A digital ID could be a good idea. This one isn’t.

What’s happening?

The Government has consulted on their plans to bring in a digital ID – a major overhaul of how we can identify ourselves and how data is shared across public services.

This proposal gets the fundamentals wrong, and the consequences could be serious.

Twenty years ago, Liberty helped defeat a Labour government’s plans for a national identity card. Now, a new Labour government has brought that old idea back, updated for the age of smartphones and surveillance.

You can read Liberty’s response to the consultation here.

What would a good digital ID system look like?

Liberty’s digital ID principles

For a digital ID system to be rights-respecting and safe, it must include the following features as minimum conditions:

• Voluntary, always – The law must prevent mission creep. Digital ID must never quietly become compulsory.
• Privacy is not a feature, it’s the foundation – The whole system is built around protecting your data from day one, which means no database linking and no tracking where and when we use digital ID.
• Clear purpose, hard limits – Digital ID must be for proving who you are in a privacy protected way – not for immigration, not for policing, and not for government surveillance. There must be limits on when you can be asked for digital ID.
• No digital ID? No problem – You must always have the right to choose a non-government provider or show a physical document instead.
• State-of-the-art security – It must be protected with the strongest cryptography and a decentralised design so there’s no honeypot for hackers.
• Open to scrutiny, accountable to you – It must be built with an open-source code which can be audited, overseen by a regulator with real teeth and independence, and with a complaint mechanism we can all use easily.

A digital ID system that does not meet these requirements must not be built.

What is the UK Government proposing on digital ID?

The Government has proposed three interconnected digital public infrastructure projects.

1. The digital ID itself, a digital credential, stored locally, that will include personal information including name, age, nationality, right-to-work, and a biometric photo.
2. A new right-to-work digital checking system that will record where those checks have been completed which can be audited by border enforcement.
3. A digital transformation project to connect different government data systems and give everyone a unique ID to be used across these systems.

The second and third aspects of this project undermine the theoretical good of the first. A digital ID designed to check right to work becomes a mechanism for extending the hostile environment. It is further undermined by the third project – a ‘radical rewiring of the state’ – and the introduction of a unique, persistent identifier that would follow us around our use of public services.

What are the main concerns with the Government’s plans for digital ID?

Surveillance by numbers

The consultation frames the unique persistent identifier as an administrative convenience and a way to make public services more efficient for us all. That sounds reasonable enough, but this glosses over the surveillance danger it creates.

Right now, different government departments hold different data about us, each collected for a specific purpose and subject to data protection laws about how it can be used.

A unique persistent identifier dissolves those separations. It creates a way for HMRC’s record of your income to connect to the NHS’s information about your health, to DWP’s records of your benefits, and the Home Office’s records of your immigration status to all be joined into a single, comprehensive profile. This would be a massive change in how the Government collects, stores, and shares our sensitive personal information.

This risk is compounded by the growing use of AI in public services, where detailed personal profiles could feed predictive systems. A persistent identifier could also enable discrimination by proxy, allowing protected characteristics like religion or ethnicity to be inferred from seemingly neutral linked data. This proposal would hand the state sweeping power over people’s personal information.

Phone home

The key difference between a digital ID and a physical ID is the ability to track where, when, and how a digital ID has been used. “Phone home” occurs when a digital credential is presented (in person or online) and the system sends a live check to the original issuer or a proxy to check it is valid. This allows authorities to track every instance in which an identity is used: where, when, and for what purpose. A national identity system with this capability would give the Government an unprecedented surveillance tool.

If, as the consultation proposes, digital ID is also used for age assurance online, this could extend to visibility of our online browsing and which websites we visit where we need our age checked.

Biometrics, policing, and the erosion of trust

The consultation proposes including a biometric photo in the digital ID and notes “there is a legal basis for police use of facial recognition, which may include access to biometric data held by government.” Biometric data is uniquely dangerous because it cannot be reissued if breached. You can change a password. You cannot change your face. Once a national biometric database exists, the question is not whether it will be breached, but when and what the consequences will be for every person in it.

Building on shaky foundations  

This entire system would be built on One Login, a government system that the National Cyber Security Centre warned in 2023 had “serious data protection failings” and “significant shortcomings”. Whistleblowers in the One Login team have since revealed that the system failed to meet mandatory government cybersecurity standards, and that in a red team exercise a remote attacker was able to introduce malware and access sensitive parts of the system without triggering a security alert.

Significant cyber incidents have increased by 50% from 2024 to 2025. In a world of geopolitical fracturing and rapidly improving AI capabilities, these risks are growing. Building a highly sensitive system on top of insecure foundations is a risk the Government should not be taking.

What’s next for digital ID?

Digital ID done right could put real power back in the hands of UK residents. But the proposal currently on the table does the opposite: it concentrates power in the hands of the state, extends the hostile environment, and builds surveillance infrastructure on insecure foundations.

Liberty will hold the Government to account and campaign to make sure digital ID is either human rights respecting or history.