The UK Digital Identity and Attributes Trust Framework: What is it and What Does it Mean for Compliance?

Posted on May 17, 2022
Written by Natalie Davies

digital identity and attributes trust framework

Cases of identity theft are on the increase. According to the UK’s fraud prevention body, Cifas, nearly 500 identities are stolen in the UK every single day. As such, the government wants to develop a secure digital ID service that can be used by both citizens and businesses to combat the rising instances of identity theft, built on the digital identity and attributes trust framework. 

What is a digital identity?

Put simply, a digital identity is a collection of information about an individual or organisation that exists online.

At present, as part of the KYC checking process, individuals are often required to submit scans of physical documents or even send original copies in the post in order to prove their identity. 

Digital identities would, in effect, replace this time-consuming and often laborious process. The digital identity could also be used in offline situations such as purchasing age-restricted items like alcohol or lottery tickets.

The UK government has emphasised that digital IDs will not replace physical identity documents, but can be used if an individual chooses to. 

Importantly, the department stressed that the framework would not include the creation of national ID cards, nor would it be compulsory for citizens of the UK. 

What is the digital identity and attributes trust framework?

Positioned as part of the government’s ‘wider plan to make it quicker and easier for people to verify themselves using modern technology’, the digital identity and attributes trust framework defines the parameters and standards of a digital identity ecosystem.

It outlines the rules that service providers must comply with in order to be certified under this framework to ensure secure and trustworthy digital identity solutions.

The framework sets out areas such as: 

  • how organisations should handle and protect people’s data 
  • what security and encryption standards should be followed 
  • how user accounts should be managed 
  • how to protect against fraud and misuse

As part of this framework, the government also plans to introduce legislation that enables a ‘legal gateway’ between the public and private sector to allow organisations to check information held by public bodies for accurate data checking and verification of identities. 

Additionally, a robust and secure accreditation and certification process will be created. Certified organisations will be issued with a recognisable trustmark that proves they meet the standards of the framework in handling personal data safely and consistently. As a result, consumers will be reassured that the organisations with whom they are operating are meeting the highest security and privacy standards needed to use digital identities.

How has the digital identity and attributes trust framework been developed?

In February 2021, the Department for Digital, Culture, Media and Sport revealed a prototype for a new ‘digital identity and attributes trust framework’.

At the time, Matt Warman, then Minister for Digital Infrastructure, oversaw the publication of the alpha version of the UK digital identity and attributes framework.  

In a written statement, Warman outlined the shortcomings and unwieldiness of the UK’s current, and mostly paper-based, identity systems.

“People in the UK often still have to use a combination of paper documents issued by government, local authorities and the private sector – and a mixture of offline and online routes – when opening a bank account, claiming benefits, starting a new job or applying for a school place.”

Matt Warman MP

Later that year, a public consultation was launched to elicit views on how a digital identity system should operate, including proposals for a governing body which would be responsible for making sure organisations follow government rules on digital identity.

Since the unveiling of the framework and subsequent consultation period, the government has been working alongside private companies to lay the groundwork for the increased acceptance of digital identities across the UK.

In March of this year, a new governing body was announced: the Office for Digital Identities and Attributes (or ODIA). Companies that are tasked with handling personal information associated with digital identities will need to apply for a trustmark issued by the ODIA to demonstrate they have the adequate protections in place. 

What does the digital identity and attributes trust framework mean for compliance teams? 

The proposals to create a digital identity will not only help to ease the burden on individuals seeking to prove their identity online, but will also help compliance teams to onboard customers more effectively while reducing the risk of identity fraud and financial crime. 

Organisations issued with a trustmark, that have proven their compliance with the framework, will be able to complete checks (with consent) against government-held personal data to validate a person’s identity via a legal gateway.

This legal gateway will streamline the repetitive, and often time-consuming task of identity verification for compliance teams across all sectors. The legislation would ensure that the data shared through this gateway will have the same validity as physical ID documents such as a passport.  

With easy access to the data held by public bodies, compliance teams will be able to efficiently verify individuals’ identities much faster than waiting for scans or copies of physical documents. Ultimately, customers can be onboarded quicker, and the time-to-revenue dramatically reduced.