https://enablingdigitalidentity.blog.gov.uk/2026/04/13/the-information-gateway-enabling-secure-sharing-of-information-held-by-public-authorities-with-trusted-digital-verification-services/

The information gateway: enabling secure sharing of information held by public authorities with trusted digital verification services

Posted by: , Posted on: - Categories: Digital identity
A person holding a phone in their hand and also using a laptop

Through the information gateway, registered digital verification service (DVS) providers can ask for information directly from public authorities.

Section 45 of the Data (Use and Access) Act 2025 contains a power that is referred to as the "information gateway", which allows public authorities to share information with digital verification service (DVS) providers, as long as information is only provided:

  • to DVS that are certified against the UK DVS trust framework and registered on the DVS register
  • for the purpose of providing identity or eligibility verification services
  • at the request of the individual to whom the data relates; and
  • in compliance with other relevant existing legislation, including data protection legislation.

This power will help enable more efficient, fully digital processes, allowing people to prove their identity digitally without needing to scan physical documents. The information gateway is a key part of the government’s approach to enabling the widespread use of trustworthy digital verification services, which could generate at least £701 million per year in economic benefits in the UK.

Public authorities receiving requests under section 45 of the Act are encouraged to share information with the registered DVS provider through the information gateway where possible. Requests should be proportionate, and comply with data minimisation rules. In general, requests should not be refused unless doing so is in line with public law principles, for example where there is a reasonable justification for the refusal. In such circumstances, the authority should explain its decision to the provider.

Where public authorities do decide to share information through the information gateway, they can charge fees to registered DVS providers to cover the cost of setting up, implementing and maintaining the necessary systems for sharing information.

OfDIA is working to develop and publish information for different actors in the ecosystem, to help them understand what the information gateway power is, and how different organisations may interact with the information gateway.

The statutory Code of Practice

Section 49 of the Act requires the Secretary of State to prepare and publish a Code of Practice about disclosure of information through the information gateway under section 45. The public authority must have regard to the Code of Practice when sharing information via the information gateway. OfDIA, acting on behalf of the Secretary of State, will prepare the Code of Practice for it to be laid before Parliament.

The information gateway power will be commenced once the Code of Practice has been approved by both Houses of Parliament which, subject to Parliamentary timings, we anticipate will happen later this year. We will publish updates on progress here on our blog.

Public authorities can share information in a variety of ways

The information gateway power does not dictate how information held by public authorities should be shared, and this is something each public authority will decide for themselves. When sharing personal data, as well as having regard to the Code of Practice, public authorities must also comply with data protection legislation.

It is likely that in the majority of cases, public authorities will be able to best and most cheaply fulfil a request for information by securely sharing attributes via APIs. This will minimise the amount of information shared by the public authority.

Some public authorities will make information available by developing a digital credential, like a digital driving licence.

Public authorities can offer both options in parallel – issuing a digital credential into the GOV.UK Wallet does not prevent a public authority also facilitating API checks of data they hold.

To share information, public authorities and registered DVS providers will enter into agreements

Some public authorities might choose to publish information about the information they hold and that is being made available using the information gateway powers, to make it easier for DVS providers to engage with them.

Once a DVS provider has established that a public authority holds information relevant for its service (or planned service) and is making it available using the information gateway powers, the registered DVS provider and public authority would then be expected to enter into a contract and data sharing agreement. These should set out, among other things:

  • the roles and responsibilities for all parties
  • the specific mechanisms and safeguards for data sharing
  • compliance with data protection legislation; and
  • any applicable fees payable by the DVS provider

Once agreed, the registered DVS provider can make information requests on behalf of the individuals using their services. Public authorities will need to consider those requests and decide whether to share information or not. This will include:

  • checking that the service of the DVS provider requesting the information is on the DVS register and that the individual has requested that service
  • considering whether the data is accurate for the relevant purpose
  • considering whether the data is in a format appropriate for sharing; and
  • determining what the public authority will charge the DVS provider.

Checking that a service is on the DVS register

We want information sharing under the information gateway to be as secure and robust as possible. That is why only services operated by providers that are registered on the DVS register can receive information via the information gateway.

To help public authorities check that a provider is genuine when they make a request via the information gateway, this year we will be enabling DVS providers to securely prove they are on the DVS register in real-time, through public key infrastructure. We will publish more information about our plans for this shortly.

Next steps

To drive use of the information gateway by registered DVS providers and public authorities, OfDIA is working to:

  • publish the Code of Practice
  • gather evidence on user needs for the information gateway, including conducting a survey of registered DVS providers to understand the demand for different data
  • develop guidance to help registered DVS providers and public authorities understand how they can use the information gateway
  • provide the new security features of the DVS register

It is our intention that this work makes it easier for registered DVS providers and public authorities to share information via the information gateway, to support our ultimate goal: efficient and authoritative digital verification of attributes across the economy.

Sharing and comments

Share this page

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.