Guidance

Enabling the use of digital identities in the UK

We’re working to help people securely prove who they are without having to presentrely on physical documents.

From:
Department for Science, Innovation and Technology
Published
13 February 2023
Last updated
1322 SeptemberMarch 20242023 See all updates

Overview

TheIn the Department for Science, Innovation and Technology (DSIT), iswe’re enablingworking theto usehelp of trusted digital identity services in the UK. Digital identities give people another way to securely prove things about themselves, such as who they are or what their age is, without having to repeatedly present physical documents.  documents.

The government is alsonot rollingmaking outdigital GOV.UKidentities Onemandatory. Login,This is not a morestep straightforwardtowards ID cards. Instead, we’re setting robust standards to make sure innovative private-sector solutions protect privacy, boost security, and secureenable waygreater foraccessibility, all while growing the economy by saving people toand provebusinesses theirtime and money.

To maintain trust in digital identity products and accessservices governmentas servicesuptake online.increases and technology develops, we are setting up a governance structure, underpinned by legislation, to ensure standards are being followed and to keep them up to date.

TheThis governmentpage collects digital identity guidance published to date and is notprimarily makingaimed at 4 groups:

What is a digital identity?

If you’ve scanned your driving licence to open a bank account, used your passport at an automated border gate, or used your face to unlock your phone, you’re already familiar with somethe sorts of the technologies used in digital identity services. products.

A digital identity is a digital representation of your identity information, like your name and age. At your request, it can also contain other information about you, like your address, or biometric information, like a fingerprint or face scan. scan.

It enables you to prove who you are during interactions and transactions without presenting physical documents. documents.

Just like when a physical document (such as a passport) is checked, someone checking your digital identity must have a way to know that it is genuine and that it belongs to you. you.

For example, some banks will check your identity digitally when you want to open an account. A typical process using a digital identity is: is:

  • You use your smartphone to take a photo of a document (such(e.g. as a passport or driving licence) 

    licence)

  • It is checked digitally to confirm it is genuine 

    genuine

  • You take a photo or video of yourself which is matched to the one on the document 

    document

  • Your identity is confirmed 

Unlike with a physical document, whenyou usingare aable digitalto identity, you can limit the amount of information you share to only what is really necessary. For example, if you are asked to prove you are over 18, you could provide a simple yesyes/no or no response and avoid sharing any other personal details.

Standards

Currently, foryou have to go through an identity checking process each time you need to prove your identity, and many places don’t accept digital identitiesidentity products, online or in real life. You also don’t currently have an external assurance that this process is optimally secure and attributes 

privacy-preserving.

ItThe iscommon, importantrobust thatstandards in the UK digital identitiesidentity canand beattributes trustedtrust framework will change this by enabling digital identities to be reliablereused while providing assurance of privacy and accurate,security.

Story justso likefar

  1. In physicalSeptember documents.2020, Thewe Departmentpublished our response to a call for Science,evidence Innovationgathering andviews Technologyon hashow developedgovernment acan setsupport the development of rulessecure calleddigital identities in the UK

  2. In February 2021, we published the first version of the UK digital identity and attributes trust framework, towhich helphas achievebeen this.in development since

    What

  3. In isMarch 2022, we published a response to a public consultation on our proposed approach to enabling secure digital identities in the trustUK framework?  economy

  4. TheIn April 2022, employers and landlords became able to use providers with certified services for pre-employment, rental eligibility and criminal record checks

  5. In June 2022, we published the current ‘beta’ version of the trust framework isand astarted setour ofbeta government-backedtesting rules,programme

  6. In guidanceMarch 2023, the Data Protection and standardsDigital forInformation trustworthy(No.2) Bill had its first reading in Parliament. The Bill will underpin the trust framework and secureits digitalgovernance and allow identity services.and eligibility checks to be made against trusted, government-held data

Useful information for providers

OrganisationsThere are three types of providers that offerfall directly under the scope of the rules found in the UK digital identity servicesand attributes trust framework:

The rules applying to each can choosebe found in sections 11 to follow15 of the trust framework.

Providers looking to become certified against the trust framework are already able to do so with government-approved certifying bodies who are undergoing accreditation with the UK’s national accreditation body, UKAS, who has a list of approved certification bodies.

Organisations interested in getting certified should read the guidance on becoming certified against the trust framework.

There Theyare maylive use cases with pre-employment, rent eligibility and criminal record checks. The government has also choosepublished guidance on how to become certified to perform these checks, which require additional rules to be independentlyfollowed. certifiedHome asOffice doingrequirements so.for Wherethese achecks servicecan isbe certified,found usersat the guidance pages for right to work, right to rent and businessesDisclosure alikeand Barring Service (DBS) checks.

The certification process for the trust framework and any other digital identity overlay schemes is modular: you can certify your services against the trust framework and other overlay scheme guidance which builds on it for particular use cases (such as the right to bework, private,right secureto rent and reliable.DBS Theyschemes).

You cando benot confidentneed thatto itrecertify meetsagainst highthe standardstrust inframework areasevery includingtime privacy,you dataseek protection,certification fraudagainst management,an cyberadditional security,overlay scheme.

Useful information for certifying bodies

The UK digital identity and inclusivity. attributes trust framework is now in its beta version. Guidance for providers on becoming certified against the trust framework has been published for those wishing to participate.

The trust framework draws on other government guidance for proving and verifying someone’s identity (GPG 45) and for using authenticators to protect an online service (GPG 44). ).

ThisThere ‘betaare version’further ofrules, thestandards, trustguidance frameworkand haslegislation beenin publishedthe followingtrust extensiveframework, feedbackwhich anda testing.provider’s Itservices hasmust beenor developedshould infollow anto openbecome andcertified.

As iterativethe way,certification withprocess inputfor fromthe overtrust 250framework organisationsis acrossmodular, civila society,provider’s industry,services standardscan bodies,be andcertified academia.against Thisother approachstandards hason helpedtop ensureof thatthe trust framework rulesas arepart appropriateof andan proportionate. overlay scheme.

TheThere Departmentare currently public-sector overlay schemes open for Science,right Innovationto work, right to rent and TechnologyDBS ischecks. responsibleAdditional Home Office requirements for preparingthese checks can be found at the trustguidance frameworkpages andfor ensuringright itto remainswork, upright to date.rent Previousand versionsDBS ofchecks. theThe trustgovernment frameworkhas arepublished availableguidance on gov.uk.how to become certified to perform these checks.

List

If ofyou want to know which providers have already been certified digitalto identitycarry out right to work, right to rent and attributeDBS services checks, you can refer to the list of providers with certified services.

Useful information about overlay schemes

The registerUK of digital identity and attributeattributes servicestrust framework isprovides a listbaseline ofstandard organisationsfor whothe providesecure digitaluse identityof servicesdigital whichidentities, areand currentlyis certifiednot againstuse thecase trust framework.   specific.

EachSome organisationuse oncases themay registerhave hasadditional passedrequirements, independentfor certificationexample andfor governmentproviders checksrunning topre-employment, makerent sureeligibility they’re trustworthy and suitablecriminal torecord join the register. checks.

ByThese accessingadditional therequirements register,may yoube cancodified findby up-to-datean organisation andor contactgroup detailsof fororganisations certifiedas providerspart andof downloadan theiroverlay certificatesscheme. toThe checkoverlay scheme can then use the detailstrust offramework theircertification certification.process to certify against these extra requirements.

ReadAn theoverlay guidancescheme pageis forany organisationsorganisation onor howgroup toof joinorganisations the register.that:

Certification
  • Creates againstadditional rules on top of those in the trust framework 

Organisationsframework interestedthat reflect the requirements in gettinga particular use case

  • Wants participating providers to be certified against those rules.

    • The certification process for the trust framework mustis engagemodular, meaning providers can ‘top up’ trust framework certification with onecertification ofagainst the approvedrules conformityof assessmentone bodiesor more overlay schemes.

    OrganisationsIf areyou’re assessedinterested byin alearning combinationmore ofabout desksetting reviewsup andan on-siteoverlay auditsscheme, dependingplease onsend thean scopeemail to bedigitalidentity-certification@dcms.gov.uk.

    Useful assessed.information Certificationfor isemployers, abusinesses, time-limitedand process,other andbodies

    Employers, certifiedbusinesses organisationsor needother bodies, who are often referred to undertakeas anrelying annualparties surveillancein auditthe anddigital recertificationidentity everymarket, twoare yearsalready able to remaincontract onwith theproviders registerwho ofhave undergone certification to conduct digital identitypre-employment, rent eligibility and attributecriminal services.

    Supplementaryrecord schemes 

    Achecks supplementaryusing schemedigital isidentity atechnologies.

    Digital setDisclosure ofand extraBarring rulesService which(DBS) identity checks can be addedundertaken onby topproviders ofwhose theservices ruleshave inbeen thecertified, UKas can digital identityright andto attributeswork trustand frameworkright to showrent howchecks servicesfor canBritish meetand anyIrish additionalpassport-holders.

    If needsyou inare specificlooking to use casescertified orservices sectors.to Thecarry scheme’sout extradigital rulesright areto integratedwork, intoright theto trustrent framework’sand certificationDBS system,checks, soyou servicesshould canrefer certifyto againstthe themlist as part of theproviders samewith robustcertified process.services.

    ThereHome areOffice threerequirements existingfor supplementarycertification schemesto whichcarry setout additionalthese ruleschecks forcan digitalbe verificationfound serviceat providersthe conductingguidance digitalpages for right to work, right to rent and DisclosureDBS andchecks.

    Latest Barringnews

    28 ServiceNovember (DBS)2022: checksThe robust certification process underpinning digital identity services

    Read10 theMarch guidance2022: forNew providerslegislation onset how to becomemake certifieddigital againstidentities thesemore supplementarytrustworthy schemesand secure.

    Updates

    19 January 2022: New digital identity checking for landlords and employers to thistackle page

    immigration abuse

    Published

    Contact 13us

    Stakeholders Februaryacross 2023
    Lastthe updatedprivate 13sector, Septembercivil 2024 + showsociety allsector updatesand academia have been involved in developing every step of our work, with over 250 organisations giving us direct feedback through monthly sessions over the last three years.

    If you are a provider, scheme, academic or business interested in joining our stakeholder sessions, please email digitalidentity-engagement@dcms.gov.uk

    Published 13 February 2023
    Last updated 22 March 2023 + show all updates

    1. The Data Protection and Digital Information (No.2) Bill reintroduced to Parliament.

    Sign up for emails or print this page

    Contents