Turbulence for U.K. Digital ID as It Faces the Usual Dilemma: Voluntary, "Voluntary," or Mandatory?

Following years of increasingly strict identity checks for those seeking employment, in September 2025, the U.K. government announced plans for a digital ID scheme. Upon announcement, the ID was made mandatory, used in order to prove the right to work in the country. However, this incited severe public backlash, with one of the most popular petitions in recent national history attracting millions of signatures. By January, the government’s position had softened with the ID now being indicated as voluntary, but subsequent insistence that those looking to work would face mandatory checks suggests that this may be an instance of voluntary in name, rather than nature.

The lack of clarity and consistency in the messaging around the project imperils it from the outset, particularly given the historical resistance in the United Kingdom to national ID schemes. While public opinion is always somewhat mixed on such initiatives, the United Kingdom is unusually reticent, with ongoing failed attempts to implement a national ID despite rollouts throughout the rest of the world, and particularly Western Europe. For industry players, the result is uncertainty, with a considerable risk that investing in providing such services could be met with future cancellation. Even if not overturned by a change in government or at least in government stance, vendors will find themselves as the interface between public services and a deeply troubled user base. Paired with difficulties around implementation of the Online Safety Act, identity providers in the United Kingdom will be on the back foot in terms of user trust—they cannot afford mistakes.

For those looking to implement schemes in other countries, there are key lessons to learn from the mistakes made in this instance.

• Failing to Account for Public Sentiment: The approach seems to betray an inherent lack of appreciation for just how delicate this initiative was in the first place. Understanding the audience is essential in getting early messaging right.
• Failing to Sell the Value: In this case, the proposed benefit of the scheme did not do enough to belie the perceived imposition, with an emphasis on policing, rather than increased convenience, security, or material benefit to the public.
• Failing to Commit: The initial “mandatory” position fell to apparently unexpected public backlash, but the subsequent approach also lacks a firm commitment to a realistically voluntary implementation, further weakening public trust and creating confusion.

 In fairness, this approach has been observed to be effective in other contexts as well. Despite attracting some criticisms, the similarly “voluntary” Aadhaar ID in India has virtually total penetration. An important factor in its success, which has yet to be significantly factored into the U.K. equivalent, is the super-aggregation of services. Aadhaar is integrated into the core technology stack in India to such a degree that it empowers electronic Know Your Customer (eKYC) for Subscriber Identity Module (SIM) acquisition, streamlines access to financial services, and provides digital signing. While the U.K. government has attempted a more universal approach with its GOV.UK one digital login; it severely lags behind the rest of the world in terms of single-ID access to multiple services. This is a critical point in selling the project to the public as anything approaching voluntary, though implementers will now face an uphill battle in terms of user sentiment.

For vendors, there are a few key points to address to rectify the situation:

• Effective Partnering: While currently pitched as focused on the right to work, the subsequent cross-use of the ID scheme is inevitable. While providing universal access to government services is a benefit to the public, it does not significantly help the sentiment of being “forced” to adopt the ID. Working closely with banks, fintechs, and other services to implement the consumer convenience selling point will help turn the tide—but it is essential in the current climate that ID vendors do not position themselves as the single functional route of access to these provisions. Vendors will need to position themselves firmly as the best option—and explicitly, emphatically, not the only option.
• Security Is More Critical than Ever: This is true globally, in all industries, but especially so given the utter fragility of this project to any reputational damage resulting from a breach. The security failures in implementing the Online Safety Act gave considerable weight to the backlash toward this project, providing more than sufficient cause for concern even for those not resistant to such a scheme in theory. Therefore, any future implementations here must be beyond reproach. Scrutiny from security experts will be very strong, so extremely rigorous testing and red-teaming will be a necessity before going live. Pre-launch collaboration with experts who will test the live product, either with or without a vendor agreement, will help prevent problems from arising.
• Shout About What You’re Doing: A combination of mixed degrees of public understanding and turbulent policy results in a confused climate. To avoid conflation with the failures of other schemes, it is critical to be repeatedly and explicitly clear about the scope of usage, and the separation of implementations from other similar projects. Clarity around security measures will help build trust, and it is possible that, especially early on, the usual transparency of security procedures should give way to reporting the measures taken on-screen during use. Explicit reporting of factors such as encryption standards, minimized data reporting, and receiving parties of shared data will mitigate the “black box” effect, which contributes to public concern.
• Maximize Choice: Wherever possible, returning agency to the end user is an essential step to rebuilding buy-in. Ensuring granular control of data sharing—enabling the sharing of specific portions of data that are not mandatory—with clear descriptions of benefits or hindrances entailed by the choice is a more laborious interface design task, but demonstrates respect for the customer, which seemed to be lacking thus far. While the initial emphasis in this corner of the market will be on government requirements and technical factors, the long-term commercial value in a world marching inevitably toward the super-app public-private partnered access point is hinged on public trust. While public services can elect to use whatever verification infrastructure they like, with at least some tolerance for negative public opinion if required, future private partners will be more reticent to link their reputation to a provider that has garnered mistrust among its customer base.