The UK digital identity and attributes trust framework

The UK government has been through a consultation process to make recommendations about how digital identities could be offered to citizens and how that could be controlled. Here's a brief explanation of The UK digital identity and attributes trust framework, and what's changed in the most recent version.

What is the UK Digital Identity and Attributes Trust Framework?

It’s becoming increasingly difficult not to have a digital identity in society today, and it’s likely to become even more important as we transition to a digital-first economy. The average UK citizen might be asked to verify their identity several times a day, whether that's because they are accessing a service online, buying a pint in the pub, or purchasing a new high-ticket item, like a car. 

However, UK citizens are not currently required by law to carry any form of ID and, of course, not everyone has a passport or driving licence. Plus, when you are dealing with physical documents there is a danger of them being stolen or falsified, and their loss can lead to distress, fraud and identity theft. So, there are advantages of convenience, security and control associated with having a digital ID.

The UK government decided against the idea of a national identity card, instead offering people a choice over whether to create a digital identity or not. The scheme would be open to anyone, including those without traditional identity documents like a passport. 

There has been a thorough and robust consultation process around this question of creating digital identities, which involved the department for digital, culture, media, and sport, and the cabinet office. Since that consultation concluded, the government has created a set of guidelines to demonstrate what a ‘good’ digital identity should look like. 

Essentially, a digital identity is a body of information about an individual or an organisation that exists online. That's it.

A digital identity might be created for a one-off transaction or one user might have different digital identities for different transactions. Other digital identities might be used again and again. 

The advantage of a digital identity is that people or users of a solution/service will no longer have to go offline or use physical documents to interact with organisations. This should save time and money, while reducing the threat of fraud and minimising the risk of data processing errors. 

The government hopes the framework will provide clear standards to protect digital citizens from fraud, as well as removing legislative and regulatory barriers to the use of secure digital identities. 

The alpha version of the framework was published in February 2021 and an updated version was released in September 2021. The full framework will go live when all legislative and governance measures are implemented and real-world testing has taken place. But, what's in the framework now, and what's different in this recent updated version?

Key points of the framework

The framework is a set of rules for organisations to follow in order to provide secure and trustworthy digital identity solutions. It aims to make it easier and more secure for UK citizens to prove they are who they say they are.

The framework uses the term “attributes” to talk about bits of information that describe something about a person or an organisation. These attributes combine to form a digital identity and could be related to physical or digital documents, devices, credentials or health conditions - for example, a bank account number, national insurance number or Companies House number. The point is, it is a combination of attributes designed to be unique and difficult to replicate. 

Organisations using the framework to offer digital identity solutions can participate alone or as part of a scheme with other organisations, which opens the way for a new trust utility online. 

What's changed in the latest version of the framework?

Changes to the latest version of the framework include an updated privacy section, which clarifies data protection legislation relationships and identifies where additional protections are in place. 

One of the key changes is around certification. The framework is appointing the UK Accreditation Service (UKAS) to accredit those organisations managing the certification process. 

The new version of the framework also considers the potential for introducing a “trust mark” for companies to demonstrate their conformity with the framework. The trust mark could become a differentiator for firms. 

What the framework means for financial services 

Digital trust and security are key to the success of modern banking. Open banking for instance is predicted to grow at an annual rate of 50%, from around 25 million users worldwide to more than 132 million users by 2024. Open banking relies on good data sharing and even better security. It also relies on a seamless user experience, with as few sticking points as possible, including during the Know Your Customer (KYC) or onboarding phase when identity verification is crucial. 

Digital identities need to be scalable and agile to cope with the constantly changing technological and financial landscapes. The idea is that an attributes-based digital identification will help with this, as it works on multiple points of information about a person, rather than just one. 

The framework will also help financial services with its work on anti-money laundering, as it will be arguably more straightforward to uncover the identities of ultimate business owners (UBOs) and other stakeholders. 

Outcomes of the framework

The intended outcomes of the framework that it provides:

  • Easier access to provisions (i.e. goods and services) for citizens;
  • Greater efficiency when it comes to identification;
  • And greater reassurance for users. 

For industries like banking and finance, many have argued that the lack of a digital identity has held certain innovations back, like the Pensions Dashboard Programme, which would allow users to access their pension information securely online. 

There has, however, been some pushback from UK citizens about a digital identity programme - the privacy of individuals and data protection being two major reservations. There are some interesting, niche instances of people who have been able to keep their identities completely off the internet, including Jonathan Hirshon, as (not) seen in this article published by the BBC. But most people understand their identities have been shared online - through social media, work and other online activity.

The pandemic also truly highlighted the usefulness of a digital identity scheme as suddenly all of live transitioned online. Covid caused a sea change in how we acted and shared data online, and it caused attitudes to change too as people become digital-natives.

Get in touch

RegTech solutions, like PassFort’s, specialise in linking distinct data, held in multiple systems, together to create a single source of truth about a customer or an organisation. This is so regulated firms can verify identities and comply with anti-money laundering regulation.

Please get in touch any time to discuss how you verify digital identities throughout customer onboarding and during ongoing monitoring. You can email info@passfort.com for more information or to start a conversation.