The UK digital identity and attributes trust framework

Blog

The UK digital identity and attributes trust framework



The UK government has been through a consultation process to make recommendations about a digital identity and attributes trust framework and how digital identities could be offered to citizens. Here's a brief explanation of what it is, how it could work, and what changed through its iteration.




What is the UK Digital Identity and Attributes Trust Framework?‍

Essentially, a digital identity is a body of information about an individual or organization that exists online. A digital identity might be created for a one-off transaction, or one user might have different digital identities for different types of transaction.

The digital identity framework is a set of rules for organizations to follow to provide secure and trustworthy digital identity solutions. It aims to make it easier and more secure for UK citizens to prove they are who they say they are.

The framework uses the term “attributes” to talk about bits of information that describe something about a person or an organization. These attributes combine to form a digital identity and could be related to physical or digital documents, devices, credentials, or health conditions - for example, combining a bank account number, national insurance number, and/or Companies House number. The point is it is a combination of attributes designed to be unique and difficult to replicate. 

Organizations using the framework to offer digital identity solutions would be able to participate alone or as part of a scheme with other organizations - opening the way for a new trust utility online. ‍




What changed in recent iterations of the framework?‍

Changes to the framework include an updated privacy section, which clarifies data protection legislation relationships and identifies where additional protections need to be in place. 

One of the key changes is around certification. The framework is appointing the UK Accreditation Service (UKAS) to accredit those organizations managing the certification process. 

The new version of the framework also considers the potential for introducing a “trust mark” for companies to demonstrate conformity. The trust mark could become a differentiator for firms. ‍

The government hopes the framework will provide clear standards to protect digital citizens from fraud, as well as removing legislative and regulatory barriers to the use of secure digital identities.




Why would we need a digital identity?

It’s becoming increasingly difficult not to have a digital identity in society, and it’s likely to become even more important as we transition further into a digital-first economy. The average UK citizen might be asked to verify their identity several times a day, whether that's because they are accessing a service online, buying a coffee, or purchasing a high-ticket item, like a car. 

However, UK citizens are not currently required by law to carry any form of ID and, of course, not everyone has a passport or driving license. Plus, when you are dealing with physical documents there is a danger of them being stolen or falsified, and their loss can lead to distress, fraud, and identity theft. So, there are advantages of convenience, security, and control associated with having a digital ID.

The UK government decided against the idea of a national identity card, instead, offering people a choice over whether to create a digital identity or not. The scheme would be open to anyone, including those without traditional identity documents like a passport. 

The advantage of a digital identity is that people or users of a solution/service would no longer have to go offline or use physical documents to interact with organizations. This could save time and money, while reducing the threat of fraud and minimizing the risk of data processing errors. 

There has been a thorough consultation process around this question of creating digital identities, which involved the department for digital, culture, media, and sport, and the cabinet office. Since that consultation, the UK government created a set of guidelines to demonstrate what a “good” digital identity could look like. 

The alpha version of the framework was published in February 2021 and an updated version was released in September 2021. The full framework would go live if all legislative and governance measures are implemented, and real-world testing has taken place.




Outcomes of the framework‍

The intended outcomes of the framework are that it provides:

  • Easier access to provisions (i.e., goods and services) for citizens.
  • Greater efficiency when it comes to identification.
  • And greater reassurance for users. 

For industries - like banking, financial services, and fintech – it is also hoped the framework could further fuel growth and innovation.




What the framework could mean for financial services ‍

Digital trust and security are key to the success of modern financial services. Open banking for instance is predicted to grow at an annual rate of 50%, from around 25 million users worldwide to more than 132 million users by 2024. Open banking relies on good data sharing and even better security. It also relies on seamless user experiences with as few sticking points as possible, including during the know your customer (KYC) process, when identity verification is crucial. 

Digital identities need to be scalable and agile to cope with the constantly changing technological, regulatory, and financial landscapes. The idea is that attributes-based digital identification could help, as it works on multiple points of information about a person rather than just one, simplifying KYC due diligence. And the framework could for example help work on anti-money laundering, as it would arguably be more straightforward to uncover the identities of ultimate business owners (UBOs) and other corporate stakeholders. ‍




Get in touch

Moody’s Analytics Know Your Customer (KYC) is transforming risk and compliance, creating a world where risk is understood so decisions can be made with confidence.

Our customers build their own risk and compliance ecosystem using our workflow orchestration platform, leading datasets, analytical insights, and integrations with global providers to create flexible solutions to onboard customers at scale.

Harnessing our innovative technology and industry expertise, Moody’s Analytics automates accurate screening and swift onboarding of customers and third-parties. We continue our support throughout the customer lifecycle by enabling perpetual monitoring of risk across global business networks in near real-time. 

Get in touch to talk about your KYC program – we would love to hear from you.