https://enablingdigitalidentity.blog.gov.uk/2026/07/13/digital-verification-at-scale-our-keynotes-at-the-european-identity-conference-and-identity-week-europe/

Digital verification at scale: our keynotes at the European Identity Conference and Identity Week Europe

Posted by: , Posted on: - Categories: Digital identity

Over the past month or so, the OfDIA team has attended some digital identity industry events abroad – the European Identity and Cloud Conference, in Berlin, and Identity Week Europe, in Amsterdam – to share updates on the UK’s approach to enabling the use of digital identity across the economy. These events are aimed at people building digital verification services, working in the international standards landscape, and that are more widely interested in the field.

These events are really useful for us. We get to meet dozens of organisations and thought leaders to learn about what they are doing in the field and across Europe. We also get to take a step back and think about how we explain what we’re doing.

Not everyone gets the opportunity to attend industry events like this, and we think it’s important that the stories we tell about our work are accessible to everyone in the industry. So, in this blog post, I’ve written up the presentation I gave to both events.

A presentation delivered in a room is, of course, a bit different from writing a blog post. What follows has been edited a little to account for the different format.

A note on the Government’s new national digital ID

As set out at the start of the presentation, the government is consulting on introducing a new, national digital ID. The new digital ID is being designed to remove barriers to public services and beyond – making them more convenient, secure, and inclusive, while giving you greater control over your data.

This speech followed the consultation closing to the public on 5 May, and the conclusion of the People’s Panel on digital ID.

The results of the consultation process are now being considered and the Government will respond later in the year.

The UK’s approach to delivering trusted digital identity at scale

Whether they are built by the government or by the private sector, the services we use to prove things about ourselves need to be trusted or they aren’t useful.

That’s why, in the UK, we have been supporting the development of an ecosystem of digital verification services that people can trust, that they can use anywhere in the economy, and that gives people a choice about which identity services they use.

In this presentation, I’m going to start by explaining what the UK government has been doing in recent years to build trust in digital verification services.

Then, I’ll share what that looks like in practice, focusing on a specific case study of age verification for alcohol purchases

Finally, I’ll talk a little about what’s coming next.

Trust is central to what we are doing to enable the use of digital identity across the UK economy.

Especially now, as the government is consulting on introducing a new form of digital ID credential. The aim is to introduce this new digital ID before the end of this Parliament – so by 2029.

It will not be mandatory to have one, but it will be free to get one.

Our intention is to use it to make access to public services easier, faster and more secure.

The new, national digital ID is being developed to support adoption across the private sector too. We hope that it will make our digital verification services ecosystem more inclusive, by enabling more people to get a digital identity if they want one.

The new, national digital ID will build on the success we have had developing GOV.UK One Login, which we use to prove who we are and get access to public services that are available on the government’s single domain: GOV.UK.

It will also build on work to introduce a government wallet.

Last year, we issued digital Veteran Cards into the GOV.UK Wallet, and we've recently completed a successful “friends and family trial” for issuing digital Driving Licences for the first time in the UK.

GOV.UK One Login and Wallet are part of a wider, hybrid ecosystem of services built in the public and private sector.

The national digital ID will also be a part of this ecosystem, and is being designed to complement, not compete with, digital verification service offerings in the private sector.

This ecosystem approach has been chosen to:

  • encourage innovation
  • help drive adoption
  • build resilience
  • support inclusion, and
  • grow a whole new part of the UK’s tech sector

To trust an ecosystem of services, and to unlock the benefits of digital identity at scale, we believe you need common standards and independent assurance, and you need to underpin that with legislation.

Getting that right will create an interoperable ecosystem which is secure, privacy preserving, inclusive and gives users choice about how they prove things about themselves.

So we’ve created common standards.

The UK digital verification services trust framework is a technology-agnostic set of rules that promotes privacy, security, transparency, inclusivity and interoperability.

These rules leave space for an ecosystem to innovate inside a common framework, whilst setting a consistent floor for the quality of digital identity in the UK.

So we have rules, but how do we know people are following those rules?

The UK has an independent assurance process. Service providers can use it to prove they follow the rules in the trust framework.

Through that process, services and service providers are independently assessed by third-party conformity assessment bodies, using a certification scheme developed by the Office for Digital Identities and Attributes.

This process is operational today.

Two conformity assessment bodies are authorised to certify services against the trust framework: BSI and Kantara Initiative.

The UK’s statutory, national accreditation body – the UK Accreditation Service – ensures the rules we’ve written align to international standards, and they check that conformity assessment bodies are implementing them consistently.

The conformity assessment approach we have taken isn’t based on a specific technology standard.

There are many technical standards that can be used to meet the rules in the trust framework. In fact, we’re encouraging the market to innovate on that.

We haven’t defined or adopted a specific technology because we don’t think technical conformance is enough to build trust in digital identity. Trust in digital identity is not purely about the technology; and just because the technology works, doesn’t mean you should trust it.

We need to have confidence in the whole process, not just the technology.

So we’ve chosen a products, services and processes standard as the basis for the UK system: ISO/IEC 17065:2012.

We’ve done that because digital identities are only as strong as the services that sit around them, the processes that underpin them, and the organisations that operate them. Without confidence in the service and the service provider, we can’t have confidence in anything it produces.

To help people understand whether a service can be trusted, we’ve created a government register.

The use of registers in the digital identity field isn’t new. Countries and organisations around the world use registers to secure things like verifiable credentials.

We are extending that same concept to the services that create, store, verify or enable the use of digital identities.

Today the register is a set of web pages. We are in the process of enabling public key infrastructure as part of this register. This infrastructure will enable anyone to check, at the point of transaction, whether a service is trusted in the UK and whether its outputs can be relied upon.

No personal data goes to or from the register; it only confirms that a service being used is genuine, and what that service is certified and registered as being able to do.

From September, services will also start to be granted a new government-backed trust mark, called UK CertifID.

This will be a visible indication to users and relying parties in the UK that a service meets the standards set by government.

This entire regime has now been given a basis in UK law.

The assurance process is based on the trust framework. That trust framework, the register and the trust mark are all underpinned by the UK’s Data (Use and Access) Act.

That means it can act as the trust anchor for the UK’s ecosystem. It means we can start to point the UK’s wider legal framework at this regime as the basis for trust in digital identity.

That makes it possible to unlock new use cases for digital identity across the economy.

As one example, later this year, and because we have our trust architecture in place, you’ll be able to use a digital identity to prove your age to buy alcohol in pubs, restaurants or shops.

When it’s more widely available, you will be able to use GOV.UK Wallet as one way to do this. GOV.UK Wallet will contain things like your digital Driving Licence and, in time, the national digital ID. Those digital credentials will have your date of birth, so it’s our plan to enable people to use them to prove their age just like they would with a physical version.

Just like with the physical equivalents, you don’t have to use a government-issued ID to prove your age. In the physical world, you can use something like a PASS Card to prove you’re over 18. In the digital space, you will also be able to use a service and a credential from DVS providers in private sector.

Services like Yoti, Luciditi, and others on the government’s DVS register will be able to be used to prove age provided they meet the requirements, as is also going to be the case for the GOV.UK Wallet.

These apps create proofs of age based on physical documents you might already have, or based on data from digital sources. They then secure them on your device, and you unlock and use them with biometric authentication.

Retailers will be able to use a digital verification service to programmatically verify that these credentials are real and they belong to the person presenting them. Importantly, the retailer will only receive the information they need to complete the transaction: that you are old enough and that you are who you say you are.

And of course it would be really annoying if you needed separate digital identities in every shop.

But we’ve thought about that in the design of our trust architecture. Many of these services are aligning to international standards, so they will technically interoperate.

Importantly, whether they’re private sector providers, or the GOV.UK Wallet, all of these services will have the same trust anchors and equivalent legal validity when the alcohol purchasing regulations change this year.

This means relying parties will be able to use any registered digital verification service for proof of age, provided the relevant conditions in the regulatory requirements are met.

This works because both ends of these transactions – the wallet on the user’s device and the service used by the retailer to programatically check the user’s proof of age – are rooted in our trust architecture.

I’m going to break this down a little bit more. I’ve used a service from Yoti as an illustrative example, but the principles will apply to any future DVS and also to the forthcoming digital ID.

There are actually three services involved here.

  1. a verifier – a service that we call an ‘orchestration service’ in the trust framework, and that is used by the retailer to check that a digital identity is genuine and meets their regulatory requirement
  2. an identity service – which can be used to create a digital proof of age that can be stored and, in some cases, can be reused
  3. a wallet – or a ‘holder service’ in the trust framework – into which the digital proof of age can be stored and from which it can be presented

All three of these services are on the UK’s Digital Verification Services register. That’s the statutory register that we – in OfDIA – maintain under the Data (Use and Access) Act 2025.

These services will need to appear on that register for the alcohol purchasing use case. If they aren’t on that register, they won’t be legally acceptable to buy alcohol.

To get onto the register, services must have been independently certified against the trust framework.

In this case, the DVS that is being used by the customer – for example, their digital wallet – must contain a digital proof of age that has been have verified to a “Medium” level of confidence under the trust framework, and the service(s) used for that verification must be on the DVS register.

The DVS acting on behalf of the retailer must then only accept proofs of age produced by registered DVS that are “Medium” or better, and the retailer and the DVS acting on their behalf need to have an agreement in place – like a contract – to ensure that it is the case.

The conformity assessment process that services go through can confirm that the services are doing the right things to confirm that the person is who they say they are and that they are old enough.

The DVS register has public records of what a service is certified for, so it can provide confidence that a service is capable of providing “Medium” confidence identities and attributes

As the register has legal status, we can now point UK regulations at the register, and it can become a central trust anchor for whether a digital service is “good enough” for this use case.

All of that means it will be possible to use a digital identity to buy a pint when the regulations are updated later this year.

These services have been evaluated through conformity assessment, and they appear on our public register, so we can have confidence in the outputs they provide.

This model means we can move away from needing specific physical documents to do specific things. We don’t need to place our trust in specific documents; we can place our trust in services and the quality of the data they can present – wherever that data comes from.

This trust architecture will mean an end to handing over pieces of plastic to prove your age in a pub, exposing some of your most personal data to complete strangers.

A whole ecosystem of services will make that possible. We’re hugely excited and grateful that dozens of private sector organisations are investing in the DVS sector; creating jobs and economic growth in the UK.

So that’s one example of how the digital verification services ecosystem is be enabled by the UK’s trust architecture.

Alcohol purchases are just the start.

More than 60 public and private sector digital verification services from more than 40 providers are certified against the UK trust framework; and they all appear on the UK’s register.

They’re providing a range of services, from business-to-business component services that form part of the digital supply chain, to end-user facing wallets and verifiers like those demonstrated here.

It’s an industry that is already generating around £2 billion of revenue in the UK, adding around £1 billion of GVA to the economy, and underpinning around 10,000 jobs.

We want to make sure that sector grows, so it can be used to grow the economy more widely through the delivery of better, more efficient and effective services.

Growing the sector means we need to continue to open up new use cases; so that’s what we’re doing.

In February we published guidance on the use of digital identity to comply with anti-money laundering requirements.

This guidance makes the use of services on the government’s register the preferred method of checking identity to comply with the regulations.

That unlocks their use in more than a dozen new sectors of the economy, including financial services, gambling and high-value art sales.

We’re enabling age verification use cases.

The government will be making regulations for alcohol use cases this year, but we’re also investigating how we can build on this for other age verification use cases.

We hope we’ll be able to enable new use cases much faster now, because our trust architecture is in place. All of that will help drive adoption and help the sector to grow.

This year we are also commencing a new legal power, under the Data (Use and Access) Act 2025, that will enable public authorities to share information about individuals with registered digital verification services where certain conditions are met. This includes the individual having to have requested the specific services being delivered, with an understanding of what information may be needed to do this.

This new legal power was designed to support market growth, in an inclusive way, helping to enable more people to access the benefits of using a digital identity whilst retaining control of how their data is used.

In this presentation, I’ve:

  1. explained the UK’s trust architecture, and how we’re using standards, assurance and governance to build an ecosystem of trusted systems
  2. stepped through what that ecosystem looks like in practice – focused on the alcohol purchasing use case, and
  3. spoken about some of our plans for the future.

It’s an exciting time to be working in digital identity in the UK. With our trust framework, we think we have the basis to make things simpler and faster for UK citizens and businesses, and to enable the UK digital verification services sector to innovate and grow.

Sharing and comments

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.