Long awaited approval for essential digital ID regulation
Latest News,Legislation
Digital wallets are set to become essential for significant numbers of people following parliament’s long awaited approval of the Data (Use and Access) bill – better known as DUA.
In a legal milestone, DUA gives statutory recognition to digital identities, enabling trusted digital ID providers to transform the way that business is done in the UK. From buying alcohol or a lottery ticket in person to surfing age-restricted content, DUA will make everyday life look very different. Royal Assent which converts the bill to an Act of parliament will occur tomorrow (19th June).
Digital Wallets
Consumers can download an app from digital ID providers, like Luciditi, allowing them to store their personal identity data in a digital wallet. Protected by bank-grade security, each Luciditi wallet is unique to the consumer.
When someone buys something online or signs up to age-restricted services, their digital wallet doesn’t release any personal data. It simply assures the business that the consumer’s identity and/or age have been verified.
By trusting a third-party government-certified service like Luciditi, consumers know their data remains private. Meanwhile, online businesses know that required identity/age checks have been sufficiently carried out without the need to manage or store people’s private details.
Privacy Technology
Under DUA, registered digital ID providers must operate to a minimum standard. But only a few will offer maximum protection.
While cheaper options are potentially open to misuse by advertisers, governments, or hackers, built-in privacy technology such as Luciditi’s is impossible in practice to exploit. Only this level of privacy gives consumers all-round peace of mind, through features such as:
• Ensuring data can never be sold – not even Luciditi can see the personal data in a digital wallet, and since the data can’t be accessed it therefore can’t be sold.
• Private shopping that can’t be tracked – use of the Luciditi wallet can’t be tracked by anyone. This means that your weekly bottles of wine from the supermarket can’t be noted by anyone trying to profile you, for example regarding health insurance.
• Consensual transactions – your digital wallet only communicates with an online business with your permission. Luciditi requires users to specifically consent to the sharing of anything, irrespective of the type of identity request or the data being shared.
• Selective disclosure – if an online business needs you to prove your age, you don’t need to consent to releasing anything else such as your photo, name, or address.
• Time limited – whenever you share data within the Luciditi eco-system, you can choose to limit the time it’s available to whoever’s asking for it. You can ensure your data is available for a day, a week, a month or a year – or even revoke it immediately. It’s your data and you can rely on the fact that it will disappear when you want it to. Whoever needs the data can always ask for it again if they need to. They can make the checks they need without holding a copy of the data forever, which stops your data proliferating externally.
• Age proofing is entirely anonymous – online age checks can usually be completed through Luciditi’s AI estimation. Anyone aged 25 or under will be able to rely on their digital wallet to verify that they are over 18. No personal data is released, the requesting website is simply assured that the consumer is aged 18 or over.
Increased use of digital identities will be overseen by the Office for Digital Identities and Attributes (OfDIA), part of the Department for Science, Innovation and Technology. OfDIA will operate under the authority of the department’s Secretary of State who will maintain a national register of ID providers, removing those who fail to maintain minimum standards of privacy.
Managing ‘Smart Data’
Since 2021, digital ID providers have been verified only on a voluntary basis. Some, like Luciditi, chose to sign up to the UK’s digital identity trust framework, a set of rules defining a good digital ID service.
By giving the framework statutory recognition, DUA regulates data use and access, giving new reassurance to sectors and businesses that are perhaps trying out third-party ID providers for the first time.
After last minute copyright amendments to the bill were finally ironed out, DUA completed its long and winding road through parliament in June 2025. The new law will introduce four key elements:
1. UK digital identity and attributes trust framework
The trust framework will be expanded and rebranded as the Digital Verification Service.
2. Register of digital identity services
A publicly available register of digital ID providers will list organisations that have been independently assessed and certified against the trust framework.
3. Trust mark
Registered providers will be able to display a designated ‘trust mark’, demonstrating credibility.
4. Information sharing
A new information gateway will allow public authority data to be shared with registered services, enabling speedier identity and eligibility checks.
At the heart of DUA, is the concept of ‘smart data’, where standard identity data is managed in a smart way, allowing faster links and closer ties between consumers, businesses, and public authorities. The government has said it wants to “harness the power of data for economic growth, to support a modern digital government, and to improve people’s lives.”
Hundreds of thousands of people are already using digital identity products for things like opening bank accounts, securing jobs or renting a flat. But the four steps outlined above will encourage the wider use of data, allowing public services to support faster identity checks and develop closer ties with business.
GOV.UK Wallet
The government has announced plans to introduce its own digital wallet – the GOV.UK Wallet. The Wallet will hold the Armed Forces Veteran Card from summer 2025, followed by the full driving licence later in 2025.
While only government issued-documents can be saved in the GOV.UK Wallet, the government has published new guidance explaining that registered organisations will be able to access and use the information. This extends the ways that a service like Luciditi will be able to help consumers securely confirm their identity.
Registered ID providers will be able to use GOV.UK Wallet in two ways:
• they will be able to use the information in GOV.UK Wallet to offer a range of identity and attribute services, for example helping someone prove something about themselves digitally. If they are also certified as a holder service, they will be able to use information from GOV.UK Wallet to create a new reusable digital identity document (a ‘derived credential’).
• businesses like Luciditi that are certified as ‘orchestration service providers’ will be able to provide information from GOV.UK Wallet to other businesses who need to prove information about an individual (for example, they could connect GOV.UK Wallet with an online shop so it can share a user’s age).
Identity fraud costs the UK an estimated £1.8 billion every year. By introducing measures that protect both businesses and consumers, DUA injects much needed reassurance into the rapidly expanding digital economy. With UK GDPR and the Data Protection Act 2018 due to remain in place, DUA adds to the legislative framework, allowing businesses to stay compliant and enabling consumers to retain control of their essential though vulnerable data.
Want to know more?
Luciditi technology can help organisations implement Digital Identity and Age Proofing Technology for online and in person use cases. If you would like to know how, Contact us for a chat today.
