-optimized.jpg){kind=avatar}
Digital ID will only succeed if trust is built in from the start, says Gonzalo Alonso, CEO of the platform Ditto.
Government commitment to a voluntary Digital ID framework marks an important starting point in securing the UKโs digital economy. Announced in the Kingโs Speech as part of the Digital Access to Services Bill, the policy reflects growing recognition that trusted digital identity could play a major role in modernising public services, reducing fraud and adding certainty to the way customers prove who they are online. Although the policy introduces the service on a voluntary basis, for UK businesses, public bodies and security leaders, this signals that digital identity is moving from years of policy debate into legislated national infrastructure.
Passwords, memorable answers, repeated document uploads and manual checks have created an environment that is frustrating for users and attractive to fraudsters. Every unnecessary identity check creates another point of friction in the customer journey and every duplicated data store creates another potential target. Digital ID presents an opportunity to work certainty into identity verification and authentication.
Trust the differentiator
However, the success of Digital ID will be determined by trust. That starts with the government clearly communicating what Digital ID is, how it works in practice and what it means for people using it. This is not a given: not only did mandatory Digital ID receive severe backlash when first proposed, ย but the announcement of a voluntary one has been criticised by MPs as rushed, with a lack of explanation to the public on how it actually functions.
If the public sees Digital ID as simply another way for governments and organisations to collect, centralise and store personal information, adoption will be slow. The message must be clear that Digital ID is a way to reduce the amount of sensitive data being shared, limit unnecessary exposure and give people more control over how they prove information about themselves.
Choosing your data sharing
In many cases, a business or public service does not need to know everything about a person. It may only need to know that they are over a certain age, eligible for a service, legally entitled to work, or already verified by a trusted party. A well-designed identity framework can support that kind of selective disclosure by reducing the amount of data moving between organisations and limiting the creation of large databases of personal information. With cryptographic certainty, the amount of data shared overall is reduced, and consequently so is the risk to the consumers.
Compliance and reducing risk
This is where security and privacy objectives align for businesses. Reducing the volume of sensitive data in circulation is not only good for consumers, but is also good risk management in terms of compliance. The less personal information an organisation collects and stores, the less it has to protect, govern and remediate in the event of a breach. For security teams already dealing with expanding attack surfaces, complex compliance obligations and rising fraud attempts, data minimisation should be viewed as a core defence strategy.
Orchestrating the lag time
Particularly on a voluntary basis, adoption will not happen overnight, which presents a challenge for businesses. Whilst customers start to adopt new digital systems, many organisations will need to support both old and new identity journeys simultaneously.
Straddling centralised and decentralised data systems creates a fragmented operating environment as well as a security and customer experience challenge. The future of identity will not be purely centralised or purely decentralised. Centralised systems will continue to play a role where authoritative records, auditability and service eligibility are required. Decentralised models will become increasingly important where user control, privacy preservation and portable credentials are needed.
The challenge for businesses will be to straddle both worlds without making the experience harder for customers or the environment more difficult to secure. This is where orchestration becomes essential, and more than a compliance exercise, cryptography will be the key to making this transition smoother by reducing the amount of data actually processed while providing confidence in identity claims
Trust in the transitionย ย
Businesses have an important role to play in that trust-building process. They will often be the point at which customers experience digital identity in practice and the quality of those interactions will shape public perception. That means organisations need to think carefully about how Digital ID is introduced into customer journeys, how choices are explained, how fallback options are provided and how data protection is communicated.
The organisations that succeed will be those that treat identity as a strategic layer rather than a single tool, with trust embedded at the centre of the process. Adopting secure methods early means they can reduce unnecessary data collection and avoid a rushed migration further down the line. The voluntary Digital ID framework is a step forward, but the policy will only translate into real-world value if customers trust the systems they are being asked to use and businesses can implement them without adding complexity.
The benefits are clear: less fraud, faster access to services, stronger privacy and better digital experiences. However, adoption presents its own challenges. The UK will need more than legislation โ it will need trust, interoperability and orchestration at the heart of the identity ecosystem.
