacy-related benefits. But successful adoption of digital identities hinges on whether users can trust them, a decision often related to the security of these solutions.

In an attempt to address this concern, governments around the world are working to establish frameworks and standards which could make the roll-out of digital identities secure and trustworthy, and in line with people’s expectations around data privacy.

The European Commission, for example, has put forward a framework for a secure European Digital Identity that will be available to all citizens, residents, and businesses in the European Union. In Australia, the Government has published draft digital identity legislation that will enshrine privacy and consumer safeguards for its Trusted Digital Identity Framework.

The UK Government, meanwhile, has set out its ambition to make digital identities as trusted as passports. Underpinning this is the development of a voluntary ‘Trust Framework’. Digital identity providers will be awarded a ‘trust mark’ so long as they comply with certain security, privacy and inclusivity standards. This means that, in future, UK businesses and consumers will be able to see if a digital identity scheme is certified and make an informed decision about whether they want to use it.

Stephen Bailey, digital identity lead at NCC Group, said: “NCC Group welcomes the UK Government’s proposals. We too see the immense opportunities presented by digital identities. There are, however, several security, data privacy and logistical hurdles that will need to be cleared before the UK can move forward with a futureproofed digital identity framework that people will trust.

“One major challenge will be securing the personal data processed by the various parties involved in the provision of digital identity products. There will be points in this process where, without the right security measures in place, data is vulnerable or the impact of a compromise could be particularly significant. A holistic approach that ensures security throughout this process needs to be taken.”

Stephen continued: “As the use of digital identities becomes more ingrained in the UK, as well as the global economy, critical systems such as financial services will come to rely on them to function. Digital identities may, as a result, become part of what we deem to be critical national infrastructure (CNI). In the UK, such infrastructure is subject to specific security rules and regulations. To ensure the Government’s Trust Framework is futureproofed from the outset and to avoid unnecessarily increasing the workload of participating organisations, it would make sense to align its security standards with those of CNI from the outset or, at the very least, build flexibility into the framework that allows it to adapt over time.

“The UK’s Framework cannot be just another voluntary standard. To make it a success, it must be reinforced with resource and investment, effectively promoted and, critically, kept up-to-date and relevant in what is a fast-evolving sector. Building and sustaining momentum, with a strong governing body driving it forward, will be key.”

The UK Government is set to pilot and finalise its plan over the next year or so. If it addresses these points, it has the opportunity to develop a truly world-leading digital identity framework with cyber security and data protection at its heart.

Image: Shutterstock: Royalty-free stock illustration ID: 608453894.