Digital identity is presented as an administrative solution to modern life, but the conversation has grown far beyond technology, convenience, or faster verification. This edition examines the European Union and United Kingdom approaches and asks whether digital ID systems are creating new forms of participation while simultaneously redefining the relationships among citizens, governments, and private institutions. Enthusiasm around efficiency often receives more attention than difficult questions about power, consent, exclusion, surveillance, and autonomy. Digital ID is increasingly becoming a constitutional issue disguised as a technical one, and the consequences deserve much closer scrutiny than current public discussions often allow.

Share

Newsletter Edition 96

The Honest Truth

The subject of digital identity (“Digital ID”) resonates with everyone because, at some point, we have all had to prove who we are, and we will eventually need to do so more often as public life and commerce migrate into electronic systems that demand confidence in our credentials.

We need to journey through the current state of digital ID in the European Union and the United Kingdom, as they are actively developing this infrastructure. Indeed, the subject is controversial because it sits at the junction of personal autonomy, privacy, government authority and commercial convenience, but it needs to be addressed objectively.

The European Union has spent years developing a framework for digital ID wallets that emphasises user control and cross‑border compatibility, while the United Kingdom is proposing a national digital ID scheme that has triggered a widespread public debate.

In this newsletter edition, we will look at the legal frameworks, the promises of convenience and efficiency, the technical and governance innovations such as zero‑knowledge proofs, and the deep concerns about surveillance and cultural acceptance.

European Union: The Right to a Digital Identity

The European Union laid the foundation for digital IDs with Regulation (EU) No 910/2014 on electronic identification and trust services, commonly referred to as the eIDAS Regulation. In April 2026, the Regulation was amended by Regulation (EU) 2024/1183, which created what is now known as the European Digital Identity Framework.

The legal framework establishes that everyone in the EU has the right to a digital identity under their sole control, enabling them to exercise their rights in the digital environment and participate in the digital economy. It also sets out the requirements for qualified trust service providers.

At the centre of this framework are the European Digital Identity Wallets.

These wallets allow natural (individuals) and legal persons (e.g., companies) to access services across Member States while ensuring the protection of personal data and privacy through secure digital identification.

This is an ambitious project on the surface. A common identity infrastructure that spans national boundaries, yet remains under the control of the individual, hopefully.

The official European Commission description of the Digital Identity Wallet emphasises its functionality.

The wallet is intended to enable users to access:

1. Online and offline public and private services,

2. Store and share digital documents, and

3. Create binding electronic signatures.

Member States are required to make wallets available to every citizen, resident and business by the end of 2026.

The European Commission lists numerous benefits of the digital ID wallet:

1. Easier access to services,

2. Better protection of personal data through selective disclosure,

3. Improved cybersecurity and enhanced fraud prevention.

It also indicates that everyone should always control their digital identity, and that the wallet is the means to do so. Citizens should be able to carry their digital identity with them across the EU, seamlessly crossing borders without losing control of their data.

These statements go beyond marketing and echo a European commitment to fundamental rights, data protection and interoperability.

From a legal perspective, the digital identity wallet is not a database, but a technical tool built upon principles of data minimisation and user consent.

It is important to appreciate the architecture of this system.

The wallet must support functions such as authentication, storage, selective sharing and digital signing.

This means that a user can store everything from a train ticket to a university degree certificate, share only the necessary attributes with a relying party, and provide legally binding electronic signatures.

The European Commission lists practical use cases:

1. Applying for passports or driving licences,

2. Opening bank accounts,

3. Registering SIM cards,

4. Signing contracts,

5. Claiming medical prescriptions, and

6. Carrying digital versions of travel documents.

These examples clearly show how deeply integrated the digital ID wallet is intended to become in everyday life.

The European Commission also links the digital ID wallet to other trust services such as eSignatures, eTimestamps, eSeals and qualified website authentication certificates, which are already recognised across the EU.

Each of these services reduces friction in transactions and increases security, but they also normalise the requirement to prove identity or attributes at every turn.

Implementing Acts and Technical Specifications

The EU legal framework provides high‑level requirements, but the technical details are being fleshed out through implementing acts.

These acts specify standardised rules, procedures and technical specifications. The European Commission publicly consults on these acts, emphasising transparency and allowing stakeholders to influence the design.

The Architecture and Reference Framework (ARF) sets out standards, protocols and formats for information exchange and includes an open‑source reference implementation. This ensures that Member States and service providers can build wallets that are interoperable and secure.

The ARF uses cryptographic techniques to support selective disclosure and verifiable credentials, and it accommodates future additions such as payment functionality and age verification.

One of the most innovative features being discussed is the adoption of zero‑knowledge proofs in age verification.

The European Commission advocates an anonymous age verification application that is compatible with the European Digital Identity Wallet and uses zero‑knowledge proofs.

In this model, the user does not share their date of birth with a service provider but instead provides a cryptographic proof that they fall within a certain age range.

The European Commission claims the app is completely anonymous, works on any device and is fully open source.

Critics have pointed out vulnerabilities in zero‑knowledge implementations, but the concept represents a significant attempt to reconcile privacy with regulatory compliance.

It illustrates how digital identity technology can both protect confidentiality and yet increase the prevalence of identity checks by making them easier to implement.

UK Digital Identity: The BritCard and the National Digital ID Scheme

While the EU has opted for a wallet model emphasising user control and voluntary adoption, the UK has taken a different path.

In March 2026, the UK government published a digital ID scheme explainer that describes a national digital ID stored securely on your phone.

The document says that the UK digital ID will simplify access to UK government services and private sector applications, and it will be free to download.

Employers will be required to use it as evidence of the right to work.

The roll‑out is expected to be complete by the end of this parliament.

The government promised that the police will not be able to demand to see your digital ID as part of a stop and search.

However, right‑to‑work checks and right‑to‑rent checks will become legally dependent upon the digital ID.

Unlike the EU wallet, the UK system is framed as a mandatory credential for “certain purposes”.

The explainer lists the data that will be held:

1. Name,

2. Date of birth,

3. Nationality or residency status, and

4. A photograph.

Additional information such as address may be considered.

The UK government asserts that the digital ID will improve access to public services, reduce identity fraud and toughen employment checks.

It will also streamline verification processes when opening bank accounts or proving age.

Essentially, the scheme aims to make it easier to prove identity by consolidating credentials in one secure place, increase efficiency by enabling instant verification, reduce wait times for processing and allow easy updating of personal information.

The explainer shows that the system will use state‑of‑the‑art encryption and authentication technologies, storing credentials directly on the user’s device.

User control is described as central: sharing of information should be initiated by the user and the UK government pledges transparency about with whom information is shared.

The explainer also notes that millions of people in the UK lack traditional proofs of identity and that digital ID could reduce exclusion. Assistive technologies such as screen readers, voice commands and biometrics are promised to ensure accessibility.

Unlike the EU wallet, the UK digital ID is presented as a tool for immigration enforcement. The UK government states that it will be a legal requirement for employers to check a digital ID to confirm a worker’s right to work.

Only UK citizens and legal residents will be able to obtain a digital ID, thus excluding undocumented migrants from lawful employment.

The UK government frames this as a deterrent to illegal immigration. The intention to use digital IDs as an instrument of immigration control has contributed to a heated public debate and significant backlash.

The Data (Use and Access) Act and Trust Framework

Behind the scenes, the UK government is building the legal and technical infrastructure to support digital identity through the Data (Use and Access) Act 2025.

Part 2 of the Act entered into force on 1 December 2025, giving statutory footing to the UK digital identity and attributes trust framework (UKDIATF).

The trust framework sets out requirements for digital verification services (DVS) providers and includes supplementary codes and supporting documents.

In March 2026, the government released a pre‑release version of the UK digital verification services trust framework (version 1.0), along with new supplementary codes and supporting documents.

The pre‑release does not yet carry legal effect, but signals the first amendments to the UKDIATF since it became statutory.

The Office for Digital Identities and Attributes will accredit conformity assessment bodies to assess providers before full publication later in the year, and providers must comply with the existing Gamma version of the UKDIATF until 31 March 2026.

The pre‑release introduces several wholesale changes. Providers certified against version 1.0 will be able to use the new UK CertifID trust mark.

The terminology has been updated: the framework is now called the “UK digital verification services trust framework”.

New rules require holder service providers to share metadata about identities and authentication methods with relying parties. The first dedicated rules for orchestration service providers have been released, obliging them to confirm whether the services they orchestrate are on the DVS register.

Providers must assess the risk posed by other providers losing certification.

Supporting documents are now version‑controlled and include guidance on delegated authority and vouching evidence. A new optional data schema has been introduced. All DVS providers must comply with inclusion and accessibility rules.

These changes may seem technical, but they reflect a maturing regulatory environment in the UK. The UK is moving from a non‑statutory trust framework to a statutory one, establishing accreditation mechanisms and codifying roles.

It is also preparing a public consultation on key issues such as, at what age individuals should get a digital ID, what information the ID should include, which government services should be priority use cases, and how to address obstacles such as digital literacy.

Notably, the consultation is structured in two phases and involves a randomly selected group of 100–120 public participants to ensure broad engagement. This approach acknowledges negative public sentiment and seeks to build legitimacy through deliberative processes.

Criticisms and Privacy Concerns

Digital ID systems promise convenience and security, but they also raise profound questions about privacy, autonomy and social control. Age verification mandates and digital trust technologies can be dangerous.

A coalition of 438 security and privacy scientists described large‑scale access control mechanisms without understanding their implications as socially unacceptable.

The European Digital Rights organisation has criticised age verification schemes for limiting young people’s rights and excluding large portions of the population while lacking effectiveness.

These criticisms extend to the digital identity wallets and age verification apps being promoted by the European Commission.

Although zero‑knowledge proofs preserve data confidentiality by proving an attribute without revealing underlying information, they can normalise constant demands for proof.

The easier it becomes for relying parties to request proofs, the more often individuals may be asked to demonstrate attributes. In this vision of the future mobile phones become keys to digital and physical spaces, reminiscent of Covid‑19 health certificates. This raises concerns about social stratification and the potential for peer policing.

A London School of Economics’ EUROPP blogpost has drawn a stark contrast between the EU’s digital wallet and the UK’s proposed BritCard.

The EU wallet is a user‑controlled data management tool that allows citizens to store credentials and share only the minimum necessary information. By contrast, the BritCard is framed as a single government‑issued credential mandatory for employment verification and immigration control.

This difference matters because citizen acceptance depends on perceived voluntariness and control. The blogpost points to the SOTERIA project, a 2024 pilot that tested a privacy‑first digital wallet with 6,500 citizens in Austria, Romania and Spain.

SOTERIA’s wallet employed selective disclosure, secured storage and high‑level identification.

Despite strong technical credentials, the results were mixed. Spanish participants in a mandatory e‑health pilot showed increased privacy control and intention to use the wallet, while Romanian participants in a voluntary e‑exam scenario reported increased perceived risks and decreased intention. Austrian participants emphasised security perception as critical.

A low number of participants would voluntarily store personal data, but more than sixty percent indicated they would reuse the tool after experiencing it once.

This suggests that initial adoption barriers may be overcome through positive experiences but that context and culture matter.

The same blogpost highlights that the UK government appears to be ignoring lessons from SOTERIA and is instead implementing a mandatory, top‑down system driven by immigration politics.

It goes further to argues that privacy by design is essential and that user control cannot be meaningful if the system is mandatory.

Security experts warn that digital IDs could become a honeypot for cybercriminals, which raises fundamental questions about the business model.

Digital identity infrastructure must be funded by someone, whether through government budgets, service provider fees or citizen payments. Each model has privacy implications because it creates an incentive to track transactions.

Following backlash, the UK has now decided not to make the digital ID system mandatory and government funded, raising concerns about surveillance and fiscal sustainability.

Europe’s more principled approach preserves the possibility of privacy‑respecting implementation, but struggles with sustainable funding. Cultural context is also significant. Britain abolished identity cards after the Second World War and has a history of resistance to national IDs. Requiring a one‑size‑fits‑all digital ID on a population historically hostile to such schemes risks failure.

Some Reflections: Identity, Power and Autonomy

Behind the technical and legal discussions lies a deeper philosophical question: what does it mean to have a digital ID?

The concept of identity has always been relational and contextual. A passport or driver’s licence does not create a person’s identity; it is a credential recognised by institutions.

In the digital realm, the same logic applies, but the possibilities for surveillance and control are vastly expanded.

A digital wallet that stores everything from educational qualifications to health data can empower individuals to prove attributes easily, yet it can also create a map of a person’s life that is accessible to whoever controls the infrastructure.

One can see these differences as manifestations of different political cultures: one rooted in rights‑based constitutionalism, the other in administrative pragmatism and law enforcement.

The adoption of zero‑knowledge proofs touches upon another emerging issue, i.e., trust.

The promise of zero‑knowledge proofs is that we can trust each other without revealing secrets. At the same time, these mechanisms make it trivial to request proofs for every interaction, which can erode trust by creating an expectation of constant verification.

Leave a comment

Paradoxically, technologies designed to enhance privacy can enable more pervasive control. This tension requires careful governance. It also raises questions about the role of private companies that provide the e-infrastructure or verification services.

In Europe, the emphasis on open standards and public consultation reflects a desire to democratise the design of digital ID systems. The UK consultation likewise attempts to involve citizens, but the nature of the scheme and its association with immigration enforcement may undermine trust.

Identity is also about belonging. In a multicultural union such as the EU, a digital wallet can symbolically unite citizens by providing a standardised credential that works across borders. This fosters a sense of European citizenship.

In the UK, the digital ID is explicitly used to exclude those who are deemed to have no right to work. This highlights how identity documents can be used both to include and to exclude.

The challenge is to design systems that recognise individuality and autonomy while preventing exclusion and discrimination.

The EU’s insistence that digital identity is a right, not an obligation, reflects this aspiration.

Whether Member States will implement this in a way that respects cultural differences and local norms remains to be seen.

Table: Comparing EU and UK Digital Identity Frameworks

The table illustrates the fundamental differences between the EU and UK approaches.

The EU emphasises decentralisation, selective disclosure and voluntary use. The UK proposes a centralised credential that is mandatory for employment, raising concerns about consent and surveillance.

Both systems rely on legislation and technical standards, but they embed different assumptions about identity and governance.

Myths, Mysteries or Monstrosities?

Throughout debates about digital identity, we encounter myths. One myth is that digital identification is purely a technical matter. In reality it is profoundly political and social. Technology choices embed values. The decision to use zero‑knowledge proofs, for example, establishes a commitment to data minimisation, but the absence of an obligation to use such proofs in the EU’s eIDAS 2.0 regulation suggests that not all Member States are ready to commit.

Another myth is that digital ID will automatically reduce fraud and improve efficiency. It might do so, but it also increases the attack surface for cybercriminals and may centralise valuable data.

A third myth is that government funding eliminates the need to think about business models. Funding mechanisms can create incentives for data monetisation.

The mystery lies in how these systems will evolve once deployed. Will voluntary EU wallets become ubiquitous, or will they coexist with national e‑ID schemes?

Will the UK’s digital ID foster trust or provoke resistance? These questions cannot be answered definitively, but we can examine early signals.

The EU’s emphasis on consultation and iterative design suggests flexibility. The UK’s focus on enforcement may face cultural headwinds.

You will be within your rights to consider the UK’s digital ID roll-out as a monstrosity because they conjure images of total surveillance or dystopian control. Such language is understandable given the stakes.

However, it is more constructive to recognise that digital identity is a tool. Like any tool, it can be used to empower or to control. Its impact depends on legal safeguards, technical design, cultural acceptance and political accountability.

Monstrosity arises not from the technology itself, but from the imbalance of power it can facilitate.

A mandatory ID tied to employment and immigration status without robust privacy protections can become a mechanism of exclusion.

An optional wallet with granular consent can enhance convenience and autonomy. The challenge is to design and govern digital identity in a way that respects individual rights, supports social cohesion and fosters innovation.

As we stand at this inflection point, it is imperative to engage critically and philosophically with digital identity.

We must consider how these systems affect autonomy, equality, trust and belonging.

We must ask how they interact with cultural histories and political priorities.

We must also recognise that technology alone cannot resolve the dilemmas of identity; governance, accountability and public deliberation are essential.

Our hope is that this exploration will encourage you to think deeply about digital identity, to engage with the consultations and debates, and to demand systems that enhance rather than diminish our collective freedoms.

Only through informed and thoughtful participation can we ensure that the mysteries and myths around digital ID do not become monstrosities.

What are your thoughts about the imminent roll-out of digital IDs in the EU and UK? Please share your thoughts in the comment section.

Leave a comment

Share this newsletter